Issued:: 2026-03-10
Updated:: 2026-03-10

RHSA-2026:4174 - Security Advisory

Overview
Updated Packages

Synopsis

Important: opentelemetry-collector security update

Type/Severity

Security Advisory: Important

Red Hat Lightspeed patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for opentelemetry-collector is now available for Red Hat Enterprise Linux 10.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Collector with the supported components for a Red Hat build of OpenTelemetry

Security Fix(es):

golang: net/url: Memory exhaustion in query parameter parsing in net/url (CVE-2025-61726)
crypto/tls: Unexpected session resumption in crypto/tls (CVE-2025-68121)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

Red Hat Enterprise Linux for x86_64 10 x86_64
Red Hat Enterprise Linux for IBM z Systems 10 s390x
Red Hat Enterprise Linux for Power, little endian 10 ppc64le
Red Hat Enterprise Linux for ARM 64 10 aarch64

Fixes

BZ - 2434432 - CVE-2025-61726 golang: net/url: Memory exhaustion in query parameter parsing in net/url
BZ - 2437111 - CVE-2025-68121 crypto/tls: Unexpected session resumption in crypto/tls

CVEs

References

https://access.redhat.com/security/updates/classification/#important

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux for x86_64 10

SRPM
opentelemetry-collector-0.144.0-1.el10_1.src.rpm	SHA-256: 9bbec2e4c582021977b7b5ab05cec79e72c3c61c083c62dc0f0a0563f5ec4882
x86_64
opentelemetry-collector-0.144.0-1.el10_1.x86_64.rpm	SHA-256: 690b774f44ec1460bfcfa706ac4c5e20cc83435a718f2abe54261fbd18878132

Red Hat Enterprise Linux for IBM z Systems 10

SRPM
opentelemetry-collector-0.144.0-1.el10_1.src.rpm	SHA-256: 9bbec2e4c582021977b7b5ab05cec79e72c3c61c083c62dc0f0a0563f5ec4882
s390x
opentelemetry-collector-0.144.0-1.el10_1.s390x.rpm	SHA-256: 3c464fc3af319c5d9f6cc64ac15757794367948f6f079cb4f928b7322e51fca3

Red Hat Enterprise Linux for Power, little endian 10

SRPM
opentelemetry-collector-0.144.0-1.el10_1.src.rpm	SHA-256: 9bbec2e4c582021977b7b5ab05cec79e72c3c61c083c62dc0f0a0563f5ec4882
ppc64le
opentelemetry-collector-0.144.0-1.el10_1.ppc64le.rpm	SHA-256: 504cb99a8bda6a92b41b1106b38646e5df75a1657b4eeee8b78c690ac5fc0d36

Red Hat Enterprise Linux for ARM 64 10

SRPM
opentelemetry-collector-0.144.0-1.el10_1.src.rpm	SHA-256: 9bbec2e4c582021977b7b5ab05cec79e72c3c61c083c62dc0f0a0563f5ec4882
aarch64
opentelemetry-collector-0.144.0-1.el10_1.aarch64.rpm	SHA-256: e1fb538cba321ad068e3a5723898c414cca897d95d22cba9b9af344aa8f2b2b2

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation