Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Red Hat Console
  • Get Support
Red Hat Customer Portal
  • Subscriptions
  • Downloads
  • Red Hat Console
  • Get Support
  • Products

    Top Products

    • Red Hat Enterprise Linux
    • Red Hat OpenShift
    • Red Hat Ansible Automation Platform
    All Products

    Downloads and Containers

    • Downloads
    • Packages
    • Containers

    Top Resources

    • Documentation
    • Product Life Cycles
    • Product Compliance
    • Errata
  • Knowledge

    Red Hat Knowledge Center

    • Knowledgebase Solutions
    • Knowledgebase Articles
    • Customer Portal Labs
    • Errata

    Top Product Docs

    • Red Hat Enterprise Linux
    • Red Hat OpenShift
    • Red Hat Ansible Automation Platform
    All Product Docs

    Training and Certification

    • About
    • Course Index
    • Certification Index
    • Skill Assessment
  • Security

    Red Hat Product Security Center

    • Security Updates
    • Security Advisories
    • Red Hat CVE Database
    • Errata

    References

    • Security Bulletins
    • Severity Ratings
    • Security Data

    Top Resources

    • Security Labs
    • Backporting Policies
    • Security Blog
  • Support

    Red Hat Support

    • Support Cases
    • Troubleshoot
    • Get Support
    • Contact Red Hat Support

    Red Hat Community Support

    • Customer Portal Community
    • Community Discussions
    • Red Hat Accelerator Program

    Top Resources

    • Product Life Cycles
    • Customer Portal Labs
    • Red Hat JBoss Supported Configurations
    • Red Hat Lightspeed
Or troubleshoot an issue.

Select Your Language

  • English
  • Français
  • 한국어
  • 日本語
  • 中文 (中国)

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Lightspeed
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat OpenStack Platform
  • Red Hat OpenShift
  • Red Hat OpenShift AI
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • Red Hat OpenShift Dev Spaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat build of Keycloak
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Quarkus

Integration and Automation

  • Red Hat Application Foundations
  • Red Hat Fuse
  • Red Hat AMQ
  • Red Hat 3scale API Management
All Products
Red Hat Product Errata RHSA-2026:25180 - Security Advisory
Issued:
2026-06-17
Updated:
2026-06-17

RHSA-2026:25180 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Important: OpenShift Container Platform 4.18.44 packages and security update

Type/Severity

Security Advisory: Important

Red Hat Lightspeed patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

Red Hat OpenShift Container Platform release 4.18.44 is now available with updates to packages and images that fix several bugs and add enhancements.

This release includes a security update for Red Hat OpenShift Container Platform 4.18.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.

This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.18.44. See the following advisory for the container images for this release:

https://access.redhat.com/errata/RHSA-2026:25182

Security Fix(es):

  • net/url: Incorrect parsing of IPv6 host literals in net/url (CVE-2026-25679)
  • crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building (CVE-2026-32280)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

All OpenShift Container Platform 4.18 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.redhat.com/en/documentation/openshift_container_platform/4.18/html-single/updating_clusters/index#updating-cluster-cli.

Solution

For OpenShift Container Platform 4.18 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:

https://docs.redhat.com/en/documentation/openshift_container_platform/4.18/html/release_notes/

Affected Products

  • Red Hat OpenShift Container Platform 4.18 for RHEL 9 x86_64
  • Red Hat OpenShift Container Platform 4.18 for RHEL 8 x86_64
  • Red Hat OpenShift Container Platform for Power 4.18 for RHEL 9 ppc64le
  • Red Hat OpenShift Container Platform for Power 4.18 for RHEL 8 ppc64le
  • Red Hat OpenShift Container Platform for IBM Z and LinuxONE 4.18 for RHEL 9 s390x
  • Red Hat OpenShift Container Platform for IBM Z and LinuxONE 4.18 for RHEL 8 s390x
  • Red Hat OpenShift Container Platform for ARM 64 4.18 for RHEL 9 aarch64
  • Red Hat OpenShift Container Platform for ARM 64 4.18 for RHEL 8 aarch64

Fixes

  • BZ - 2445356 - CVE-2026-25679 net/url: Incorrect parsing of IPv6 host literals in net/url
  • BZ - 2456339 - CVE-2026-32280 crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building

CVEs

  • CVE-2026-25679
  • CVE-2026-32280

References

  • https://access.redhat.com/security/updates/classification/#important
Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat OpenShift Container Platform 4.18 for RHEL 9

SRPM
kata-containers-3.25.0-6.rhaos4.18.el9.src.rpm SHA-256: e4f0d3a448a3cd54e31a9b4bf76df8e6909fe237e5ac151867fccf50f50b4f00
ose-aws-ecr-image-credential-provider-4.18.0-202606021914.p2.gc395190.assembly.stream.el9.src.rpm SHA-256: e49f37175c7441b9dd516fc25c8da6c0ffa782f628e7771f88057fbd00c99f33
ose-azure-acr-image-credential-provider-4.18.0-202606021914.p2.g9c24d76.assembly.stream.el9.src.rpm SHA-256: 12b418eb3c7b10844da90cb502d355771e98d6ca8b14e383fe5b99aeca1ac98f
ose-gcp-gcr-image-credential-provider-4.18.0-202606021914.p2.g6ea2356.assembly.stream.el9.src.rpm SHA-256: 5201ed27d0e3945b53ed9ef5bd64a5bf51e27c565257c58fd6740dd7b758223f
x86_64
kata-containers-3.25.0-6.rhaos4.18.el9.x86_64.rpm SHA-256: c1a6f7053a4381e7f56db53d5d66f49f251d5c780526c27c77c0940fc43c4e01
ose-aws-ecr-image-credential-provider-4.18.0-202606021914.p2.gc395190.assembly.stream.el9.x86_64.rpm SHA-256: ea5acb04c393a4237d9cc5d1181d0037670701a50eaa51b4053981921e5dc8bc
ose-azure-acr-image-credential-provider-4.18.0-202606021914.p2.g9c24d76.assembly.stream.el9.x86_64.rpm SHA-256: 9f01296c529e4704d7b7b28bb5de372cbc66c6b51436047d1c6bb61b6bf3b098
ose-gcp-gcr-image-credential-provider-4.18.0-202606021914.p2.g6ea2356.assembly.stream.el9.x86_64.rpm SHA-256: a25302bb928e4fb4ca198a75650be1284647ead68e7f06f1f7135bff8a88f68e

Red Hat OpenShift Container Platform 4.18 for RHEL 8

SRPM
ose-aws-ecr-image-credential-provider-4.18.0-202606021914.p2.gc395190.assembly.stream.el8.src.rpm SHA-256: 6c3cbf605a06e75f2da929b5ca9f4994b72c6a1e4c76362478ff2d1e6a2beaeb
ose-azure-acr-image-credential-provider-4.18.0-202606021914.p2.g9c24d76.assembly.stream.el8.src.rpm SHA-256: 8cdbe92b40a68f79811b01935289874cbd609a861dcd4823b79136357722f2c9
ose-gcp-gcr-image-credential-provider-4.18.0-202606021914.p2.g6ea2356.assembly.stream.el8.src.rpm SHA-256: e376e5e5a7d7c3b947b1c94a686647137d9f2babf54d8de5cfc58748880f100f
x86_64
ose-aws-ecr-image-credential-provider-4.18.0-202606021914.p2.gc395190.assembly.stream.el8.x86_64.rpm SHA-256: c0b7affa721cac29067c50270f274a5e83666426eeee69ff5dea154ce0901e4b
ose-azure-acr-image-credential-provider-4.18.0-202606021914.p2.g9c24d76.assembly.stream.el8.x86_64.rpm SHA-256: 008abe12c78f947973df1a297bd623bfc514ca2fe32d94057cba6d44faae146d
ose-gcp-gcr-image-credential-provider-4.18.0-202606021914.p2.g6ea2356.assembly.stream.el8.x86_64.rpm SHA-256: 5e9ade18df3cb047184f929903b95f606d81ee54836d34830ff4b0bd302722d9

Red Hat OpenShift Container Platform for Power 4.18 for RHEL 9

SRPM
kata-containers-3.25.0-6.rhaos4.18.el9.src.rpm SHA-256: e4f0d3a448a3cd54e31a9b4bf76df8e6909fe237e5ac151867fccf50f50b4f00
ose-aws-ecr-image-credential-provider-4.18.0-202606021914.p2.gc395190.assembly.stream.el9.src.rpm SHA-256: e49f37175c7441b9dd516fc25c8da6c0ffa782f628e7771f88057fbd00c99f33
ose-azure-acr-image-credential-provider-4.18.0-202606021914.p2.g9c24d76.assembly.stream.el9.src.rpm SHA-256: 12b418eb3c7b10844da90cb502d355771e98d6ca8b14e383fe5b99aeca1ac98f
ose-gcp-gcr-image-credential-provider-4.18.0-202606021914.p2.g6ea2356.assembly.stream.el9.src.rpm SHA-256: 5201ed27d0e3945b53ed9ef5bd64a5bf51e27c565257c58fd6740dd7b758223f
ppc64le
kata-containers-3.25.0-6.rhaos4.18.el9.ppc64le.rpm SHA-256: fb3e696f1715a6bead865f2061c892953ddb542666a6a36ca062d53ccc4b49c5
ose-aws-ecr-image-credential-provider-4.18.0-202606021914.p2.gc395190.assembly.stream.el9.ppc64le.rpm SHA-256: d2cecb8dd2c4bdc500ca5142b01130d2b05d0c7d369844a683f045276034e8d0
ose-azure-acr-image-credential-provider-4.18.0-202606021914.p2.g9c24d76.assembly.stream.el9.ppc64le.rpm SHA-256: 215379dc6dfa5e011cb0677e95bcbe040cb85b2d5a968a4687837649ad906903
ose-gcp-gcr-image-credential-provider-4.18.0-202606021914.p2.g6ea2356.assembly.stream.el9.ppc64le.rpm SHA-256: 2be6706b7011738752fe1f0ae348e035dfb132599a6ec0daa3dc0a9f26bec8d7

Red Hat OpenShift Container Platform for Power 4.18 for RHEL 8

SRPM
ose-aws-ecr-image-credential-provider-4.18.0-202606021914.p2.gc395190.assembly.stream.el8.src.rpm SHA-256: 6c3cbf605a06e75f2da929b5ca9f4994b72c6a1e4c76362478ff2d1e6a2beaeb
ose-azure-acr-image-credential-provider-4.18.0-202606021914.p2.g9c24d76.assembly.stream.el8.src.rpm SHA-256: 8cdbe92b40a68f79811b01935289874cbd609a861dcd4823b79136357722f2c9
ose-gcp-gcr-image-credential-provider-4.18.0-202606021914.p2.g6ea2356.assembly.stream.el8.src.rpm SHA-256: e376e5e5a7d7c3b947b1c94a686647137d9f2babf54d8de5cfc58748880f100f
ppc64le
ose-aws-ecr-image-credential-provider-4.18.0-202606021914.p2.gc395190.assembly.stream.el8.ppc64le.rpm SHA-256: 0790b04fc592bce8c526f8021498c0c05199543c44dfed08fce71e3ed96685a6
ose-azure-acr-image-credential-provider-4.18.0-202606021914.p2.g9c24d76.assembly.stream.el8.ppc64le.rpm SHA-256: 1dcf1adb86f04f1c5973c4e45b6996e463aa7dab7a6e6a1270944035790cc574
ose-gcp-gcr-image-credential-provider-4.18.0-202606021914.p2.g6ea2356.assembly.stream.el8.ppc64le.rpm SHA-256: ab80cfd9c2e0343860124d3e021c9e7d9593b48d77f1ebbab1c76be5ac7cd8d4

Red Hat OpenShift Container Platform for IBM Z and LinuxONE 4.18 for RHEL 9

SRPM
kata-containers-3.25.0-6.rhaos4.18.el9.src.rpm SHA-256: e4f0d3a448a3cd54e31a9b4bf76df8e6909fe237e5ac151867fccf50f50b4f00
ose-aws-ecr-image-credential-provider-4.18.0-202606021914.p2.gc395190.assembly.stream.el9.src.rpm SHA-256: e49f37175c7441b9dd516fc25c8da6c0ffa782f628e7771f88057fbd00c99f33
ose-azure-acr-image-credential-provider-4.18.0-202606021914.p2.g9c24d76.assembly.stream.el9.src.rpm SHA-256: 12b418eb3c7b10844da90cb502d355771e98d6ca8b14e383fe5b99aeca1ac98f
ose-gcp-gcr-image-credential-provider-4.18.0-202606021914.p2.g6ea2356.assembly.stream.el9.src.rpm SHA-256: 5201ed27d0e3945b53ed9ef5bd64a5bf51e27c565257c58fd6740dd7b758223f
s390x
kata-containers-3.25.0-6.rhaos4.18.el9.s390x.rpm SHA-256: 26962810e9d44ee46072f54cadda490d29b2106a8966a363d885950605fe142b
ose-aws-ecr-image-credential-provider-4.18.0-202606021914.p2.gc395190.assembly.stream.el9.s390x.rpm SHA-256: ce76ce5d834e15285c72fd1c355d7d3e7e4ea268afd2f3078fc796badc713c61
ose-azure-acr-image-credential-provider-4.18.0-202606021914.p2.g9c24d76.assembly.stream.el9.s390x.rpm SHA-256: 7b85cbff381e42589b4a2bebc7e0416c806fe3a8498204eebd4c1396a30bb44f
ose-gcp-gcr-image-credential-provider-4.18.0-202606021914.p2.g6ea2356.assembly.stream.el9.s390x.rpm SHA-256: fc32bc7ba64b1c38201144dd43df5dc6dc92d1d275fb428c76cc85fcae7c77d2

Red Hat OpenShift Container Platform for IBM Z and LinuxONE 4.18 for RHEL 8

SRPM
ose-aws-ecr-image-credential-provider-4.18.0-202606021914.p2.gc395190.assembly.stream.el8.src.rpm SHA-256: 6c3cbf605a06e75f2da929b5ca9f4994b72c6a1e4c76362478ff2d1e6a2beaeb
ose-azure-acr-image-credential-provider-4.18.0-202606021914.p2.g9c24d76.assembly.stream.el8.src.rpm SHA-256: 8cdbe92b40a68f79811b01935289874cbd609a861dcd4823b79136357722f2c9
ose-gcp-gcr-image-credential-provider-4.18.0-202606021914.p2.g6ea2356.assembly.stream.el8.src.rpm SHA-256: e376e5e5a7d7c3b947b1c94a686647137d9f2babf54d8de5cfc58748880f100f
s390x
ose-aws-ecr-image-credential-provider-4.18.0-202606021914.p2.gc395190.assembly.stream.el8.s390x.rpm SHA-256: b89c3e91c8a994f71f61cb9c69c81ab532bfe2d0fb06b61cef4cc102e46473bc
ose-azure-acr-image-credential-provider-4.18.0-202606021914.p2.g9c24d76.assembly.stream.el8.s390x.rpm SHA-256: dcdc718a7bb32a4325cb6cdbc13869a2a320b8969484e2719f14f4b39b33e915
ose-gcp-gcr-image-credential-provider-4.18.0-202606021914.p2.g6ea2356.assembly.stream.el8.s390x.rpm SHA-256: 657e13e4b6f58150e94e75e6d672614b200f62f1c25febd9ef521866b128f467

Red Hat OpenShift Container Platform for ARM 64 4.18 for RHEL 9

SRPM
kata-containers-3.25.0-6.rhaos4.18.el9.src.rpm SHA-256: e4f0d3a448a3cd54e31a9b4bf76df8e6909fe237e5ac151867fccf50f50b4f00
ose-aws-ecr-image-credential-provider-4.18.0-202606021914.p2.gc395190.assembly.stream.el9.src.rpm SHA-256: e49f37175c7441b9dd516fc25c8da6c0ffa782f628e7771f88057fbd00c99f33
ose-azure-acr-image-credential-provider-4.18.0-202606021914.p2.g9c24d76.assembly.stream.el9.src.rpm SHA-256: 12b418eb3c7b10844da90cb502d355771e98d6ca8b14e383fe5b99aeca1ac98f
aarch64
kata-containers-3.25.0-6.rhaos4.18.el9.aarch64.rpm SHA-256: 605ae24a542bb7a8eb90019ad988693590e0ce5c076b2ba48ec881009a38d6de
ose-aws-ecr-image-credential-provider-4.18.0-202606021914.p2.gc395190.assembly.stream.el9.aarch64.rpm SHA-256: fb14aceef714ca3fe0a675dff87ef8f153d0e4a22ca9c02b2a442d34249c2ad0
ose-azure-acr-image-credential-provider-4.18.0-202606021914.p2.g9c24d76.assembly.stream.el9.aarch64.rpm SHA-256: 1c3e63c9a845c631b3e1098459d041010385084c1ce52581d7be7531fd009691

Red Hat OpenShift Container Platform for ARM 64 4.18 for RHEL 8

SRPM
ose-aws-ecr-image-credential-provider-4.18.0-202606021914.p2.gc395190.assembly.stream.el8.src.rpm SHA-256: 6c3cbf605a06e75f2da929b5ca9f4994b72c6a1e4c76362478ff2d1e6a2beaeb
ose-azure-acr-image-credential-provider-4.18.0-202606021914.p2.g9c24d76.assembly.stream.el8.src.rpm SHA-256: 8cdbe92b40a68f79811b01935289874cbd609a861dcd4823b79136357722f2c9
aarch64
ose-aws-ecr-image-credential-provider-4.18.0-202606021914.p2.gc395190.assembly.stream.el8.aarch64.rpm SHA-256: 122a156ffe6704b15eb1201e4cd3e390277a4ebadb2e56bfd492c7bae2f01ab1
ose-azure-acr-image-credential-provider-4.18.0-202606021914.p2.g9c24d76.assembly.stream.el8.aarch64.rpm SHA-256: b457e165eb705724cc18e988ac541f9fc1d7518ac233f6b65fcce9316bb77c37

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Red Hat LinkedIn YouTube Facebook X, formerly Twitter

Quick Links

  • Downloads
  • Subscriptions
  • Support Cases
  • Customer Service
  • Product Documentation

Help

  • Contact Us
  • Customer Portal FAQ
  • Log-in Assistance

Site Info

  • Trust Red Hat
  • Browser Support Policy
  • Accessibility
  • Awards and Recognition
  • Colophon

Related Sites

  • redhat.com
  • developers.redhat.com
  • connect.redhat.com
  • cloud.redhat.com

Red Hat legal and privacy links

  • About Red Hat
  • Jobs
  • Events
  • Locations
  • Contact Red Hat
  • Red Hat Blog
  • Inclusion at Red Hat
  • Cool Stuff Store
  • Red Hat Summit
© 2026 Red Hat

Red Hat legal and privacy links

  • Privacy statement
  • Terms of use
  • All policies and guidelines
  • Digital accessibility