Fedora Account System
Red Hat Associate
Red Hat Customer
When adding a key to a remote agent constraint extensions such as restrict-destination-v00 were not serialized in the request. Destination restrictions were silently stripped when forwarding keys, allowing unrestricted use of the key on the remote host. The client now serializes all constraint extensions. Additionally, the in-memory keyring returned by NewKeyring() now rejects keys with unsupported constraint extensions instead of silently ignoring them.
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2026:35833 https://access.redhat.com/errata/RHSA-2026:35833
This issue has been addressed in the following products: Red Hat Enterprise Linux 10 Via RHSA-2026:36199 https://access.redhat.com/errata/RHSA-2026:36199
This issue has been addressed in the following products: RHEM 1.0 for RHEL 9 Via RHSA-2026:36796 https://access.redhat.com/errata/RHSA-2026:36796
This issue has been addressed in the following products: Red Hat Enterprise Linux 10 Via RHSA-2026:37072 https://access.redhat.com/errata/RHSA-2026:37072
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2026:37123 https://access.redhat.com/errata/RHSA-2026:37123
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2026:37410 https://access.redhat.com/errata/RHSA-2026:37410