[Apollo] Advisories Statistics light light Login

RLSA-2025:23664

Security Mirrored from RHSA-2025:23664
Issued at: 2025-12-20
Updated at: 2025-12-29

Synopsis

Important: opentelemetry-collector security update



Description

Collector with the supported components for a Rocky Enterprise Software Foundation build of OpenTelemetry

Security Fix(es):

* github.com/expr-lang/expr: Expr: Denial of Service via uncontrolled recursion in expression evaluation (CVE-2025-68156)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.



Affected products

Rocky Linux 10 aarch64 Rocky Linux 10 ppc64le Rocky Linux 10 s390x Rocky Linux 10 x86_64

Fixes

2422891

CVEs

CVE-2025-68156

Affected packages

Rocky Linux 10 aarch64 - AppStream

opentelemetry-collector-0:0.135.0-2.el10_1.aarch64.rpm opentelemetry-collector-0:0.135.0-2.el10_1.src.rpm

Rocky Linux 10 ppc64le - AppStream

opentelemetry-collector-0:0.135.0-2.el10_1.ppc64le.rpm opentelemetry-collector-0:0.135.0-2.el10_1.src.rpm

Rocky Linux 10 s390x - AppStream

opentelemetry-collector-0:0.135.0-2.el10_1.s390x.rpm opentelemetry-collector-0:0.135.0-2.el10_1.src.rpm

Rocky Linux 10 x86_64 - AppStream

opentelemetry-collector-0:0.135.0-2.el10_1.src.rpm opentelemetry-collector-0:0.135.0-2.el10_1.x86_64.rpm