Synopsis
Important: opentelemetry-collector security update
Type/Severity
Security Advisory: Important
Red Hat Lightspeed patch analysis
Identify and remediate systems affected by this advisory.
View affected systems
Topic
An update for opentelemetry-collector is now available for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
Collector with the supported components for a Red Hat build of OpenTelemetry
Security Fix(es):
- github.com/prometheus/prometheus: Prometheus: Denial of Service via uncontrolled memory allocation in remote read endpoint (CVE-2026-42154)
- github.com/prometheus/prometheus: Prometheus: Information disclosure of Azure OAuth client secret via config API (CVE-2026-42151)
- net: golang: Go net package: Denial of Service via long CNAME response in LookupCNAME (CVE-2026-33811)
- golang.org/x/net/idna: golang: golang.org/x/net/idna: Privilege escalation via incorrect Punycode label processing (CVE-2026-39821)
- golang.org/x/net/html: golang.org/x/net/html: Arbitrary code execution via Cross-Site Scripting (CVE-2026-25681)
- crypto/x509: golang: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries (CVE-2026-27145)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Affected Products
-
Red Hat Enterprise Linux for x86_64 9 x86_64
-
Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.8 x86_64
-
Red Hat Enterprise Linux for IBM z Systems 9 s390x
-
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.8 s390x
-
Red Hat Enterprise Linux for Power, little endian 9 ppc64le
-
Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.8 ppc64le
-
Red Hat Enterprise Linux for ARM 64 9 aarch64
-
Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.8 aarch64
-
Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.8 ppc64le
-
Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.8 x86_64
-
Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.8 aarch64
-
Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.8 s390x
-
Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 9.8 x86_64
-
Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 9.8 aarch64
-
Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 9.8 ppc64le
-
Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 9.8 s390x
Fixes
-
BZ - 2466505
- CVE-2026-42154 github.com/prometheus/prometheus: Prometheus: Denial of Service via uncontrolled memory allocation in remote read endpoint
-
BZ - 2466507
- CVE-2026-42151 github.com/prometheus/prometheus: Prometheus: Information disclosure of Azure OAuth client secret via config API
-
BZ - 2467822
- CVE-2026-33811 net: golang: Go net package: Denial of Service via long CNAME response in LookupCNAME
-
BZ - 2480756
- CVE-2026-39821 golang.org/x/net/idna: golang: golang.org/x/net/idna: Privilege escalation via incorrect Punycode label processing
-
BZ - 2480761
- CVE-2026-25681 golang.org/x/net/html: golang.org/x/net/html: Arbitrary code execution via Cross-Site Scripting
-
BZ - 2484207
- CVE-2026-27145 crypto/x509: golang: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries
Note:
More recent versions of these packages may be available.
Click a package name for more details.
Red Hat Enterprise Linux for x86_64 9
| SRPM |
|
opentelemetry-collector-0.152.1-1.el9_8.src.rpm
|
SHA-256: 32964e73fc2334073dd9622d434ecffbccbc7e3fb7b3c22755cfc08df1892d3d |
| x86_64 |
|
opentelemetry-collector-0.152.1-1.el9_8.x86_64.rpm
|
SHA-256: 9e1c24e9b13c6fdba63a59be7c565231ffc6447e445d061d2065eeacbe3060a5 |
Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.8
| SRPM |
|
opentelemetry-collector-0.152.1-1.el9_8.src.rpm
|
SHA-256: 32964e73fc2334073dd9622d434ecffbccbc7e3fb7b3c22755cfc08df1892d3d |
| x86_64 |
|
opentelemetry-collector-0.152.1-1.el9_8.x86_64.rpm
|
SHA-256: 9e1c24e9b13c6fdba63a59be7c565231ffc6447e445d061d2065eeacbe3060a5 |
Red Hat Enterprise Linux for IBM z Systems 9
| SRPM |
|
opentelemetry-collector-0.152.1-1.el9_8.src.rpm
|
SHA-256: 32964e73fc2334073dd9622d434ecffbccbc7e3fb7b3c22755cfc08df1892d3d |
| s390x |
|
opentelemetry-collector-0.152.1-1.el9_8.s390x.rpm
|
SHA-256: e777bb67e8bda082ff2bfa24bb7119f406faeac5d7b2a97e39cb150463362032 |
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.8
| SRPM |
|
opentelemetry-collector-0.152.1-1.el9_8.src.rpm
|
SHA-256: 32964e73fc2334073dd9622d434ecffbccbc7e3fb7b3c22755cfc08df1892d3d |
| s390x |
|
opentelemetry-collector-0.152.1-1.el9_8.s390x.rpm
|
SHA-256: e777bb67e8bda082ff2bfa24bb7119f406faeac5d7b2a97e39cb150463362032 |
Red Hat Enterprise Linux for Power, little endian 9
| SRPM |
|
opentelemetry-collector-0.152.1-1.el9_8.src.rpm
|
SHA-256: 32964e73fc2334073dd9622d434ecffbccbc7e3fb7b3c22755cfc08df1892d3d |
| ppc64le |
|
opentelemetry-collector-0.152.1-1.el9_8.ppc64le.rpm
|
SHA-256: 6339599896129eef0920debb596a4241ef2da76cc2950871b4022b1976a69602 |
Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.8
| SRPM |
|
opentelemetry-collector-0.152.1-1.el9_8.src.rpm
|
SHA-256: 32964e73fc2334073dd9622d434ecffbccbc7e3fb7b3c22755cfc08df1892d3d |
| ppc64le |
|
opentelemetry-collector-0.152.1-1.el9_8.ppc64le.rpm
|
SHA-256: 6339599896129eef0920debb596a4241ef2da76cc2950871b4022b1976a69602 |
Red Hat Enterprise Linux for ARM 64 9
| SRPM |
|
opentelemetry-collector-0.152.1-1.el9_8.src.rpm
|
SHA-256: 32964e73fc2334073dd9622d434ecffbccbc7e3fb7b3c22755cfc08df1892d3d |
| aarch64 |
|
opentelemetry-collector-0.152.1-1.el9_8.aarch64.rpm
|
SHA-256: 787f6896d00a54a214fce2910b355211ef45a083bb05e1e0bbb04ada336e4d30 |
Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.8
| SRPM |
|
opentelemetry-collector-0.152.1-1.el9_8.src.rpm
|
SHA-256: 32964e73fc2334073dd9622d434ecffbccbc7e3fb7b3c22755cfc08df1892d3d |
| aarch64 |
|
opentelemetry-collector-0.152.1-1.el9_8.aarch64.rpm
|
SHA-256: 787f6896d00a54a214fce2910b355211ef45a083bb05e1e0bbb04ada336e4d30 |
Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.8
| SRPM |
|
opentelemetry-collector-0.152.1-1.el9_8.src.rpm
|
SHA-256: 32964e73fc2334073dd9622d434ecffbccbc7e3fb7b3c22755cfc08df1892d3d |
| ppc64le |
|
opentelemetry-collector-0.152.1-1.el9_8.ppc64le.rpm
|
SHA-256: 6339599896129eef0920debb596a4241ef2da76cc2950871b4022b1976a69602 |
Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.8
| SRPM |
|
opentelemetry-collector-0.152.1-1.el9_8.src.rpm
|
SHA-256: 32964e73fc2334073dd9622d434ecffbccbc7e3fb7b3c22755cfc08df1892d3d |
| x86_64 |
|
opentelemetry-collector-0.152.1-1.el9_8.x86_64.rpm
|
SHA-256: 9e1c24e9b13c6fdba63a59be7c565231ffc6447e445d061d2065eeacbe3060a5 |
Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.8
| SRPM |
|
opentelemetry-collector-0.152.1-1.el9_8.src.rpm
|
SHA-256: 32964e73fc2334073dd9622d434ecffbccbc7e3fb7b3c22755cfc08df1892d3d |
| aarch64 |
|
opentelemetry-collector-0.152.1-1.el9_8.aarch64.rpm
|
SHA-256: 787f6896d00a54a214fce2910b355211ef45a083bb05e1e0bbb04ada336e4d30 |
Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.8
| SRPM |
|
opentelemetry-collector-0.152.1-1.el9_8.src.rpm
|
SHA-256: 32964e73fc2334073dd9622d434ecffbccbc7e3fb7b3c22755cfc08df1892d3d |
| s390x |
|
opentelemetry-collector-0.152.1-1.el9_8.s390x.rpm
|
SHA-256: e777bb67e8bda082ff2bfa24bb7119f406faeac5d7b2a97e39cb150463362032 |
Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 9.8
| SRPM |
|
opentelemetry-collector-0.152.1-1.el9_8.src.rpm
|
SHA-256: 32964e73fc2334073dd9622d434ecffbccbc7e3fb7b3c22755cfc08df1892d3d |
| x86_64 |
|
opentelemetry-collector-0.152.1-1.el9_8.x86_64.rpm
|
SHA-256: 9e1c24e9b13c6fdba63a59be7c565231ffc6447e445d061d2065eeacbe3060a5 |
Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 9.8
| SRPM |
|
opentelemetry-collector-0.152.1-1.el9_8.src.rpm
|
SHA-256: 32964e73fc2334073dd9622d434ecffbccbc7e3fb7b3c22755cfc08df1892d3d |
| aarch64 |
|
opentelemetry-collector-0.152.1-1.el9_8.aarch64.rpm
|
SHA-256: 787f6896d00a54a214fce2910b355211ef45a083bb05e1e0bbb04ada336e4d30 |
Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 9.8
| SRPM |
|
opentelemetry-collector-0.152.1-1.el9_8.src.rpm
|
SHA-256: 32964e73fc2334073dd9622d434ecffbccbc7e3fb7b3c22755cfc08df1892d3d |
| ppc64le |
|
opentelemetry-collector-0.152.1-1.el9_8.ppc64le.rpm
|
SHA-256: 6339599896129eef0920debb596a4241ef2da76cc2950871b4022b1976a69602 |
Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 9.8
| SRPM |
|
opentelemetry-collector-0.152.1-1.el9_8.src.rpm
|
SHA-256: 32964e73fc2334073dd9622d434ecffbccbc7e3fb7b3c22755cfc08df1892d3d |
| s390x |
|
opentelemetry-collector-0.152.1-1.el9_8.s390x.rpm
|
SHA-256: e777bb67e8bda082ff2bfa24bb7119f406faeac5d7b2a97e39cb150463362032 |