Red Hat Product Errata RHSA-2026:19186 - Security Advisory
Issued:
2026-05-19
Updated:
2026-05-19

RHSA-2026:19186 - Security Advisory

Synopsis

Important: buildah security update

Type/Severity

Security Advisory: Important

Red Hat Lightspeed patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for buildah is now available for Red Hat Enterprise Linux 9.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The buildah package provides a tool for facilitating building OCI container images. Among other things, buildah enables you to: Create a working container, either from scratch or using an image as a starting point; Create an image, either from a working container or using the instructions in a Dockerfile; Build both Docker and OCI images.

Security Fix(es):

  • github.com/go-jose/go-jose/v3: github.com/go-jose/go-jose/v4: Go JOSE: Denial of Service via crafted JSON Web Encryption (JWE) object (CVE-2026-34986)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat Enterprise Linux for x86_64 9 x86_64
  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.8 x86_64
  • Red Hat Enterprise Linux for IBM z Systems 9 s390x
  • Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.8 s390x
  • Red Hat Enterprise Linux for Power, little endian 9 ppc64le
  • Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.8 ppc64le
  • Red Hat Enterprise Linux for ARM 64 9 aarch64
  • Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.8 aarch64
  • Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.8 ppc64le
  • Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.8 x86_64
  • Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.8 aarch64
  • Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.8 s390x
  • Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 9.8 x86_64
  • Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 9.8 aarch64
  • Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 9.8 ppc64le
  • Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 9.8 s390x

Fixes

  • BZ - 2455470 - CVE-2026-34986 github.com/go-jose/go-jose/v3: github.com/go-jose/go-jose/v4: Go JOSE: Denial of Service via crafted JSON Web Encryption (JWE) object
  • RHEL-95964 - Buildah concurrent bearer token requests [RHEL 9.8] [0day]

Red Hat Enterprise Linux for x86_64 9

SRPM
buildah-1.43.1-1.el9_8.src.rpm SHA-256: 94246651fde4833711005128cfcc421df6e58a2225d59aea03f91f5623f208c4
x86_64
buildah-1.43.1-1.el9_8.x86_64.rpm SHA-256: d2c03940ff56a689374f101055d532919599197f28a580c29fe5dd91fdce368b
buildah-debuginfo-1.43.1-1.el9_8.x86_64.rpm SHA-256: 6b1f1733972cd22eecb9789cdea58cb50f902124de0b95016320a8c1ed305700
buildah-debugsource-1.43.1-1.el9_8.x86_64.rpm SHA-256: 60fc3e95df0285be6534c479ddb782367b11f365df2f8e2a8ba3c2ab29b3cd3f
buildah-tests-1.43.1-1.el9_8.x86_64.rpm SHA-256: 7e5acd2fd64f972d032cf362314d8eed0ce8ba61ffe19b8c158e02a6ed53e198
buildah-tests-debuginfo-1.43.1-1.el9_8.x86_64.rpm SHA-256: b0e108523431867d636e51de3068c2454e07afc356e517157d311b7804007cd7

Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.8

SRPM
buildah-1.43.1-1.el9_8.src.rpm SHA-256: 94246651fde4833711005128cfcc421df6e58a2225d59aea03f91f5623f208c4
x86_64
buildah-1.43.1-1.el9_8.x86_64.rpm SHA-256: d2c03940ff56a689374f101055d532919599197f28a580c29fe5dd91fdce368b
buildah-debuginfo-1.43.1-1.el9_8.x86_64.rpm SHA-256: 6b1f1733972cd22eecb9789cdea58cb50f902124de0b95016320a8c1ed305700
buildah-debugsource-1.43.1-1.el9_8.x86_64.rpm SHA-256: 60fc3e95df0285be6534c479ddb782367b11f365df2f8e2a8ba3c2ab29b3cd3f
buildah-tests-1.43.1-1.el9_8.x86_64.rpm SHA-256: 7e5acd2fd64f972d032cf362314d8eed0ce8ba61ffe19b8c158e02a6ed53e198
buildah-tests-debuginfo-1.43.1-1.el9_8.x86_64.rpm SHA-256: b0e108523431867d636e51de3068c2454e07afc356e517157d311b7804007cd7

Red Hat Enterprise Linux for IBM z Systems 9

SRPM
buildah-1.43.1-1.el9_8.src.rpm SHA-256: 94246651fde4833711005128cfcc421df6e58a2225d59aea03f91f5623f208c4
s390x
buildah-1.43.1-1.el9_8.s390x.rpm SHA-256: c5d246d30dfa21ee2874a15f02d5c01a6b9e1badd4e25fd80493c5737b4e747b
buildah-debuginfo-1.43.1-1.el9_8.s390x.rpm SHA-256: 56e42e4980897738cfd9f5a9d809a55c646314c12608643a927a70f27a4b9ffb
buildah-debugsource-1.43.1-1.el9_8.s390x.rpm SHA-256: e80ce8b9b5fe1a2ed8b2076c78233cd8bdefa1e0b48d3c17ce6dc750b9394bc7
buildah-tests-1.43.1-1.el9_8.s390x.rpm SHA-256: 6b72684b06e94f57cc3e6f5e23c06f5c2021aa09babb14aa45f19102a6ca4ac2
buildah-tests-debuginfo-1.43.1-1.el9_8.s390x.rpm SHA-256: 9cd7f9e319e538b40cc11600a0e7ea7f78f35d93268e865fdb6eb261052cd056

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.8

SRPM
buildah-1.43.1-1.el9_8.src.rpm SHA-256: 94246651fde4833711005128cfcc421df6e58a2225d59aea03f91f5623f208c4
s390x
buildah-1.43.1-1.el9_8.s390x.rpm SHA-256: c5d246d30dfa21ee2874a15f02d5c01a6b9e1badd4e25fd80493c5737b4e747b
buildah-debuginfo-1.43.1-1.el9_8.s390x.rpm SHA-256: 56e42e4980897738cfd9f5a9d809a55c646314c12608643a927a70f27a4b9ffb
buildah-debugsource-1.43.1-1.el9_8.s390x.rpm SHA-256: e80ce8b9b5fe1a2ed8b2076c78233cd8bdefa1e0b48d3c17ce6dc750b9394bc7
buildah-tests-1.43.1-1.el9_8.s390x.rpm SHA-256: 6b72684b06e94f57cc3e6f5e23c06f5c2021aa09babb14aa45f19102a6ca4ac2
buildah-tests-debuginfo-1.43.1-1.el9_8.s390x.rpm SHA-256: 9cd7f9e319e538b40cc11600a0e7ea7f78f35d93268e865fdb6eb261052cd056

Red Hat Enterprise Linux for Power, little endian 9

SRPM
buildah-1.43.1-1.el9_8.src.rpm SHA-256: 94246651fde4833711005128cfcc421df6e58a2225d59aea03f91f5623f208c4
ppc64le
buildah-1.43.1-1.el9_8.ppc64le.rpm SHA-256: c8c8486f5e180c9c11dd853a6be1ab191d3a5bdf9406654b2dadf3f9b7bf9316
buildah-debuginfo-1.43.1-1.el9_8.ppc64le.rpm SHA-256: 8d0eff9c0bdc71239a4caa0f112d65e69534f48f3680cab6f5a7c7159d1600e7
buildah-debugsource-1.43.1-1.el9_8.ppc64le.rpm SHA-256: e00cc502bdf8e5ebe950ba540d55a1a37a3e515c785041b7fe9e0e6feb2f72a7
buildah-tests-1.43.1-1.el9_8.ppc64le.rpm SHA-256: cf3f6a93214fcba42c6105506d50cc9dc9a778e12da7a727e6e98deba3b70d8d
buildah-tests-debuginfo-1.43.1-1.el9_8.ppc64le.rpm SHA-256: 0615704470f0da00a51ba18eb21f603dcf77413eed78fbe9636990eccbd23270

Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.8

SRPM
buildah-1.43.1-1.el9_8.src.rpm SHA-256: 94246651fde4833711005128cfcc421df6e58a2225d59aea03f91f5623f208c4
ppc64le
buildah-1.43.1-1.el9_8.ppc64le.rpm SHA-256: c8c8486f5e180c9c11dd853a6be1ab191d3a5bdf9406654b2dadf3f9b7bf9316
buildah-debuginfo-1.43.1-1.el9_8.ppc64le.rpm SHA-256: 8d0eff9c0bdc71239a4caa0f112d65e69534f48f3680cab6f5a7c7159d1600e7
buildah-debugsource-1.43.1-1.el9_8.ppc64le.rpm SHA-256: e00cc502bdf8e5ebe950ba540d55a1a37a3e515c785041b7fe9e0e6feb2f72a7
buildah-tests-1.43.1-1.el9_8.ppc64le.rpm SHA-256: cf3f6a93214fcba42c6105506d50cc9dc9a778e12da7a727e6e98deba3b70d8d
buildah-tests-debuginfo-1.43.1-1.el9_8.ppc64le.rpm SHA-256: 0615704470f0da00a51ba18eb21f603dcf77413eed78fbe9636990eccbd23270

Red Hat Enterprise Linux for ARM 64 9

SRPM
buildah-1.43.1-1.el9_8.src.rpm SHA-256: 94246651fde4833711005128cfcc421df6e58a2225d59aea03f91f5623f208c4
aarch64
buildah-1.43.1-1.el9_8.aarch64.rpm SHA-256: b31b7db1f99cbaf1678debd03f1f8ebfde7496f10941858826027cab8b35ac49
buildah-debuginfo-1.43.1-1.el9_8.aarch64.rpm SHA-256: ed5aab0f269eeaa004e1580a639aafdcf6dc62eb3eefd08cad35ebd2180badd8
buildah-debugsource-1.43.1-1.el9_8.aarch64.rpm SHA-256: cb4543c4024d92b32450986a60fcac5247ebee8e3b4030424fece2f4247fe4bd
buildah-tests-1.43.1-1.el9_8.aarch64.rpm SHA-256: 18a0a1cc48b9c0da4c8b34d950537372be5b03c8854147dffdda5dd538fc0888
buildah-tests-debuginfo-1.43.1-1.el9_8.aarch64.rpm SHA-256: cb770ce23e620ca77c3df8d6b1f771e6c563d91c0fadc51d29f37062c92803ba

Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.8

SRPM
buildah-1.43.1-1.el9_8.src.rpm SHA-256: 94246651fde4833711005128cfcc421df6e58a2225d59aea03f91f5623f208c4
aarch64
buildah-1.43.1-1.el9_8.aarch64.rpm SHA-256: b31b7db1f99cbaf1678debd03f1f8ebfde7496f10941858826027cab8b35ac49
buildah-debuginfo-1.43.1-1.el9_8.aarch64.rpm SHA-256: ed5aab0f269eeaa004e1580a639aafdcf6dc62eb3eefd08cad35ebd2180badd8
buildah-debugsource-1.43.1-1.el9_8.aarch64.rpm SHA-256: cb4543c4024d92b32450986a60fcac5247ebee8e3b4030424fece2f4247fe4bd
buildah-tests-1.43.1-1.el9_8.aarch64.rpm SHA-256: 18a0a1cc48b9c0da4c8b34d950537372be5b03c8854147dffdda5dd538fc0888
buildah-tests-debuginfo-1.43.1-1.el9_8.aarch64.rpm SHA-256: cb770ce23e620ca77c3df8d6b1f771e6c563d91c0fadc51d29f37062c92803ba

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.8

SRPM
buildah-1.43.1-1.el9_8.src.rpm SHA-256: 94246651fde4833711005128cfcc421df6e58a2225d59aea03f91f5623f208c4
ppc64le
buildah-1.43.1-1.el9_8.ppc64le.rpm SHA-256: c8c8486f5e180c9c11dd853a6be1ab191d3a5bdf9406654b2dadf3f9b7bf9316
buildah-debuginfo-1.43.1-1.el9_8.ppc64le.rpm SHA-256: 8d0eff9c0bdc71239a4caa0f112d65e69534f48f3680cab6f5a7c7159d1600e7
buildah-debugsource-1.43.1-1.el9_8.ppc64le.rpm SHA-256: e00cc502bdf8e5ebe950ba540d55a1a37a3e515c785041b7fe9e0e6feb2f72a7
buildah-tests-1.43.1-1.el9_8.ppc64le.rpm SHA-256: cf3f6a93214fcba42c6105506d50cc9dc9a778e12da7a727e6e98deba3b70d8d
buildah-tests-debuginfo-1.43.1-1.el9_8.ppc64le.rpm SHA-256: 0615704470f0da00a51ba18eb21f603dcf77413eed78fbe9636990eccbd23270

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.8

SRPM
buildah-1.43.1-1.el9_8.src.rpm SHA-256: 94246651fde4833711005128cfcc421df6e58a2225d59aea03f91f5623f208c4
x86_64
buildah-1.43.1-1.el9_8.x86_64.rpm SHA-256: d2c03940ff56a689374f101055d532919599197f28a580c29fe5dd91fdce368b
buildah-debuginfo-1.43.1-1.el9_8.x86_64.rpm SHA-256: 6b1f1733972cd22eecb9789cdea58cb50f902124de0b95016320a8c1ed305700
buildah-debugsource-1.43.1-1.el9_8.x86_64.rpm SHA-256: 60fc3e95df0285be6534c479ddb782367b11f365df2f8e2a8ba3c2ab29b3cd3f
buildah-tests-1.43.1-1.el9_8.x86_64.rpm SHA-256: 7e5acd2fd64f972d032cf362314d8eed0ce8ba61ffe19b8c158e02a6ed53e198
buildah-tests-debuginfo-1.43.1-1.el9_8.x86_64.rpm SHA-256: b0e108523431867d636e51de3068c2454e07afc356e517157d311b7804007cd7

Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.8

SRPM
buildah-1.43.1-1.el9_8.src.rpm SHA-256: 94246651fde4833711005128cfcc421df6e58a2225d59aea03f91f5623f208c4
aarch64
buildah-1.43.1-1.el9_8.aarch64.rpm SHA-256: b31b7db1f99cbaf1678debd03f1f8ebfde7496f10941858826027cab8b35ac49
buildah-debuginfo-1.43.1-1.el9_8.aarch64.rpm SHA-256: ed5aab0f269eeaa004e1580a639aafdcf6dc62eb3eefd08cad35ebd2180badd8
buildah-debugsource-1.43.1-1.el9_8.aarch64.rpm SHA-256: cb4543c4024d92b32450986a60fcac5247ebee8e3b4030424fece2f4247fe4bd
buildah-tests-1.43.1-1.el9_8.aarch64.rpm SHA-256: 18a0a1cc48b9c0da4c8b34d950537372be5b03c8854147dffdda5dd538fc0888
buildah-tests-debuginfo-1.43.1-1.el9_8.aarch64.rpm SHA-256: cb770ce23e620ca77c3df8d6b1f771e6c563d91c0fadc51d29f37062c92803ba

Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.8

SRPM
buildah-1.43.1-1.el9_8.src.rpm SHA-256: 94246651fde4833711005128cfcc421df6e58a2225d59aea03f91f5623f208c4
s390x
buildah-1.43.1-1.el9_8.s390x.rpm SHA-256: c5d246d30dfa21ee2874a15f02d5c01a6b9e1badd4e25fd80493c5737b4e747b
buildah-debuginfo-1.43.1-1.el9_8.s390x.rpm SHA-256: 56e42e4980897738cfd9f5a9d809a55c646314c12608643a927a70f27a4b9ffb
buildah-debugsource-1.43.1-1.el9_8.s390x.rpm SHA-256: e80ce8b9b5fe1a2ed8b2076c78233cd8bdefa1e0b48d3c17ce6dc750b9394bc7
buildah-tests-1.43.1-1.el9_8.s390x.rpm SHA-256: 6b72684b06e94f57cc3e6f5e23c06f5c2021aa09babb14aa45f19102a6ca4ac2
buildah-tests-debuginfo-1.43.1-1.el9_8.s390x.rpm SHA-256: 9cd7f9e319e538b40cc11600a0e7ea7f78f35d93268e865fdb6eb261052cd056

Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 9.8

SRPM
buildah-1.43.1-1.el9_8.src.rpm SHA-256: 94246651fde4833711005128cfcc421df6e58a2225d59aea03f91f5623f208c4
x86_64
buildah-1.43.1-1.el9_8.x86_64.rpm SHA-256: d2c03940ff56a689374f101055d532919599197f28a580c29fe5dd91fdce368b
buildah-debuginfo-1.43.1-1.el9_8.x86_64.rpm SHA-256: 6b1f1733972cd22eecb9789cdea58cb50f902124de0b95016320a8c1ed305700
buildah-debugsource-1.43.1-1.el9_8.x86_64.rpm SHA-256: 60fc3e95df0285be6534c479ddb782367b11f365df2f8e2a8ba3c2ab29b3cd3f
buildah-tests-1.43.1-1.el9_8.x86_64.rpm SHA-256: 7e5acd2fd64f972d032cf362314d8eed0ce8ba61ffe19b8c158e02a6ed53e198
buildah-tests-debuginfo-1.43.1-1.el9_8.x86_64.rpm SHA-256: b0e108523431867d636e51de3068c2454e07afc356e517157d311b7804007cd7

Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 9.8

SRPM
buildah-1.43.1-1.el9_8.src.rpm SHA-256: 94246651fde4833711005128cfcc421df6e58a2225d59aea03f91f5623f208c4
aarch64
buildah-1.43.1-1.el9_8.aarch64.rpm SHA-256: b31b7db1f99cbaf1678debd03f1f8ebfde7496f10941858826027cab8b35ac49
buildah-debuginfo-1.43.1-1.el9_8.aarch64.rpm SHA-256: ed5aab0f269eeaa004e1580a639aafdcf6dc62eb3eefd08cad35ebd2180badd8
buildah-debugsource-1.43.1-1.el9_8.aarch64.rpm SHA-256: cb4543c4024d92b32450986a60fcac5247ebee8e3b4030424fece2f4247fe4bd
buildah-tests-1.43.1-1.el9_8.aarch64.rpm SHA-256: 18a0a1cc48b9c0da4c8b34d950537372be5b03c8854147dffdda5dd538fc0888
buildah-tests-debuginfo-1.43.1-1.el9_8.aarch64.rpm SHA-256: cb770ce23e620ca77c3df8d6b1f771e6c563d91c0fadc51d29f37062c92803ba

Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 9.8

SRPM
buildah-1.43.1-1.el9_8.src.rpm SHA-256: 94246651fde4833711005128cfcc421df6e58a2225d59aea03f91f5623f208c4
ppc64le
buildah-1.43.1-1.el9_8.ppc64le.rpm SHA-256: c8c8486f5e180c9c11dd853a6be1ab191d3a5bdf9406654b2dadf3f9b7bf9316
buildah-debuginfo-1.43.1-1.el9_8.ppc64le.rpm SHA-256: 8d0eff9c0bdc71239a4caa0f112d65e69534f48f3680cab6f5a7c7159d1600e7
buildah-debugsource-1.43.1-1.el9_8.ppc64le.rpm SHA-256: e00cc502bdf8e5ebe950ba540d55a1a37a3e515c785041b7fe9e0e6feb2f72a7
buildah-tests-1.43.1-1.el9_8.ppc64le.rpm SHA-256: cf3f6a93214fcba42c6105506d50cc9dc9a778e12da7a727e6e98deba3b70d8d
buildah-tests-debuginfo-1.43.1-1.el9_8.ppc64le.rpm SHA-256: 0615704470f0da00a51ba18eb21f603dcf77413eed78fbe9636990eccbd23270

Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 9.8

SRPM
buildah-1.43.1-1.el9_8.src.rpm SHA-256: 94246651fde4833711005128cfcc421df6e58a2225d59aea03f91f5623f208c4
s390x
buildah-1.43.1-1.el9_8.s390x.rpm SHA-256: c5d246d30dfa21ee2874a15f02d5c01a6b9e1badd4e25fd80493c5737b4e747b
buildah-debuginfo-1.43.1-1.el9_8.s390x.rpm SHA-256: 56e42e4980897738cfd9f5a9d809a55c646314c12608643a927a70f27a4b9ffb
buildah-debugsource-1.43.1-1.el9_8.s390x.rpm SHA-256: e80ce8b9b5fe1a2ed8b2076c78233cd8bdefa1e0b48d3c17ce6dc750b9394bc7
buildah-tests-1.43.1-1.el9_8.s390x.rpm SHA-256: 6b72684b06e94f57cc3e6f5e23c06f5c2021aa09babb14aa45f19102a6ca4ac2
buildah-tests-debuginfo-1.43.1-1.el9_8.s390x.rpm SHA-256: 9cd7f9e319e538b40cc11600a0e7ea7f78f35d93268e865fdb6eb261052cd056

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.