Red Hat Product Errata RHSA-2026:4901 - Security Advisory
Issued:
2026-03-18
Updated:
2026-03-18

RHSA-2026:4901 - Security Advisory

Synopsis

Important: rhc security update

Type/Severity

Security Advisory: Important

Red Hat Lightspeed patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for rhc is now available for Red Hat Enterprise Linux 9.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

rhc is a client tool and daemon that connects the system to Red Hat hosted services enabling system and subscription management.

Security Fix(es):

  • crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate (CVE-2025-61729)
  • golang: net/url: Memory exhaustion in query parameter parsing in net/url (CVE-2025-61726)
  • crypto/tls: Unexpected session resumption in crypto/tls (CVE-2025-68121)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat Enterprise Linux for x86_64 9 x86_64
  • Red Hat Enterprise Linux for IBM z Systems 9 s390x
  • Red Hat Enterprise Linux for Power, little endian 9 ppc64le
  • Red Hat Enterprise Linux for ARM 64 9 aarch64
  • Red Hat CodeReady Linux Builder for x86_64 9 x86_64
  • Red Hat CodeReady Linux Builder for Power, little endian 9 ppc64le
  • Red Hat CodeReady Linux Builder for ARM 64 9 aarch64
  • Red Hat CodeReady Linux Builder for IBM z Systems 9 s390x

Fixes

  • BZ - 2418462 - CVE-2025-61729 crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate
  • BZ - 2434432 - CVE-2025-61726 golang: net/url: Memory exhaustion in query parameter parsing in net/url
  • BZ - 2437111 - CVE-2025-68121 crypto/tls: Unexpected session resumption in crypto/tls

Red Hat Enterprise Linux for x86_64 9

SRPM
rhc-0.2.7-2.el9_7.src.rpm SHA-256: e54b79573cb288b4facba4e850d0bf08fb2be6411c6727d4c33b385da0cb02f2
x86_64
rhc-0.2.7-2.el9_7.x86_64.rpm SHA-256: 8eb5a0ccb807800ededc796cda3056eaa28be4ea9eb433bdc1b09508c2367ba3
rhc-debuginfo-0.2.7-2.el9_7.x86_64.rpm SHA-256: 3d183b7cbb25ca189f9386056836ff18d771035dbaf6e6befac5a8d730b9e1b8
rhc-debugsource-0.2.7-2.el9_7.x86_64.rpm SHA-256: 2948175e52b8093de6dc24802bcef9572d24da49fceb37290efd841ec7ff801e

Red Hat Enterprise Linux for IBM z Systems 9

SRPM
rhc-0.2.7-2.el9_7.src.rpm SHA-256: e54b79573cb288b4facba4e850d0bf08fb2be6411c6727d4c33b385da0cb02f2
s390x
rhc-0.2.7-2.el9_7.s390x.rpm SHA-256: 713e3a58307114d93ecc5d7d4839667d451f79b04c2b49c76831d81250844ebe
rhc-debuginfo-0.2.7-2.el9_7.s390x.rpm SHA-256: d26649cd6407e61d6c23511088d66cdd0c462d644cc827804153e73d7d2f1a7c
rhc-debugsource-0.2.7-2.el9_7.s390x.rpm SHA-256: ff3d2f048cacde50d06fa6e7b1571ab27904f81d5f242ba80d870fcbb429ff90

Red Hat Enterprise Linux for Power, little endian 9

SRPM
rhc-0.2.7-2.el9_7.src.rpm SHA-256: e54b79573cb288b4facba4e850d0bf08fb2be6411c6727d4c33b385da0cb02f2
ppc64le
rhc-0.2.7-2.el9_7.ppc64le.rpm SHA-256: 66895c6f4ae66a8e91f5b998bc59f2ae2e88db8697902830f1601aa8dd2e17df
rhc-debuginfo-0.2.7-2.el9_7.ppc64le.rpm SHA-256: 76ce11f0d87b2593a5abf706b738c1df269751b5705dfc19eed6dd6a5140ca26
rhc-debugsource-0.2.7-2.el9_7.ppc64le.rpm SHA-256: d70a6b6cfbe008fabf51551ee128160408d7bcd9aff621ac5926ef6bfa9d6a4c

Red Hat Enterprise Linux for ARM 64 9

SRPM
rhc-0.2.7-2.el9_7.src.rpm SHA-256: e54b79573cb288b4facba4e850d0bf08fb2be6411c6727d4c33b385da0cb02f2
aarch64
rhc-0.2.7-2.el9_7.aarch64.rpm SHA-256: c481b3ed1477d49db58f0cc909745ef47297637aeb051cd1e6e7f8d9a9ba3d0b
rhc-debuginfo-0.2.7-2.el9_7.aarch64.rpm SHA-256: 6e884320369d36fbe9b34c8195a6a7aab37c52b77e518aa03ed57e53e60c576f
rhc-debugsource-0.2.7-2.el9_7.aarch64.rpm SHA-256: 2ffd41c3c2b104ac0e9b89aeca3addf082a1d541dc89e84912a60e64e667d1c3

Red Hat CodeReady Linux Builder for x86_64 9

SRPM
x86_64
rhc-debuginfo-0.2.7-2.el9_7.x86_64.rpm SHA-256: 3d183b7cbb25ca189f9386056836ff18d771035dbaf6e6befac5a8d730b9e1b8
rhc-debugsource-0.2.7-2.el9_7.x86_64.rpm SHA-256: 2948175e52b8093de6dc24802bcef9572d24da49fceb37290efd841ec7ff801e
rhc-devel-0.2.7-2.el9_7.x86_64.rpm SHA-256: 4441a843c89df1f8052295972b45be8460a8491e7846e28fe9bf45d5a04da4ef

Red Hat CodeReady Linux Builder for Power, little endian 9

SRPM
ppc64le
rhc-debuginfo-0.2.7-2.el9_7.ppc64le.rpm SHA-256: 76ce11f0d87b2593a5abf706b738c1df269751b5705dfc19eed6dd6a5140ca26
rhc-debugsource-0.2.7-2.el9_7.ppc64le.rpm SHA-256: d70a6b6cfbe008fabf51551ee128160408d7bcd9aff621ac5926ef6bfa9d6a4c
rhc-devel-0.2.7-2.el9_7.ppc64le.rpm SHA-256: f96c8974e5554e6869cc6791fd8cea2ad57f215597ea83b69975e1e17b23522e

Red Hat CodeReady Linux Builder for ARM 64 9

SRPM
aarch64
rhc-debuginfo-0.2.7-2.el9_7.aarch64.rpm SHA-256: 6e884320369d36fbe9b34c8195a6a7aab37c52b77e518aa03ed57e53e60c576f
rhc-debugsource-0.2.7-2.el9_7.aarch64.rpm SHA-256: 2ffd41c3c2b104ac0e9b89aeca3addf082a1d541dc89e84912a60e64e667d1c3
rhc-devel-0.2.7-2.el9_7.aarch64.rpm SHA-256: f3ad3585089e79ef5cfc78ad080be1c32e0043c59d33434b643a284f54068a5b

Red Hat CodeReady Linux Builder for IBM z Systems 9

SRPM
s390x
rhc-debuginfo-0.2.7-2.el9_7.s390x.rpm SHA-256: d26649cd6407e61d6c23511088d66cdd0c462d644cc827804153e73d7d2f1a7c
rhc-debugsource-0.2.7-2.el9_7.s390x.rpm SHA-256: ff3d2f048cacde50d06fa6e7b1571ab27904f81d5f242ba80d870fcbb429ff90
rhc-devel-0.2.7-2.el9_7.s390x.rpm SHA-256: 05a43e47feccd0f335716c77b05b884b45cb116be3670086e0983b38b5a9e23c

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.