RHSA-2026:14162HighCVSS 7.8
Red Hat Security Advisory: Red Hat build of OpenTelemetry 3.9.3 release
🔗 CVE IDs covered (5)
📋 Description
CVE-2026-4878 — libcap: libcap: Privilege escalation via TOCTOU race condition in cap_set_file() CVE-2026-29111 — systemd: systemd: Arbitrary code execution or Denial of Service via spurious IPC API call data CVE-2026-32280 — crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building CVE-2026-32283 — crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages CVE-2026-41602 — github.com/apache/thrift: Apache Thrift: Integer Overflow in TFramedTransport Go implementation
🔗 References (9)
- selfhttps://access.redhat.com/errata/RHSA-2026:14162
- externalhttps://access.redhat.com/security/cve/CVE-2026-29111
- externalhttps://access.redhat.com/security/cve/CVE-2026-32280
- externalhttps://access.redhat.com/security/cve/CVE-2026-32283
- externalhttps://access.redhat.com/security/cve/CVE-2026-41602
- externalhttps://access.redhat.com/security/cve/CVE-2026-4878
- externalhttps://access.redhat.com/security/updates/classification/
- externalhttps://docs.redhat.com/en/documentation/openshift_container_platform/latest/html/red_hat_build_of_opentelemetry
- selfhttps://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_14162.json