Red Hat Product Errata RHSA-2026:20569 - Security Advisory Issued: 2026-05-26 Updated: 2026-05-26 RHSA-2026:20569 - Security Advisory Overview Updated Packages Synopsis Important: buildah security update Type/Severity Security Advisory: Important Red Hat Lightspeed patch analysis Identify and remediate systems affected by this advisory. View affected systems Topic An update for buildah is now available for Red Hat Enterprise Linux 10.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description The buildah package provides a tool for facilitating building OCI container images. Among other things, buildah enables you to: Create a working container, either from scratch or using an image as a starting point; Create an image, either from a working container or using the instructions in a Dockerfile; Build both Docker and OCI images. Security Fix(es): github.com/go-jose/go-jose/v3: github.com/go-jose/go-jose/v4: Go JOSE: Denial of Service via crafted JSON Web Encryption (JWE) object (CVE-2026-34986) crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation (CVE-2026-32281) crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages (CVE-2026-32283) crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building (CVE-2026-32280) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 Affected Products Red Hat Enterprise Linux for x86_64 - Extended Update Support 10.0 x86_64 Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 10.0 s390x Red Hat Enterprise Linux for Power, little endian - Extended Update Support 10.0 ppc64le Red Hat Enterprise Linux for ARM 64 - Extended Update Support 10.0 aarch64 Red Hat Enterprise Linux for ARM 64 - 4 years of updates 10.0 aarch64 Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 10.0 s390x Red Hat Enterprise Linux for Power, little endian - 4 years of support 10.0 ppc64le Red Hat Enterprise Linux for x86_64 - 4 years of updates 10.0 x86_64 Fixes BZ - 2455470 - CVE-2026-34986 github.com/go-jose/go-jose/v3: github.com/go-jose/go-jose/v4: Go JOSE: Denial of Service via crafted JSON Web Encryption (JWE) object BZ - 2456333 - CVE-2026-32281 crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation BZ - 2456338 - CVE-2026-32283 crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages BZ - 2456339 - CVE-2026-32280 crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building CVEs CVE-2026-32280 CVE-2026-32281 CVE-2026-32283 CVE-2026-34986 References https://access.redhat.com/security/updates/classification/#important Note: More recent versions of these packages may be available. Click a package name for more details. Red Hat Enterprise Linux for x86_64 - Extended Update Support 10.0 SRPM buildah-1.39.9-1.el10_0.src.rpm SHA-256: 582dd002e72dbdcd345212c0c8c2bd0d33bea5f15e93e696af094a04058d58ba x86_64 buildah-1.39.9-1.el10_0.x86_64.rpm SHA-256: ef61e03b971ebe216e16f9ef584be3545ae05640beac4d47bc48e03ac14836c1 buildah-debuginfo-1.39.9-1.el10_0.x86_64.rpm SHA-256: 952a55ae9bf2b206cdee6cfdc6714ea737f73cb457eeac2bcbb746f81af400a7 buildah-debugsource-1.39.9-1.el10_0.x86_64.rpm SHA-256: 31b514b28fa723ffce16d9a373b9165aeea33391c04ead74d2384a3dedbd291c buildah-tests-1.39.9-1.el10_0.x86_64.rpm SHA-256: 6855998b600b4d0722572e6c9c1ffb19c281efa18a093a90217bdc1aaeabfd37 buildah-tests-debuginfo-1.39.9-1.el10_0.x86_64.rpm SHA-256: a9845ce51bfbcdb683bf97f19c9d86b35d53868b8424ba7525015aeeac9d0646 Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 10.0 SRPM buildah-1.39.9-1.el10_0.src.rpm SHA-256: 582dd002e72dbdcd345212c0c8c2bd0d33bea5f15e93e696af094a04058d58ba s390x buildah-1.39.9-1.el10_0.s390x.rpm SHA-256: ec09c28e13dd564be684023254adca7ab9379a37033404395d7d01d65913a366 buildah-debuginfo-1.39.9-1.el10_0.s390x.rpm SHA-256: f0052905eef846fcdccff299294a563d96e5a04d07af4e9e09bcc47665c7bff2 buildah-debugsource-1.39.9-1.el10_0.s390x.rpm SHA-256: f7d24763a9b6e7090459f856c79e8892c8adacff6e34969cfa02a7673c5adc41 buildah-tests-1.39.9-1.el10_0.s390x.rpm SHA-256: 0d1f8cca589e472a637edd963d5aec9546461619c40b5b3feae40ad3c0d13f0e buildah-tests-debuginfo-1.39.9-1.el10_0.s390x.rpm SHA-256: 9f9c0610bdfbd451360d7c7376f1481a8d76ab3b16a92945b7c051ffa00f9311 Red Hat Enterprise Linux for Power, little endian - Extended Update Support 10.0 SRPM buildah-1.39.9-1.el10_0.src.rpm SHA-256: 582dd002e72dbdcd345212c0c8c2bd0d33bea5f15e93e696af094a04058d58ba ppc64le buildah-1.39.9-1.el10_0.ppc64le.rpm SHA-256: 195ae8a3edaa84920950433c0872d7969b92b04e977493d81525b52154d5c35f buildah-debuginfo-1.39.9-1.el10_0.ppc64le.rpm SHA-256: 74604beb7a05aac6054c435b19db4746981e8e7b56171ec5ef873d9e23468ec5 buildah-debugsource-1.39.9-1.el10_0.ppc64le.rpm SHA-256: 590bca3d72d124ada27dd62b25366135316f46882326f106f3e3a75c992972db buildah-tests-1.39.9-1.el10_0.ppc64le.rpm SHA-256: 9f326b3925cd5d13cbd6466a27a1695332fc923d9794aadea0968cd20e355cca buildah-tests-debuginfo-1.39.9-1.el10_0.ppc64le.rpm SHA-256: c323a8971c2626954fe56ca1eb3595f4340362ab2290ae02db41751942a621d6 Red Hat Enterprise Linux for ARM 64 - Extended Update Support 10.0 SRPM buildah-1.39.9-1.el10_0.src.rpm SHA-256: 582dd002e72dbdcd345212c0c8c2bd0d33bea5f15e93e696af094a04058d58ba aarch64 buildah-1.39.9-1.el10_0.aarch64.rpm SHA-256: 65ac27092be7e2ead3fdb6855bd0016eb0421c8fe619f6a080745a1c0fa35c14 buildah-debuginfo-1.39.9-1.el10_0.aarch64.rpm SHA-256: 9a55639d545835d0ac929ada93bf0971f29c0748acb055f8c6c1112d8b853c9e buildah-debugsource-1.39.9-1.el10_0.aarch64.rpm SHA-256: 94f72ce526348d61adffb702df4abe5addeac62ab5e204ffba1771aafb05b789 buildah-tests-1.39.9-1.el10_0.aarch64.rpm SHA-256: 9ac906159ac1659c9e16cfacd6d3c76a9919ad6064dea7bceff51bfbb7c6699e buildah-tests-debuginfo-1.39.9-1.el10_0.aarch64.rpm SHA-256: a947b46dd607580bd02b675c5c058f11b936a9852576136ad8a4b7cda3c73186 Red Hat Enterprise Linux for ARM 64 - 4 years of updates 10.0 SRPM buildah-1.39.9-1.el10_0.src.rpm SHA-256: 582dd002e72dbdcd345212c0c8c2bd0d33bea5f15e93e696af094a04058d58ba aarch64 buildah-1.39.9-1.el10_0.aarch64.rpm SHA-256: 65ac27092be7e2ead3fdb6855bd0016eb0421c8fe619f6a080745a1c0fa35c14 buildah-debuginfo-1.39.9-1.el10_0.aarch64.rpm SHA-256: 9a55639d545835d0ac929ada93bf0971f29c0748acb055f8c6c1112d8b853c9e buildah-debugsource-1.39.9-1.el10_0.aarch64.rpm SHA-256: 94f72ce526348d61adffb702df4abe5addeac62ab5e204ffba1771aafb05b789 buildah-tests-1.39.9-1.el10_0.aarch64.rpm SHA-256: 9ac906159ac1659c9e16cfacd6d3c76a9919ad6064dea7bceff51bfbb7c6699e buildah-tests-debuginfo-1.39.9-1.el10_0.aarch64.rpm SHA-256: a947b46dd607580bd02b675c5c058f11b936a9852576136ad8a4b7cda3c73186 Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 10.0 SRPM buildah-1.39.9-1.el10_0.src.rpm SHA-256: 582dd002e72dbdcd345212c0c8c2bd0d33bea5f15e93e696af094a04058d58ba s390x buildah-1.39.9-1.el10_0.s390x.rpm SHA-256: ec09c28e13dd564be684023254adca7ab9379a37033404395d7d01d65913a366 buildah-debuginfo-1.39.9-1.el10_0.s390x.rpm SHA-256: f0052905eef846fcdccff299294a563d96e5a04d07af4e9e09bcc47665c7bff2 buildah-debugsource-1.39.9-1.el10_0.s390x.rpm SHA-256: f7d24763a9b6e7090459f856c79e8892c8adacff6e34969cfa02a7673c5adc41 buildah-tests-1.39.9-1.el10_0.s390x.rpm SHA-256: 0d1f8cca589e472a637edd963d5aec9546461619c40b5b3feae40ad3c0d13f0e buildah-tests-debuginfo-1.39.9-1.el10_0.s390x.rpm SHA-256: 9f9c0610bdfbd451360d7c7376f1481a8d76ab3b16a92945b7c051ffa00f9311 Red Hat Enterprise Linux for Power, little endian - 4 years of support 10.0 SRPM buildah-1.39.9-1.el10_0.src.rpm SHA-256: 582dd002e72dbdcd345212c0c8c2bd0d33bea5f15e93e696af094a04058d58ba ppc64le buildah-1.39.9-1.el10_0.ppc64le.rpm SHA-256: 195ae8a3edaa84920950433c0872d7969b92b04e977493d81525b52154d5c35f buildah-debuginfo-1.39.9-1.el10_0.ppc64le.rpm SHA-256: 74604beb7a05aac6054c435b19db4746981e8e7b56171ec5ef873d9e23468ec5 buildah-debugsource-1.39.9-1.el10_0.ppc64le.rpm SHA-256: 590bca3d72d124ada27dd62b25366135316f46882326f106f3e3a75c992972db buildah-tests-1.39.9-1.el10_0.ppc64le.rpm SHA-256: 9f326b3925cd5d13cbd6466a27a1695332fc923d9794aadea0968cd20e355cca buildah-tests-debuginfo-1.39.9-1.el10_0.ppc64le.rpm SHA-256: c323a8971c2626954fe56ca1eb3595f4340362ab2290ae02db41751942a621d6 Red Hat Enterprise Linux for x86_64 - 4 years of updates 10.0 SRPM buildah-1.39.9-1.el10_0.src.rpm SHA-256: 582dd002e72dbdcd345212c0c8c2bd0d33bea5f15e93e696af094a04058d58ba x86_64 buildah-1.39.9-1.el10_0.x86_64.rpm SHA-256: ef61e03b971ebe216e16f9ef584be3545ae05640beac4d47bc48e03ac14836c1 buildah-debuginfo-1.39.9-1.el10_0.x86_64.rpm SHA-256: 952a55ae9bf2b206cdee6cfdc6714ea737f73cb457eeac2bcbb746f81af400a7 buildah-debugsource-1.39.9-1.el10_0.x86_64.rpm SHA-256: 31b514b28fa723ffce16d9a373b9165aeea33391c04ead74d2384a3dedbd291c buildah-tests-1.39.9-1.el10_0.x86_64.rpm SHA-256: 6855998b600b4d0722572e6c9c1ffb19c281efa18a093a90217bdc1aaeabfd37 buildah-tests-debuginfo-1.39.9-1.el10_0.x86_64.rpm SHA-256: a9845ce51bfbcdb683bf97f19c9d86b35d53868b8424ba7525015aeeac9d0646 The Red Hat security contact is secalert@redhat.com . More contact details at https://access.redhat.com/security/team/contact/ .