Synopsis
Important: opentelemetry-collector security update
Type/Severity
Security Advisory: Important
Red Hat Lightspeed patch analysis
Identify and remediate systems affected by this advisory.
View affected systems
Topic
An update for opentelemetry-collector is now available for Red Hat Enterprise Linux 10.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
Collector with the supported components for a Red Hat build of OpenTelemetry
Security Fix(es):
- golang: net/url: Memory exhaustion in query parameter parsing in net/url (CVE-2025-61726)
- crypto/tls: Unexpected session resumption in crypto/tls (CVE-2025-68121)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Affected Products
-
Red Hat Enterprise Linux for x86_64 10 x86_64
-
Red Hat Enterprise Linux for x86_64 - Extended Update Support 10.2 x86_64
-
Red Hat Enterprise Linux for IBM z Systems 10 s390x
-
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 10.2 s390x
-
Red Hat Enterprise Linux for Power, little endian 10 ppc64le
-
Red Hat Enterprise Linux for Power, little endian - Extended Update Support 10.2 ppc64le
-
Red Hat Enterprise Linux for ARM 64 10 aarch64
-
Red Hat Enterprise Linux for ARM 64 - Extended Update Support 10.2 aarch64
-
Red Hat Enterprise Linux for ARM 64 - 4 years of updates 10.2 aarch64
-
Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 10.2 s390x
-
Red Hat Enterprise Linux for Power, little endian - 4 years of support 10.2 ppc64le
-
Red Hat Enterprise Linux for x86_64 - 4 years of updates 10.2 x86_64
-
Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 10.2 x86_64
-
Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 10.2 aarch64
-
Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 10.2 ppc64le
-
Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 10.2 s390x
Fixes
-
BZ - 2434432
- CVE-2025-61726 golang: net/url: Memory exhaustion in query parameter parsing in net/url
-
BZ - 2437111
- CVE-2025-68121 crypto/tls: Unexpected session resumption in crypto/tls
Note:
More recent versions of these packages may be available.
Click a package name for more details.
Red Hat Enterprise Linux for x86_64 10
| SRPM |
|
opentelemetry-collector-0.144.0-1.el10_1.src.rpm
|
SHA-256: 9bbec2e4c582021977b7b5ab05cec79e72c3c61c083c62dc0f0a0563f5ec4882 |
| x86_64 |
|
opentelemetry-collector-0.144.0-1.el10_1.x86_64.rpm
|
SHA-256: 690b774f44ec1460bfcfa706ac4c5e20cc83435a718f2abe54261fbd18878132 |
Red Hat Enterprise Linux for x86_64 - Extended Update Support 10.2
| SRPM |
|
opentelemetry-collector-0.144.0-1.el10_1.src.rpm
|
SHA-256: 9bbec2e4c582021977b7b5ab05cec79e72c3c61c083c62dc0f0a0563f5ec4882 |
| x86_64 |
|
opentelemetry-collector-0.144.0-1.el10_1.x86_64.rpm
|
SHA-256: 690b774f44ec1460bfcfa706ac4c5e20cc83435a718f2abe54261fbd18878132 |
Red Hat Enterprise Linux for IBM z Systems 10
| SRPM |
|
opentelemetry-collector-0.144.0-1.el10_1.src.rpm
|
SHA-256: 9bbec2e4c582021977b7b5ab05cec79e72c3c61c083c62dc0f0a0563f5ec4882 |
| s390x |
|
opentelemetry-collector-0.144.0-1.el10_1.s390x.rpm
|
SHA-256: 3c464fc3af319c5d9f6cc64ac15757794367948f6f079cb4f928b7322e51fca3 |
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 10.2
| SRPM |
|
opentelemetry-collector-0.144.0-1.el10_1.src.rpm
|
SHA-256: 9bbec2e4c582021977b7b5ab05cec79e72c3c61c083c62dc0f0a0563f5ec4882 |
| s390x |
|
opentelemetry-collector-0.144.0-1.el10_1.s390x.rpm
|
SHA-256: 3c464fc3af319c5d9f6cc64ac15757794367948f6f079cb4f928b7322e51fca3 |
Red Hat Enterprise Linux for Power, little endian 10
| SRPM |
|
opentelemetry-collector-0.144.0-1.el10_1.src.rpm
|
SHA-256: 9bbec2e4c582021977b7b5ab05cec79e72c3c61c083c62dc0f0a0563f5ec4882 |
| ppc64le |
|
opentelemetry-collector-0.144.0-1.el10_1.ppc64le.rpm
|
SHA-256: 504cb99a8bda6a92b41b1106b38646e5df75a1657b4eeee8b78c690ac5fc0d36 |
Red Hat Enterprise Linux for Power, little endian - Extended Update Support 10.2
| SRPM |
|
opentelemetry-collector-0.144.0-1.el10_1.src.rpm
|
SHA-256: 9bbec2e4c582021977b7b5ab05cec79e72c3c61c083c62dc0f0a0563f5ec4882 |
| ppc64le |
|
opentelemetry-collector-0.144.0-1.el10_1.ppc64le.rpm
|
SHA-256: 504cb99a8bda6a92b41b1106b38646e5df75a1657b4eeee8b78c690ac5fc0d36 |
Red Hat Enterprise Linux for ARM 64 10
| SRPM |
|
opentelemetry-collector-0.144.0-1.el10_1.src.rpm
|
SHA-256: 9bbec2e4c582021977b7b5ab05cec79e72c3c61c083c62dc0f0a0563f5ec4882 |
| aarch64 |
|
opentelemetry-collector-0.144.0-1.el10_1.aarch64.rpm
|
SHA-256: e1fb538cba321ad068e3a5723898c414cca897d95d22cba9b9af344aa8f2b2b2 |
Red Hat Enterprise Linux for ARM 64 - Extended Update Support 10.2
| SRPM |
|
opentelemetry-collector-0.144.0-1.el10_1.src.rpm
|
SHA-256: 9bbec2e4c582021977b7b5ab05cec79e72c3c61c083c62dc0f0a0563f5ec4882 |
| aarch64 |
|
opentelemetry-collector-0.144.0-1.el10_1.aarch64.rpm
|
SHA-256: e1fb538cba321ad068e3a5723898c414cca897d95d22cba9b9af344aa8f2b2b2 |
Red Hat Enterprise Linux for ARM 64 - 4 years of updates 10.2
| SRPM |
|
opentelemetry-collector-0.144.0-1.el10_1.src.rpm
|
SHA-256: 9bbec2e4c582021977b7b5ab05cec79e72c3c61c083c62dc0f0a0563f5ec4882 |
| aarch64 |
|
opentelemetry-collector-0.144.0-1.el10_1.aarch64.rpm
|
SHA-256: e1fb538cba321ad068e3a5723898c414cca897d95d22cba9b9af344aa8f2b2b2 |
Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 10.2
| SRPM |
|
opentelemetry-collector-0.144.0-1.el10_1.src.rpm
|
SHA-256: 9bbec2e4c582021977b7b5ab05cec79e72c3c61c083c62dc0f0a0563f5ec4882 |
| s390x |
|
opentelemetry-collector-0.144.0-1.el10_1.s390x.rpm
|
SHA-256: 3c464fc3af319c5d9f6cc64ac15757794367948f6f079cb4f928b7322e51fca3 |
Red Hat Enterprise Linux for Power, little endian - 4 years of support 10.2
| SRPM |
|
opentelemetry-collector-0.144.0-1.el10_1.src.rpm
|
SHA-256: 9bbec2e4c582021977b7b5ab05cec79e72c3c61c083c62dc0f0a0563f5ec4882 |
| ppc64le |
|
opentelemetry-collector-0.144.0-1.el10_1.ppc64le.rpm
|
SHA-256: 504cb99a8bda6a92b41b1106b38646e5df75a1657b4eeee8b78c690ac5fc0d36 |
Red Hat Enterprise Linux for x86_64 - 4 years of updates 10.2
| SRPM |
|
opentelemetry-collector-0.144.0-1.el10_1.src.rpm
|
SHA-256: 9bbec2e4c582021977b7b5ab05cec79e72c3c61c083c62dc0f0a0563f5ec4882 |
| x86_64 |
|
opentelemetry-collector-0.144.0-1.el10_1.x86_64.rpm
|
SHA-256: 690b774f44ec1460bfcfa706ac4c5e20cc83435a718f2abe54261fbd18878132 |
Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 10.2
| SRPM |
|
opentelemetry-collector-0.144.0-1.el10_1.src.rpm
|
SHA-256: 9bbec2e4c582021977b7b5ab05cec79e72c3c61c083c62dc0f0a0563f5ec4882 |
| x86_64 |
|
opentelemetry-collector-0.144.0-1.el10_1.x86_64.rpm
|
SHA-256: 690b774f44ec1460bfcfa706ac4c5e20cc83435a718f2abe54261fbd18878132 |
Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 10.2
| SRPM |
|
opentelemetry-collector-0.144.0-1.el10_1.src.rpm
|
SHA-256: 9bbec2e4c582021977b7b5ab05cec79e72c3c61c083c62dc0f0a0563f5ec4882 |
| aarch64 |
|
opentelemetry-collector-0.144.0-1.el10_1.aarch64.rpm
|
SHA-256: e1fb538cba321ad068e3a5723898c414cca897d95d22cba9b9af344aa8f2b2b2 |
Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 10.2
| SRPM |
|
opentelemetry-collector-0.144.0-1.el10_1.src.rpm
|
SHA-256: 9bbec2e4c582021977b7b5ab05cec79e72c3c61c083c62dc0f0a0563f5ec4882 |
| ppc64le |
|
opentelemetry-collector-0.144.0-1.el10_1.ppc64le.rpm
|
SHA-256: 504cb99a8bda6a92b41b1106b38646e5df75a1657b4eeee8b78c690ac5fc0d36 |
Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 10.2
| SRPM |
|
opentelemetry-collector-0.144.0-1.el10_1.src.rpm
|
SHA-256: 9bbec2e4c582021977b7b5ab05cec79e72c3c61c083c62dc0f0a0563f5ec4882 |
| s390x |
|
opentelemetry-collector-0.144.0-1.el10_1.s390x.rpm
|
SHA-256: 3c464fc3af319c5d9f6cc64ac15757794367948f6f079cb4f928b7322e51fca3 |
