Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2026-39821 (GCVE-0-2026-39821)
Vulnerability from cvelistv5 – Published: 2026-05-22 15:01 – Updated: 2026-07-10 12:05- CWE-1289 - Improper Validation of Unsafe Equivalence in Input
| Vendor | Product | Version | |
|---|---|---|---|
| golang.org/x/net | golang.org/x/net/idna |
Affected:
0 , < 0.55.0
(semver)
|
|
| Red Hat | Red Hat OpenShift Container Platform 4.22 |
cpe:/a:redhat:openshift:4.22::el8 cpe:/a:redhat:openshift:4.22::el9 |
|
| Red Hat | RHEM 1.0 for RHEL 9 |
cpe:/a:redhat:edge_manager:1.0::el9 |
|
| Red Hat | Red Hat Enterprise Linux AppStream (v. 10) |
cpe:/o:redhat:enterprise_linux:10.2 |
|
| Red Hat | Red Hat Enterprise Linux AppStream (v. 8) |
cpe:/a:redhat:enterprise_linux:8::appstream |
|
| Red Hat | Red Hat Enterprise Linux AppStream (v. 9) |
cpe:/a:redhat:enterprise_linux:9::appstream |
|
| Red Hat | Cluster Observability Operator 1.5.0 |
cpe:/a:redhat:cluster_observability_operator:1.5::el9 |
|
| Red Hat | DevWorkspace Operator 0.42 |
cpe:/a:redhat:devworkspace:0.42::el9 |
|
| Red Hat | Logging Subsystem for Red Hat OpenShift 6.4 |
cpe:/a:redhat:logging:6.4::el9 |
|
| Red Hat | Red Hat Advanced Cluster Management for Kubernetes 2.13 |
cpe:/a:redhat:acm:2.13::el9 |
|
| Red Hat | Red Hat Advanced Cluster Security for Kubernetes 4.10 |
cpe:/a:redhat:advanced_cluster_security:4.10::el8 |
|
| Red Hat | Red Hat Advanced Cluster Security for Kubernetes 4.11 |
cpe:/a:redhat:advanced_cluster_security:4.11::el9 |
|
| Red Hat | Red Hat Advanced Cluster Security for Kubernetes 4.9 |
cpe:/a:redhat:advanced_cluster_security:4.9::el8 |
|
| Red Hat | Red Hat Edge Manager 1.0 |
cpe:/a:redhat:edge_manager:1.0::el9 |
|
| Red Hat | Red Hat Enterprise Linux AI 3.4 |
cpe:/a:redhat:enterprise_linux_ai:3.4::el9 |
|
| Red Hat | Red Hat Hardened Images |
cpe:/a:redhat:hummingbird:1 |
|
| Red Hat | Red Hat OpenShift Builds 1.7.4 |
cpe:/a:redhat:openshift_builds:1.7::el9 |
|
| Red Hat | Red Hat OpenShift Dev Spaces 3.29 |
cpe:/a:redhat:openshift_devspaces:3.29::el9 |
|
| Red Hat | Red Hat OpenShift GitOps 1.19 |
cpe:/a:redhat:openshift_gitops:1.19::el8 |
|
| Red Hat | Red Hat OpenShift GitOps 1.20 |
cpe:/a:redhat:openshift_gitops:1.20::el9 |
|
| Red Hat | Red Hat OpenShift Service Mesh 2.6 |
cpe:/a:redhat:service_mesh:2.6::el8 |
|
| Red Hat | Red Hat OpenShift Service Mesh 3.1 |
cpe:/a:redhat:service_mesh:3.1::el9 |
|
| Red Hat | Red Hat OpenShift Service Mesh 3.2 |
cpe:/a:redhat:service_mesh:3.2::el9 |
|
| Red Hat | Red Hat OpenShift Service Mesh 3.3 |
cpe:/a:redhat:service_mesh:3.3::el9 |
|
| Red Hat | Red Hat OpenShift Service Mesh 3 |
cpe:/a:redhat:service_mesh:3.0::el9 |
|
| Red Hat | Red Hat Openshift Data Foundation 4.22 |
cpe:/a:redhat:openshift_data_foundation:4.22::el9 |
|
| Red Hat | Red Hat Trusted Artifact Signer 1.4 |
cpe:/a:redhat:trusted_artifact_signer:1.4::el9 |
|
| Red Hat | multicluster engine for Kubernetes 2.6 |
cpe:/a:redhat:multicluster_engine:2.6::el8 |
|
| Red Hat | multicluster engine for Kubernetes 2.8 |
cpe:/a:redhat:multicluster_engine:2.8::el9 |
|
| Red Hat | multicluster engine for Kubernetes 2.9 |
cpe:/a:redhat:multicluster_engine:2.9::el9 |
|
| Red Hat | Assisted Installer for Red Hat OpenShift Container Platform 2 |
cpe:/a:redhat:assisted_installer:2 |
|
| Red Hat | cert-manager Operator for Red Hat OpenShift |
cpe:/a:redhat:cert_manager:1 |
|
| Red Hat | Compliance Operator |
cpe:/a:redhat:openshift_compliance_operator:1 |
|
| Red Hat | Confidential Compute Attestation |
cpe:/a:redhat:confidential_compute_attestation:1 |
|
| Red Hat | Deployment Validation Operator |
cpe:/a:redhat:deployment_validator_operator |
|
| Red Hat | External Secrets Operator for Red Hat OpenShift |
cpe:/a:redhat:external_secrets_operator:1 |
|
| Red Hat | Fence Agents Remediation Operator |
cpe:/a:redhat:workload_availability_far:0 |
|
| Red Hat | File Integrity Operator |
cpe:/a:redhat:openshift_file_integrity_operator:1 |
|
| Red Hat | Gatekeeper 3 |
cpe:/a:redhat:gatekeeper:3 |
|
| Red Hat | Logical Volume Manager Storage |
cpe:/a:redhat:lvms:4 |
|
| Red Hat | Machine Deletion Remediation Operator |
cpe:/a:redhat:workload_availability_mdr:0 |
|
| Red Hat | Migration Toolkit for Applications 8 |
cpe:/a:redhat:migration_toolkit_applications:8 |
|
| Red Hat | Migration Toolkit for Containers |
cpe:/a:redhat:rhmt:1 |
|
| Red Hat | Multiarch Tuning Operator |
cpe:/a:redhat:multiarch_tuning_operator |
|
| Red Hat | Multicluster Engine for Kubernetes |
cpe:/a:redhat:multicluster_engine |
|
| Red Hat | Multicluster Global Hub |
cpe:/a:redhat:multicluster_globalhub |
|
| Red Hat | Network Observability Operator |
cpe:/a:redhat:network_observ_optr:1 |
|
| Red Hat | Node HealthCheck Operator |
cpe:/a:redhat:workload_availability_nhc:0 |
|
| Red Hat | OpenShift API for Data Protection |
cpe:/a:redhat:openshift_api_data_protection:1 |
|
| Red Hat | OpenShift Developer Tools and Services |
cpe:/a:redhat:ocp_tools |
|
| Red Hat | OpenShift Lightspeed |
cpe:/a:redhat:openshift_lightspeed |
|
| Red Hat | OpenShift Pipelines |
cpe:/a:redhat:openshift_pipelines:1 |
|
| Red Hat | OpenShift Serverless |
cpe:/a:redhat:serverless:1 |
|
| Red Hat | Power monitoring for Red Hat OpenShift |
cpe:/a:redhat:openshift_power_monitoring |
|
| Red Hat | Red Hat 3scale API Management Platform 2 |
cpe:/a:redhat:red_hat_3scale_amp:2 |
|
| Red Hat | Red Hat Advanced Cluster Management for Kubernetes 2 |
cpe:/a:redhat:acm:2 |
|
| Red Hat | Red Hat Ansible Automation Platform 2 |
cpe:/a:redhat:ansible_automation_platform:2 |
|
| Red Hat | Red Hat Ceph Storage 5 |
cpe:/a:redhat:ceph_storage:5 |
|
| Red Hat | Red Hat Ceph Storage 6 |
cpe:/a:redhat:ceph_storage:6 |
|
| Red Hat | Red Hat Ceph Storage 8 |
cpe:/a:redhat:ceph_storage:8 |
|
| Red Hat | Red Hat Ceph Storage 9 |
cpe:/a:redhat:ceph_storage:9 |
|
| Red Hat | Red Hat Certification Program for Red Hat Enterprise Linux 9 |
cpe:/a:redhat:certifications:9 |
|
| Red Hat | Red Hat Connectivity Link 1 |
cpe:/a:redhat:connectivity_link:1 |
|
| Red Hat | Red Hat Developer Hub |
cpe:/a:redhat:rhdh:1 |
|
| Red Hat | Red Hat Enterprise Linux 10 |
cpe:/o:redhat:enterprise_linux:10 |
|
| Red Hat | Red Hat Enterprise Linux 7 |
cpe:/o:redhat:enterprise_linux:7 |
|
| Red Hat | Red Hat Enterprise Linux 8 |
cpe:/o:redhat:enterprise_linux:8 |
|
| Red Hat | Red Hat Enterprise Linux 9 |
cpe:/o:redhat:enterprise_linux:9 |
|
| Red Hat | Red Hat Enterprise Linux AI (RHEL AI) 3 |
cpe:/a:redhat:enterprise_linux_ai:3 |
|
| Red Hat | Red Hat Lightspeed for Runtimes Operator |
cpe:/a:redhat:lightspeed_for_runtimes:1 |
|
| Red Hat | Red Hat OpenShift AI (RHOAI) |
cpe:/a:redhat:openshift_ai |
|
| Red Hat | Red Hat OpenShift Cluster Manager CLI |
cpe:/a:redhat:openshift_cluster_manager_cli:1 |
|
| Red Hat | Red Hat OpenShift Container Platform 4 |
cpe:/a:redhat:openshift:4 |
|
| Red Hat | Red Hat OpenShift for Windows Containers |
cpe:/a:redhat:windows_machine_config |
|
| Red Hat | Red Hat OpenShift on AWS |
cpe:/a:redhat:openshift_service_on_aws:1 |
|
| Red Hat | Red Hat OpenShift Virtualization 4 |
cpe:/a:redhat:container_native_virtualization:4 |
|
| Red Hat | Red Hat OpenStack Platform 16.2 |
cpe:/a:redhat:openstack:16.2 |
|
| Red Hat | Red Hat OpenStack Platform 17.1 |
cpe:/a:redhat:openstack:17.1 |
|
| Red Hat | Red Hat Quay 3 |
cpe:/a:redhat:quay:3 |
|
| Red Hat | Red Hat Satellite 6 |
cpe:/a:redhat:satellite:6 |
|
| Red Hat | Red Hat Web Terminal |
cpe:/a:redhat:webterminal:1 |
|
| Red Hat | Security Profiles Operator |
cpe:/a:redhat:openshift_security_profiles_operator:1 |
|
| Red Hat | streams for Apache Kafka 3 |
cpe:/a:redhat:amq_streams:3 |
|
| Red Hat | Zero Trust Workload Identity Manager |
cpe:/a:redhat:zero_trust_workload_identity_manager:1 |
|
| Red Hat | Zero Trust Workload Identity Manager - Tech Preview |
cpe:/a:redhat:zero_trust_workload_identity_manager:0 |
|
| Red Hat | Cryostat 4 |
cpe:/a:redhat:cryostat:4 |
|
| Red Hat | Red Hat OpenStack Platform 18.0 |
cpe:/a:redhat:openstack:18.0 |
|
| Red Hat | Red Hat Service Interconnect 1 |
cpe:/a:redhat:service_interconnect:1 |
|
| Red Hat | Red Hat Service Interconnect 2 |
cpe:/a:redhat:service_interconnect:2 |
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-39821",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-23T03:55:58.522682Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1289",
"description": "CWE-1289 Improper Validation of Unsafe Equivalence in Input",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-27T13:13:15.606Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"affected": [
{
"cpes": [
"cpe:/a:redhat:openshift:4.22::el8",
"cpe:/a:redhat:openshift:4.22::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Container Platform 4.22",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:edge_manager:1.0::el9"
],
"defaultStatus": "affected",
"product": "RHEM 1.0 for RHEL 9",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux:10.2"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux AppStream (v. 10)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:enterprise_linux:8::appstream"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux AppStream (v. 8)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:enterprise_linux:9::appstream"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux AppStream (v. 9)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:cluster_observability_operator:1.5::el9"
],
"defaultStatus": "affected",
"product": "Cluster Observability Operator 1.5.0",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:devworkspace:0.42::el9"
],
"defaultStatus": "affected",
"product": "DevWorkspace Operator 0.42",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:logging:6.4::el9"
],
"defaultStatus": "affected",
"product": "Logging Subsystem for Red Hat OpenShift 6.4",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:acm:2.13::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Advanced Cluster Management for Kubernetes 2.13",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:advanced_cluster_security:4.10::el8"
],
"defaultStatus": "affected",
"product": "Red Hat Advanced Cluster Security for Kubernetes 4.10",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:advanced_cluster_security:4.11::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Advanced Cluster Security for Kubernetes 4.11",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:advanced_cluster_security:4.9::el8"
],
"defaultStatus": "affected",
"product": "Red Hat Advanced Cluster Security for Kubernetes 4.9",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:edge_manager:1.0::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Edge Manager 1.0",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:enterprise_linux_ai:3.4::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux AI 3.4",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:hummingbird:1"
],
"defaultStatus": "affected",
"product": "Red Hat Hardened Images",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_builds:1.7::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Builds 1.7.4",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_devspaces:3.29::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Dev Spaces 3.29",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_gitops:1.19::el8"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift GitOps 1.19",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_gitops:1.20::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift GitOps 1.20",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:service_mesh:2.6::el8"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Service Mesh 2.6",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:service_mesh:3.1::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Service Mesh 3.1",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:service_mesh:3.2::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Service Mesh 3.2",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:service_mesh:3.3::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Service Mesh 3.3",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:service_mesh:3.0::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Service Mesh 3",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_data_foundation:4.22::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Openshift Data Foundation 4.22",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:trusted_artifact_signer:1.4::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Trusted Artifact Signer 1.4",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:multicluster_engine:2.6::el8"
],
"defaultStatus": "affected",
"product": "multicluster engine for Kubernetes 2.6",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:multicluster_engine:2.8::el9"
],
"defaultStatus": "affected",
"product": "multicluster engine for Kubernetes 2.8",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:multicluster_engine:2.9::el9"
],
"defaultStatus": "affected",
"product": "multicluster engine for Kubernetes 2.9",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:assisted_installer:2"
],
"defaultStatus": "affected",
"product": "Assisted Installer for Red Hat OpenShift Container Platform 2",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:cert_manager:1"
],
"defaultStatus": "affected",
"product": "cert-manager Operator for Red Hat OpenShift",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_compliance_operator:1"
],
"defaultStatus": "affected",
"product": "Compliance Operator",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:confidential_compute_attestation:1"
],
"defaultStatus": "affected",
"product": "Confidential Compute Attestation",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:deployment_validator_operator"
],
"defaultStatus": "affected",
"product": "Deployment Validation Operator",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:external_secrets_operator:1"
],
"defaultStatus": "affected",
"product": "External Secrets Operator for Red Hat OpenShift",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:workload_availability_far:0"
],
"defaultStatus": "affected",
"product": "Fence Agents Remediation Operator",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_file_integrity_operator:1"
],
"defaultStatus": "affected",
"product": "File Integrity Operator",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:gatekeeper:3"
],
"defaultStatus": "affected",
"product": "Gatekeeper 3",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:lvms:4"
],
"defaultStatus": "affected",
"product": "Logical Volume Manager Storage",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:workload_availability_mdr:0"
],
"defaultStatus": "affected",
"product": "Machine Deletion Remediation Operator",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:migration_toolkit_applications:8"
],
"defaultStatus": "affected",
"product": "Migration Toolkit for Applications 8",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhmt:1"
],
"defaultStatus": "affected",
"product": "Migration Toolkit for Containers",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:multiarch_tuning_operator"
],
"defaultStatus": "affected",
"product": "Multiarch Tuning Operator",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:multicluster_engine"
],
"defaultStatus": "affected",
"product": "Multicluster Engine for Kubernetes",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:multicluster_globalhub"
],
"defaultStatus": "affected",
"product": "Multicluster Global Hub",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:network_observ_optr:1"
],
"defaultStatus": "affected",
"product": "Network Observability Operator",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:workload_availability_nhc:0"
],
"defaultStatus": "affected",
"product": "Node HealthCheck Operator",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_api_data_protection:1"
],
"defaultStatus": "affected",
"product": "OpenShift API for Data Protection",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:ocp_tools"
],
"defaultStatus": "affected",
"product": "OpenShift Developer Tools and Services",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_lightspeed"
],
"defaultStatus": "affected",
"product": "OpenShift Lightspeed",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_pipelines:1"
],
"defaultStatus": "affected",
"product": "OpenShift Pipelines",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:serverless:1"
],
"defaultStatus": "affected",
"product": "OpenShift Serverless",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_power_monitoring"
],
"defaultStatus": "affected",
"product": "Power monitoring for Red Hat OpenShift",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:red_hat_3scale_amp:2"
],
"defaultStatus": "affected",
"product": "Red Hat 3scale API Management Platform 2",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:acm:2"
],
"defaultStatus": "affected",
"product": "Red Hat Advanced Cluster Management for Kubernetes 2",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:ansible_automation_platform:2"
],
"defaultStatus": "affected",
"product": "Red Hat Ansible Automation Platform 2",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:ceph_storage:5"
],
"defaultStatus": "affected",
"product": "Red Hat Ceph Storage 5",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:ceph_storage:6"
],
"defaultStatus": "affected",
"product": "Red Hat Ceph Storage 6",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:ceph_storage:8"
],
"defaultStatus": "affected",
"product": "Red Hat Ceph Storage 8",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:ceph_storage:9"
],
"defaultStatus": "affected",
"product": "Red Hat Ceph Storage 9",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:certifications:9"
],
"defaultStatus": "affected",
"product": "Red Hat Certification Program for Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:connectivity_link:1"
],
"defaultStatus": "affected",
"product": "Red Hat Connectivity Link 1",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhdh:1"
],
"defaultStatus": "affected",
"product": "Red Hat Developer Hub",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux:10"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux 10",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:enterprise_linux_ai:3"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux AI (RHEL AI) 3",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:lightspeed_for_runtimes:1"
],
"defaultStatus": "affected",
"product": "Red Hat Lightspeed for Runtimes Operator",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_ai"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift AI (RHOAI)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_cluster_manager_cli:1"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Cluster Manager CLI",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift:4"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Container Platform 4",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:windows_machine_config"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift for Windows Containers",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_service_on_aws:1"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift on AWS",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:container_native_virtualization:4"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Virtualization 4",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openstack:16.2"
],
"defaultStatus": "affected",
"product": "Red Hat OpenStack Platform 16.2",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openstack:17.1"
],
"defaultStatus": "affected",
"product": "Red Hat OpenStack Platform 17.1",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:quay:3"
],
"defaultStatus": "affected",
"product": "Red Hat Quay 3",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:satellite:6"
],
"defaultStatus": "affected",
"product": "Red Hat Satellite 6",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:webterminal:1"
],
"defaultStatus": "affected",
"product": "Red Hat Web Terminal",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_security_profiles_operator:1"
],
"defaultStatus": "affected",
"product": "Security Profiles Operator",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:amq_streams:3"
],
"defaultStatus": "affected",
"product": "streams for Apache Kafka 3",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:zero_trust_workload_identity_manager:1"
],
"defaultStatus": "affected",
"product": "Zero Trust Workload Identity Manager",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:zero_trust_workload_identity_manager:0"
],
"defaultStatus": "affected",
"product": "Zero Trust Workload Identity Manager - Tech Preview",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:cryostat:4"
],
"defaultStatus": "unaffected",
"product": "Cryostat 4",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openstack:18.0"
],
"defaultStatus": "unaffected",
"product": "Red Hat OpenStack Platform 18.0",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:service_interconnect:1"
],
"defaultStatus": "unaffected",
"product": "Red Hat Service Interconnect 1",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:service_interconnect:2"
],
"defaultStatus": "unaffected",
"product": "Red Hat Service Interconnect 2",
"vendor": "Red Hat"
}
],
"datePublic": "2026-05-22T15:01:21.462Z",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in golang.org/x/net/idna. ToASCII and ToUnicode incorrectly accept Punycode-encoded labels that decode to an ASCII-only hostname (for example, xn--example-.com returns example.com instead of an error). Applications that validate the ASCII form then convert to Unicode may grant access to a restricted hostname the ASCII check would have rejected."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Important"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1289",
"description": "Improper Validation of Unsafe Equivalence in Input",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-10T12:05:36.478Z",
"orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
"shortName": "redhat-SADP"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2026-39821"
},
{
"name": "RHBZ#2480756",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2480756"
},
{
"tags": [
"x_sadp-csaf-vex"
],
"url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-39821.json"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:34789"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:36796"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:30855"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:35827"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:35826"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:34357"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:30853"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:35830"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:35831"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:30854"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:35828"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:35829"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:34359"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:34342"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:36808"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:34364"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:30651"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:26547"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:36207"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:26546"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:36651"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:33531"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:33524"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:23262"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:23264"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:36648"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:36820"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:35994"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:35993"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:33155"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:33163"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:33173"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:33183"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:33160"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:37387"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:36797"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:36105"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:36167"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:30650"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:36883"
}
],
"solutions": [
{
"lang": "en",
"value": "RHSA-2026:34789: Red Hat OpenShift Container Platform 4.22"
},
{
"lang": "en",
"value": "RHSA-2026:36796: RHEM 1.0 for RHEL 9"
},
{
"lang": "en",
"value": "RHSA-2026:30855: Red Hat Enterprise Linux AppStream (v. 10)"
},
{
"lang": "en",
"value": "RHSA-2026:35827: Red Hat Enterprise Linux AppStream (v. 10)"
},
{
"lang": "en",
"value": "RHSA-2026:35826: Red Hat Enterprise Linux AppStream (v. 10)"
},
{
"lang": "en",
"value": "RHSA-2026:34357: Red Hat Enterprise Linux AppStream (v. 10)"
},
{
"lang": "en",
"value": "RHSA-2026:30853: Red Hat Enterprise Linux AppStream (v. 8)"
},
{
"lang": "en",
"value": "RHSA-2026:35830: Red Hat Enterprise Linux AppStream (v. 8)"
},
{
"lang": "en",
"value": "RHSA-2026:35831: Red Hat Enterprise Linux AppStream (v. 8)"
},
{
"lang": "en",
"value": "RHSA-2026:30854: Red Hat Enterprise Linux AppStream (v. 9)"
},
{
"lang": "en",
"value": "RHSA-2026:35828: Red Hat Enterprise Linux AppStream (v. 9)"
},
{
"lang": "en",
"value": "RHSA-2026:35829: Red Hat Enterprise Linux AppStream (v. 9)"
},
{
"lang": "en",
"value": "RHSA-2026:34359: Red Hat Enterprise Linux AppStream (v. 9)"
},
{
"lang": "en",
"value": "RHSA-2026:34342: Cluster Observability Operator 1.5.0"
},
{
"lang": "en",
"value": "RHSA-2026:36808: DevWorkspace Operator 0.42"
},
{
"lang": "en",
"value": "RHSA-2026:34364: Logging Subsystem for Red Hat OpenShift 6.4"
},
{
"lang": "en",
"value": "RHSA-2026:30651: Red Hat Advanced Cluster Management for Kubernetes 2.13"
},
{
"lang": "en",
"value": "RHSA-2026:26547: Red Hat Advanced Cluster Security for Kubernetes 4.10"
},
{
"lang": "en",
"value": "RHSA-2026:36207: Red Hat Advanced Cluster Security for Kubernetes 4.11"
},
{
"lang": "en",
"value": "RHSA-2026:26546: Red Hat Advanced Cluster Security for Kubernetes 4.9"
},
{
"lang": "en",
"value": "RHSA-2026:36651: Red Hat Edge Manager 1.0"
},
{
"lang": "en",
"value": "RHSA-2026:33531: Red Hat Enterprise Linux AI 3.4"
},
{
"lang": "en",
"value": "RHSA-2026:33524: Red Hat Enterprise Linux AI 3.4"
},
{
"lang": "en",
"value": "RHSA-2026:23262: Red Hat Hardened Images"
},
{
"lang": "en",
"value": "RHSA-2026:23264: Red Hat Hardened Images"
},
{
"lang": "en",
"value": "RHSA-2026:36648: Red Hat OpenShift Builds 1.7.4"
},
{
"lang": "en",
"value": "RHSA-2026:36820: Red Hat OpenShift Dev Spaces 3.29"
},
{
"lang": "en",
"value": "RHSA-2026:35994: Red Hat OpenShift GitOps 1.19"
},
{
"lang": "en",
"value": "RHSA-2026:35993: Red Hat OpenShift GitOps 1.20"
},
{
"lang": "en",
"value": "RHSA-2026:33155: Red Hat OpenShift Service Mesh 2.6"
},
{
"lang": "en",
"value": "RHSA-2026:33163: Red Hat OpenShift Service Mesh 3.1"
},
{
"lang": "en",
"value": "RHSA-2026:33173: Red Hat OpenShift Service Mesh 3.2"
},
{
"lang": "en",
"value": "RHSA-2026:33183: Red Hat OpenShift Service Mesh 3.3"
},
{
"lang": "en",
"value": "RHSA-2026:33160: Red Hat OpenShift Service Mesh 3"
},
{
"lang": "en",
"value": "RHSA-2026:37387: Red Hat Openshift Data Foundation 4.22"
},
{
"lang": "en",
"value": "RHSA-2026:36797: Red Hat Trusted Artifact Signer 1.4"
},
{
"lang": "en",
"value": "RHSA-2026:36105: multicluster engine for Kubernetes 2.6"
},
{
"lang": "en",
"value": "RHSA-2026:36167: multicluster engine for Kubernetes 2.6"
},
{
"lang": "en",
"value": "RHSA-2026:30650: multicluster engine for Kubernetes 2.8"
},
{
"lang": "en",
"value": "RHSA-2026:36883: multicluster engine for Kubernetes 2.9"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-05-22T16:00:52.844Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2026-05-22T15:01:21.462Z",
"value": "Made public."
}
],
"title": "golang.org/x/net/idna: golang: golang.org/x/net/idna: Privilege escalation via incorrect Punycode label processing",
"workarounds": [
{
"lang": "en",
"value": "Upgrade to a fixed golang.org/x/net release that includes the idna correction, via updated golang or dependent package rebuilds."
}
],
"x_adpType": "supplier",
"x_generator": {
"engine": "sadp-cli 1.0.0"
}
}
],
"cna": {
"affected": [
{
"collectionURL": "https://pkg.go.dev",
"defaultStatus": "unaffected",
"packageName": "golang.org/x/net/idna",
"product": "golang.org/x/net/idna",
"programRoutines": [
{
"name": "Profile.process"
},
{
"name": "Profile.ToASCII"
},
{
"name": "Profile.ToUnicode"
},
{
"name": "ToASCII"
},
{
"name": "ToUnicode"
}
],
"vendor": "golang.org/x/net",
"versions": [
{
"lessThan": "0.55.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "KC1zs4 (https://github.com/KC1zs4)"
}
],
"descriptions": [
{
"lang": "en",
"value": "The ToASCII and ToUnicode functions incorrectly accept Punycode-encoded labels that decode to an ASCII-only label. For example, ToUnicode(\"xn--example-.com\") incorrectly returns the name \"example.com\" rather than an error. This behavior can lead to privilege escalation in programs using the idna package. For example, a program which performs privilege checks on the ASCII hostname may reject \"example.com\" but permit \"xn--example-.com\". If that program subsequently converts the ASCII hostname to Unicode, it will inadvertently permits access to the Unicode name \"example.com\"."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-1289: Improper Validation of Unsafe Equivalence in Input",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-22T15:01:21.462Z",
"orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
"shortName": "Go"
},
"references": [
{
"url": "https://go.dev/cl/767220"
},
{
"url": "https://go.dev/issue/78760"
},
{
"url": "https://groups.google.com/g/golang-announce/c/iI-mYSI0lu8"
},
{
"url": "https://pkg.go.dev/vuln/GO-2026-5026"
}
],
"title": "Invoking failure to reject ASCII-only Punycode-encoded labels in golang.org/x/net/idna"
}
},
"cveMetadata": {
"assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
"assignerShortName": "Go",
"cveId": "CVE-2026-39821",
"datePublished": "2026-05-22T15:01:21.462Z",
"dateReserved": "2026-04-07T18:13:03.526Z",
"dateUpdated": "2026-07-10T12:05:36.478Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2026-39821",
"date": "2026-07-10",
"epss": "0.00478",
"percentile": "0.37952"
},
"microsoft_vex": {
"current_release_date": "2026-06-19T14:40:22.000Z",
"cve": "CVE-2026-39821",
"id": "msrc_CVE-2026-39821",
"initial_release_date": "2026-05-02T00:00:00.000Z",
"product_status:fixed": "50",
"product_status:known_affected": "52",
"product_status:known_not_affected": "4",
"source": "Microsoft CSAF VEX",
"status": "final",
"title": "Invoking failure to reject ASCII-only Punycode-encoded labels in golang.org/x/net/idna",
"url": "https://msrc.microsoft.com/csaf/vex/2026/msrc_cve-2026-39821.json",
"version": "11"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2026-39821\",\"sourceIdentifier\":\"security@golang.org\",\"published\":\"2026-05-22T16:16:20.410\",\"lastModified\":\"2026-07-10T12:16:44.313\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The ToASCII and ToUnicode functions incorrectly accept Punycode-encoded labels that decode to an ASCII-only label. For example, ToUnicode(\\\"xn--example-.com\\\") incorrectly returns the name \\\"example.com\\\" rather than an error. This behavior can lead to privilege escalation in programs using the idna package. For example, a program which performs privilege checks on the ASCII hostname may reject \\\"example.com\\\" but permit \\\"xn--example-.com\\\". If that program subsequently converts the ASCII hostname to Unicode, it will inadvertently permits access to the Unicode name \\\"example.com\\\".\"}],\"affected\":[{\"source\":\"security@golang.org\",\"affectedData\":[{\"vendor\":\"golang.org/x/net\",\"product\":\"golang.org/x/net/idna\",\"defaultStatus\":\"unaffected\",\"collectionURL\":\"https://pkg.go.dev\",\"packageName\":\"golang.org/x/net/idna\",\"programRoutines\":[{\"name\":\"Profile.process\"},{\"name\":\"Profile.ToASCII\"},{\"name\":\"Profile.ToUnicode\"},{\"name\":\"ToASCII\"},{\"name\":\"ToUnicode\"}],\"versions\":[{\"version\":\"0\",\"lessThan\":\"0.55.0\",\"versionType\":\"semver\",\"status\":\"affected\"}]}]},{\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\",\"affectedData\":[{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift Container Platform 4.22\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openshift:4.22::el8\",\"cpe:/a:redhat:openshift:4.22::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"RHEM 1.0 for RHEL 9\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:edge_manager:1.0::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux AppStream (v. 10)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/o:redhat:enterprise_linux:10.2\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux AppStream (v. 8)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:enterprise_linux:8::appstream\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux AppStream (v. 9)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:enterprise_linux:9::appstream\"]},{\"vendor\":\"Red Hat\",\"product\":\"Cluster Observability Operator 1.5.0\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:cluster_observability_operator:1.5::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"DevWorkspace Operator 0.42\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:devworkspace:0.42::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Logging Subsystem for Red Hat OpenShift 6.4\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:logging:6.4::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Advanced Cluster Management for Kubernetes 2.13\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:acm:2.13::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Advanced Cluster Security for Kubernetes 4.10\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:advanced_cluster_security:4.10::el8\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Advanced Cluster Security for Kubernetes 4.11\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:advanced_cluster_security:4.11::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Advanced Cluster Security for Kubernetes 4.9\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:advanced_cluster_security:4.9::el8\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Edge Manager 1.0\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:edge_manager:1.0::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux AI 3.4\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:enterprise_linux_ai:3.4::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Hardened Images\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:hummingbird:1\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift Builds 1.7.4\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openshift_builds:1.7::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift Dev Spaces 3.29\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openshift_devspaces:3.29::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift GitOps 1.19\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openshift_gitops:1.19::el8\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift GitOps 1.20\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openshift_gitops:1.20::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift Service Mesh 2.6\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:service_mesh:2.6::el8\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift Service Mesh 3.1\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:service_mesh:3.1::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift Service Mesh 3.2\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:service_mesh:3.2::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift Service Mesh 3.3\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:service_mesh:3.3::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift Service Mesh 3\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:service_mesh:3.0::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Openshift Data Foundation 4.22\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openshift_data_foundation:4.22::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Trusted Artifact Signer 1.4\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:trusted_artifact_signer:1.4::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"multicluster engine for Kubernetes 2.6\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:multicluster_engine:2.6::el8\"]},{\"vendor\":\"Red Hat\",\"product\":\"multicluster engine for Kubernetes 2.8\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:multicluster_engine:2.8::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"multicluster engine for Kubernetes 2.9\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:multicluster_engine:2.9::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Assisted Installer for Red Hat OpenShift Container Platform 2\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:assisted_installer:2\"]},{\"vendor\":\"Red Hat\",\"product\":\"cert-manager Operator for Red Hat OpenShift\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:cert_manager:1\"]},{\"vendor\":\"Red Hat\",\"product\":\"Compliance Operator\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openshift_compliance_operator:1\"]},{\"vendor\":\"Red Hat\",\"product\":\"Confidential Compute Attestation\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:confidential_compute_attestation:1\"]},{\"vendor\":\"Red Hat\",\"product\":\"Deployment Validation Operator\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:deployment_validator_operator\"]},{\"vendor\":\"Red Hat\",\"product\":\"External Secrets Operator for Red Hat OpenShift\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:external_secrets_operator:1\"]},{\"vendor\":\"Red Hat\",\"product\":\"Fence Agents Remediation Operator\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:workload_availability_far:0\"]},{\"vendor\":\"Red Hat\",\"product\":\"File Integrity Operator\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openshift_file_integrity_operator:1\"]},{\"vendor\":\"Red Hat\",\"product\":\"Gatekeeper 3\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:gatekeeper:3\"]},{\"vendor\":\"Red Hat\",\"product\":\"Logical Volume Manager Storage\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:lvms:4\"]},{\"vendor\":\"Red Hat\",\"product\":\"Machine Deletion Remediation Operator\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:workload_availability_mdr:0\"]},{\"vendor\":\"Red Hat\",\"product\":\"Migration Toolkit for Applications 8\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:migration_toolkit_applications:8\"]},{\"vendor\":\"Red Hat\",\"product\":\"Migration Toolkit for Containers\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:rhmt:1\"]},{\"vendor\":\"Red Hat\",\"product\":\"Multiarch Tuning Operator\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:multiarch_tuning_operator\"]},{\"vendor\":\"Red Hat\",\"product\":\"Multicluster Engine for Kubernetes\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:multicluster_engine\"]},{\"vendor\":\"Red Hat\",\"product\":\"Multicluster Global Hub\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:multicluster_globalhub\"]},{\"vendor\":\"Red Hat\",\"product\":\"Network Observability Operator\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:network_observ_optr:1\"]},{\"vendor\":\"Red Hat\",\"product\":\"Node HealthCheck Operator\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:workload_availability_nhc:0\"]},{\"vendor\":\"Red Hat\",\"product\":\"OpenShift API for Data Protection\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openshift_api_data_protection:1\"]},{\"vendor\":\"Red Hat\",\"product\":\"OpenShift Developer Tools and Services\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:ocp_tools\"]},{\"vendor\":\"Red Hat\",\"product\":\"OpenShift Lightspeed\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openshift_lightspeed\"]},{\"vendor\":\"Red Hat\",\"product\":\"OpenShift Pipelines\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openshift_pipelines:1\"]},{\"vendor\":\"Red Hat\",\"product\":\"OpenShift Serverless\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:serverless:1\"]},{\"vendor\":\"Red Hat\",\"product\":\"Power monitoring for Red Hat OpenShift\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openshift_power_monitoring\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat 3scale API Management Platform 2\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:red_hat_3scale_amp:2\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Advanced Cluster Management for Kubernetes 2\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:acm:2\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Ansible Automation Platform 2\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:ansible_automation_platform:2\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Ceph Storage 5\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:ceph_storage:5\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Ceph Storage 6\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:ceph_storage:6\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Ceph Storage 8\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:ceph_storage:8\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Ceph Storage 9\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:ceph_storage:9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Certification Program for Red Hat Enterprise Linux 9\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:certifications:9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Connectivity Link 1\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:connectivity_link:1\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Developer Hub\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:rhdh:1\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux 10\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/o:redhat:enterprise_linux:10\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux 7\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/o:redhat:enterprise_linux:7\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux 8\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/o:redhat:enterprise_linux:8\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux 9\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/o:redhat:enterprise_linux:9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux AI (RHEL AI) 3\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:enterprise_linux_ai:3\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Lightspeed for Runtimes Operator\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:lightspeed_for_runtimes:1\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift AI (RHOAI)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openshift_ai\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift Cluster Manager CLI\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openshift_cluster_manager_cli:1\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift Container Platform 4\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openshift:4\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift for Windows Containers\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:windows_machine_config\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift on AWS\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openshift_service_on_aws:1\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift Virtualization 4\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:container_native_virtualization:4\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenStack Platform 16.2\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openstack:16.2\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenStack Platform 17.1\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openstack:17.1\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Quay 3\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:quay:3\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Satellite 6\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:satellite:6\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Web Terminal\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:webterminal:1\"]},{\"vendor\":\"Red Hat\",\"product\":\"Security Profiles Operator\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openshift_security_profiles_operator:1\"]},{\"vendor\":\"Red Hat\",\"product\":\"streams for Apache Kafka 3\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:amq_streams:3\"]},{\"vendor\":\"Red Hat\",\"product\":\"Zero Trust Workload Identity Manager\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:zero_trust_workload_identity_manager:1\"]},{\"vendor\":\"Red Hat\",\"product\":\"Zero Trust Workload Identity Manager - Tech Preview\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:zero_trust_workload_identity_manager:0\"]},{\"vendor\":\"Red Hat\",\"product\":\"Cryostat 4\",\"defaultStatus\":\"unaffected\",\"cpes\":[\"cpe:/a:redhat:cryostat:4\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenStack Platform 18.0\",\"defaultStatus\":\"unaffected\",\"cpes\":[\"cpe:/a:redhat:openstack:18.0\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Service Interconnect 1\",\"defaultStatus\":\"unaffected\",\"cpes\":[\"cpe:/a:redhat:service_interconnect:1\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Service Interconnect 2\",\"defaultStatus\":\"unaffected\",\"cpes\":[\"cpe:/a:redhat:service_interconnect:2\"]}]}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N\",\"baseScore\":9.6,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.1,\"impactScore\":5.8},{\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N\",\"baseScore\":8.2,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.8,\"impactScore\":5.8}],\"ssvcV203\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"ssvcData\":{\"timestamp\":\"2026-05-23T03:55:58.522682Z\",\"id\":\"CVE-2026-39821\",\"options\":[{\"exploitation\":\"none\"},{\"automatable\":\"no\"},{\"technicalImpact\":\"total\"}],\"role\":\"CISA Coordinator\",\"version\":\"2.0.3\"}}]},\"weaknesses\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-1289\"}]},{\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-1289\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:golang:net:*:*:*:*:*:go:*:*\",\"versionEndExcluding\":\"0.55.0\",\"matchCriteriaId\":\"38C86E7B-A1CA-4670-B113-FC9585261F6F\"}]}]}],\"references\":[{\"url\":\"https://go.dev/cl/767220\",\"source\":\"security@golang.org\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://go.dev/issue/78760\",\"source\":\"security@golang.org\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://groups.google.com/g/golang-announce/c/iI-mYSI0lu8\",\"source\":\"security@golang.org\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://pkg.go.dev/vuln/GO-2026-5026\",\"source\":\"security@golang.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:23262\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:23264\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:26546\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:26547\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:30650\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:30651\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:30853\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:30854\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:30855\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:33155\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:33160\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:33163\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:33173\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:33183\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:33524\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:33531\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:34342\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:34357\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:34359\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:34364\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:34789\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:35826\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:35827\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:35828\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:35829\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:35830\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:35831\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:35993\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:35994\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:36105\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:36167\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:36207\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:36648\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:36651\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:36796\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:36797\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:36808\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:36820\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:36883\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:37387\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/security/cve/CVE-2026-39821\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=2480756\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-39821.json\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"}]}}",
"redhat_vex": {
"aggregate_severity": "Important",
"current_release_date": "2026-07-10T16:47:01+00:00",
"cve": "CVE-2026-39821",
"id": "CVE-2026-39821",
"initial_release_date": "2026-05-22T15:01:21.462000+00:00",
"product_status:fixed": "526",
"product_status:known_affected": "276",
"product_status:known_not_affected": "1001",
"source": "Red Hat CSAF VEX",
"status": "final",
"title": "golang.org/x/net/idna: golang: golang.org/x/net/idna: Privilege escalation via incorrect Punycode label processing",
"url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-39821.json",
"version": "3"
},
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"golang.org/x/net/idna: golang: golang.org/x/net/idna: Privilege escalation via incorrect Punycode label processing\", \"metrics\": [{\"other\": {\"type\": \"Red Hat severity rating\", \"content\": {\"value\": \"Important\", \"namespace\": \"https://access.redhat.com/security/updates/classification/\"}}}, {\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"CHANGED\", \"version\": \"3.1\", \"baseScore\": 8.2, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"HIGH\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"cpes\": [\"cpe:/a:redhat:openshift:4.22::el8\", \"cpe:/a:redhat:openshift:4.22::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift Container Platform 4.22\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/o:redhat:enterprise_linux:10.2\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux AppStream (v. 10)\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:enterprise_linux:8::appstream\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux AppStream (v. 8)\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:enterprise_linux:9::appstream\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux AppStream (v. 9)\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:cluster_observability_operator:1.5::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Cluster Observability Operator 1.5.0\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:logging:6.4::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Logging Subsystem for Red Hat OpenShift 6.4\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:acm:2.13::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Advanced Cluster Management for Kubernetes 2.13\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:advanced_cluster_security:4.10::el8\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Advanced Cluster Security for Kubernetes 4.10\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:advanced_cluster_security:4.11::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Advanced Cluster Security for Kubernetes 4.11\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:advanced_cluster_security:4.9::el8\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Advanced Cluster Security for Kubernetes 4.9\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:enterprise_linux_ai:3.4::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux AI 3.4\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:hummingbird:1\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Hardened Images\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift_builds:1.7::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift Builds 1.7.4\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift_gitops:1.19::el8\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift GitOps 1.19\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift_gitops:1.20::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift GitOps 1.20\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:service_mesh:2.6::el8\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift Service Mesh 2.6\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:service_mesh:3.0::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift Service Mesh 3.0\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:service_mesh:3.1::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift Service Mesh 3.1\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:service_mesh:3.2::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift Service Mesh 3.2\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:service_mesh:3.3::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift Service Mesh 3.3\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:multicluster_engine:2.6::el8\"], \"vendor\": \"Red Hat\", \"product\": \"multicluster engine for Kubernetes 2.6\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:multicluster_engine:2.8::el9\"], \"vendor\": \"Red Hat\", \"product\": \"multicluster engine for Kubernetes 2.8\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:assisted_installer:2\"], \"vendor\": \"Red Hat\", \"product\": \"Assisted Installer for Red Hat OpenShift Container Platform 2\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:cert_manager:1\"], \"vendor\": \"Red Hat\", \"product\": \"cert-manager Operator for Red Hat OpenShift\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift_compliance_operator:1\"], \"vendor\": \"Red Hat\", \"product\": \"Compliance Operator\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:confidential_compute_attestation:1\"], \"vendor\": \"Red Hat\", \"product\": \"Confidential Compute Attestation\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:cryostat:4\"], \"vendor\": \"Red Hat\", \"product\": \"Cryostat 4\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:deployment_validator_operator\"], \"vendor\": \"Red Hat\", \"product\": \"Deployment Validation Operator\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:external_secrets_operator:1\"], \"vendor\": \"Red Hat\", \"product\": \"External Secrets Operator for Red Hat OpenShift\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:workload_availability_far:0\"], \"vendor\": \"Red Hat\", \"product\": \"Fence Agents Remediation Operator\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift_file_integrity_operator:1\"], \"vendor\": \"Red Hat\", \"product\": \"File Integrity Operator\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:gatekeeper:3\"], \"vendor\": \"Red Hat\", \"product\": \"Gatekeeper 3\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:lvms:4\"], \"vendor\": \"Red Hat\", \"product\": \"Logical Volume Manager Storage\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:workload_availability_mdr:0\"], \"vendor\": \"Red Hat\", \"product\": \"Machine Deletion Remediation Operator\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:migration_toolkit_applications:8\"], \"vendor\": \"Red Hat\", \"product\": \"Migration Toolkit for Applications 8\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:rhmt:1\"], \"vendor\": \"Red Hat\", \"product\": \"Migration Toolkit for Containers\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:multiarch_tuning_operator\"], \"vendor\": \"Red Hat\", \"product\": \"Multiarch Tuning Operator\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:multicluster_engine\"], \"vendor\": \"Red Hat\", \"product\": \"Multicluster Engine for Kubernetes\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:multicluster_globalhub\"], \"vendor\": \"Red Hat\", \"product\": \"Multicluster Global Hub\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:network_observ_optr:1\"], \"vendor\": \"Red Hat\", \"product\": \"Network Observability Operator\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:workload_availability_nhc:0\"], \"vendor\": \"Red Hat\", \"product\": \"Node HealthCheck Operator\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift_api_data_protection:1\"], \"vendor\": \"Red Hat\", \"product\": \"OpenShift API for Data Protection\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:ocp_tools\"], \"vendor\": \"Red Hat\", \"product\": \"OpenShift Developer Tools and Services\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift_lightspeed\"], \"vendor\": \"Red Hat\", \"product\": \"OpenShift Lightspeed\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift_pipelines:1\"], \"vendor\": \"Red Hat\", \"product\": \"OpenShift Pipelines\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:serverless:1\"], \"vendor\": \"Red Hat\", \"product\": \"OpenShift Serverless\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift_power_monitoring\"], \"vendor\": \"Red Hat\", \"product\": \"Power monitoring for Red Hat OpenShift\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:red_hat_3scale_amp:2\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat 3scale API Management Platform 2\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:acm:2\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Advanced Cluster Management for Kubernetes 2\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:ansible_automation_platform:2\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Ansible Automation Platform 2\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:ceph_storage:5\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Ceph Storage 5\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:ceph_storage:6\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Ceph Storage 6\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:ceph_storage:8\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Ceph Storage 8\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:ceph_storage:9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Ceph Storage 9\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:certifications:9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Certification Program for Red Hat Enterprise Linux 9\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:connectivity_link:1\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Connectivity Link 1\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:rhdh:1\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Developer Hub\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:edge_manager:1\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Edge Manager 1\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/o:redhat:enterprise_linux:10\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 10\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/o:redhat:enterprise_linux:7\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 7\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/o:redhat:enterprise_linux:8\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 8\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/o:redhat:enterprise_linux:9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 9\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:enterprise_linux_ai:3\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux AI (RHEL AI) 3\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:lightspeed_for_runtimes:1\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Lightspeed for Runtimes Operator\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift_ai\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift AI (RHOAI)\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift_cluster_manager_cli:1\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift Cluster Manager CLI\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift:4\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift Container Platform 4\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift_devspaces:3\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift Dev Spaces\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:devworkspace\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift Dev Workspaces Operator\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:windows_machine_config\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift for Windows Containers\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift_service_on_aws:1\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift on AWS\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:container_native_virtualization:4\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift Virtualization 4\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openstack:16.2\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenStack Platform 16.2\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openstack:17.1\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenStack Platform 17.1\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:quay:3\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Quay 3\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:satellite:6\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Satellite 6\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:trusted_artifact_signer:1\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Trusted Artifact Signer\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:webterminal:1\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Web Terminal\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift_security_profiles_operator:1\"], \"vendor\": \"Red Hat\", \"product\": \"Security Profiles Operator\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:amq_streams:3\"], \"vendor\": \"Red Hat\", \"product\": \"streams for Apache Kafka 3\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:zero_trust_workload_identity_manager:1\"], \"vendor\": \"Red Hat\", \"product\": \"Zero Trust Workload Identity Manager\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:zero_trust_workload_identity_manager:0\"], \"vendor\": \"Red Hat\", \"product\": \"Zero Trust Workload Identity Manager - Tech Preview\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift_data_foundation:4\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Openshift Data Foundation 4\", \"defaultStatus\": \"unaffected\"}, {\"cpes\": [\"cpe:/a:redhat:openstack:18.0\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenStack Platform 18.0\", \"defaultStatus\": \"unaffected\"}, {\"cpes\": [\"cpe:/a:redhat:service_interconnect:1\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Service Interconnect 1\", \"defaultStatus\": \"unaffected\"}, {\"cpes\": [\"cpe:/a:redhat:service_interconnect:2\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Service Interconnect 2\", \"defaultStatus\": \"unaffected\"}], \"timeline\": [{\"lang\": \"en\", \"time\": \"2026-05-22T16:00:52.844Z\", \"value\": \"Reported to Red Hat.\"}, {\"lang\": \"en\", \"time\": \"2026-05-22T15:01:21.462Z\", \"value\": \"Made public.\"}], \"solutions\": [{\"lang\": \"en\", \"value\": \"RHSA-2026:34789: Red Hat OpenShift Container Platform 4.22\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:30855: Red Hat Enterprise Linux AppStream (v. 10)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:35827: Red Hat Enterprise Linux AppStream (v. 10)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:35826: Red Hat Enterprise Linux AppStream (v. 10)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:34357: Red Hat Enterprise Linux AppStream (v. 10)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:30853: Red Hat Enterprise Linux AppStream (v. 8)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:35830: Red Hat Enterprise Linux AppStream (v. 8)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:35831: Red Hat Enterprise Linux AppStream (v. 8)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:30854: Red Hat Enterprise Linux AppStream (v. 9)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:35828: Red Hat Enterprise Linux AppStream (v. 9)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:35829: Red Hat Enterprise Linux AppStream (v. 9)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:34359: Red Hat Enterprise Linux AppStream (v. 9)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:34342: Cluster Observability Operator 1.5.0\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:34364: Logging Subsystem for Red Hat OpenShift 6.4\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:30651: Red Hat Advanced Cluster Management for Kubernetes 2.13\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:26547: Red Hat Advanced Cluster Security for Kubernetes 4.10\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:36207: Red Hat Advanced Cluster Security for Kubernetes 4.11\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:26546: Red Hat Advanced Cluster Security for Kubernetes 4.9\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:33531: Red Hat Enterprise Linux AI 3.4\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:33524: Red Hat Enterprise Linux AI 3.4\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:23262: Red Hat Hardened Images\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:23264: Red Hat Hardened Images\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:36648: Red Hat OpenShift Builds 1.7.4\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:35994: Red Hat OpenShift GitOps 1.19\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:35993: Red Hat OpenShift GitOps 1.20\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:33155: Red Hat OpenShift Service Mesh 2.6\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:33160: Red Hat OpenShift Service Mesh 3.0\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:33163: Red Hat OpenShift Service Mesh 3.1\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:33173: Red Hat OpenShift Service Mesh 3.2\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:33183: Red Hat OpenShift Service Mesh 3.3\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:36105: multicluster engine for Kubernetes 2.6\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:36167: multicluster engine for Kubernetes 2.6\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:30650: multicluster engine for Kubernetes 2.8\"}], \"x_adpType\": \"supplier\", \"datePublic\": \"2026-05-22T15:01:21.462Z\", \"references\": [{\"url\": \"https://access.redhat.com/security/cve/CVE-2026-39821\", \"tags\": [\"vdb-entry\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=2480756\", \"name\": \"RHBZ#2480756\", \"tags\": [\"issue-tracking\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-39821.json\", \"tags\": [\"x_sadp-csaf-vex\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:34789\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:30855\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:35827\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:35826\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:34357\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:30853\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:35830\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:35831\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:30854\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:35828\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:35829\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:34359\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:34342\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:34364\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:30651\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:26547\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:36207\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:26546\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:33531\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:33524\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:23262\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:23264\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:36648\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:35994\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:35993\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:33155\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:33160\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:33163\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:33173\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:33183\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:36105\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:36167\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:30650\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}], \"workarounds\": [{\"lang\": \"en\", \"value\": \"Upgrade to a fixed golang.org/x/net release that includes the idna correction, via updated golang or dependent package rebuilds.\"}], \"x_generator\": {\"engine\": \"sadp-cli 1.0.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"A flaw was found in golang.org/x/net/idna. ToASCII and ToUnicode incorrectly accept Punycode-encoded labels that decode to an ASCII-only hostname (for example, xn--example-.com returns example.com instead of an error). Applications that validate the ASCII form then convert to Unicode may grant access to a restricted hostname the ASCII check would have rejected.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-1289\", \"description\": \"Improper Validation of Unsafe Equivalence in Input\"}]}], \"providerMetadata\": {\"orgId\": \"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\", \"shortName\": \"redhat-SADP\", \"dateUpdated\": \"2026-07-08T12:05:44.075Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"CHANGED\", \"version\": \"3.1\", \"baseScore\": 9.6, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"CRITICAL\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-39821\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-05-23T03:55:58.522682Z\"}}}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-1289\", \"description\": \"CWE-1289 Improper Validation of Unsafe Equivalence in Input\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-05-22T18:01:10.401Z\"}}], \"cna\": {\"title\": \"Invoking failure to reject ASCII-only Punycode-encoded labels in golang.org/x/net/idna\", \"credits\": [{\"lang\": \"en\", \"value\": \"KC1zs4 (https://github.com/KC1zs4)\"}], \"affected\": [{\"vendor\": \"golang.org/x/net\", \"product\": \"golang.org/x/net/idna\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"0.55.0\", \"versionType\": \"semver\"}], \"packageName\": \"golang.org/x/net/idna\", \"collectionURL\": \"https://pkg.go.dev\", \"defaultStatus\": \"unaffected\", \"programRoutines\": [{\"name\": \"Profile.process\"}, {\"name\": \"Profile.ToASCII\"}, {\"name\": \"Profile.ToUnicode\"}, {\"name\": \"ToASCII\"}, {\"name\": \"ToUnicode\"}]}], \"references\": [{\"url\": \"https://go.dev/cl/767220\"}, {\"url\": \"https://go.dev/issue/78760\"}, {\"url\": \"https://groups.google.com/g/golang-announce/c/iI-mYSI0lu8\"}, {\"url\": \"https://pkg.go.dev/vuln/GO-2026-5026\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"The ToASCII and ToUnicode functions incorrectly accept Punycode-encoded labels that decode to an ASCII-only label. For example, ToUnicode(\\\"xn--example-.com\\\") incorrectly returns the name \\\"example.com\\\" rather than an error. This behavior can lead to privilege escalation in programs using the idna package. For example, a program which performs privilege checks on the ASCII hostname may reject \\\"example.com\\\" but permit \\\"xn--example-.com\\\". If that program subsequently converts the ASCII hostname to Unicode, it will inadvertently permits access to the Unicode name \\\"example.com\\\".\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"description\": \"CWE-1289: Improper Validation of Unsafe Equivalence in Input\"}]}], \"providerMetadata\": {\"orgId\": \"1bb62c36-49e3-4200-9d77-64a1400537cc\", \"shortName\": \"Go\", \"dateUpdated\": \"2026-05-22T15:01:21.462Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2026-39821\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-07-08T12:05:44.075Z\", \"dateReserved\": \"2026-04-07T18:13:03.526Z\", \"assignerOrgId\": \"1bb62c36-49e3-4200-9d77-64a1400537cc\", \"datePublished\": \"2026-05-22T15:01:21.462Z\", \"assignerShortName\": \"Go\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
OPENSUSE-SU-2026:11050-1
Vulnerability from csaf_opensuse - Published: 2026-06-17 00:00 - Updated: 2026-06-17 00:00| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:warewulf4-4.7.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:warewulf4-4.7.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:warewulf4-4.7.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:warewulf4-4.7.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:warewulf4-dracut-4.7.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:warewulf4-dracut-4.7.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:warewulf4-dracut-4.7.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:warewulf4-dracut-4.7.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:warewulf4-man-4.7.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:warewulf4-man-4.7.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:warewulf4-man-4.7.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:warewulf4-man-4.7.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:warewulf4-overlay-4.7.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:warewulf4-overlay-4.7.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:warewulf4-overlay-4.7.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:warewulf4-overlay-4.7.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:warewulf4-overlay-rke2-4.7.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:warewulf4-overlay-rke2-4.7.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:warewulf4-overlay-rke2-4.7.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:warewulf4-overlay-rke2-4.7.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:warewulf4-reference-doc-4.7.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:warewulf4-reference-doc-4.7.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:warewulf4-reference-doc-4.7.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:warewulf4-reference-doc-4.7.0-1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:warewulf4-4.7.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:warewulf4-4.7.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:warewulf4-4.7.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:warewulf4-4.7.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:warewulf4-dracut-4.7.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:warewulf4-dracut-4.7.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:warewulf4-dracut-4.7.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:warewulf4-dracut-4.7.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:warewulf4-man-4.7.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:warewulf4-man-4.7.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:warewulf4-man-4.7.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:warewulf4-man-4.7.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:warewulf4-overlay-4.7.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:warewulf4-overlay-4.7.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:warewulf4-overlay-4.7.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:warewulf4-overlay-4.7.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:warewulf4-overlay-rke2-4.7.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:warewulf4-overlay-rke2-4.7.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:warewulf4-overlay-rke2-4.7.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:warewulf4-overlay-rke2-4.7.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:warewulf4-reference-doc-4.7.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:warewulf4-reference-doc-4.7.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:warewulf4-reference-doc-4.7.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:warewulf4-reference-doc-4.7.0-1.1.x86_64 | — |
Vendor Fix
|
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "warewulf4-4.7.0-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the warewulf4-4.7.0-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2026-11050",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2026_11050-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-33814 page",
"url": "https://www.suse.com/security/cve/CVE-2026-33814/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39821 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39821/"
}
],
"title": "warewulf4-4.7.0-1.1 on GA media",
"tracking": {
"current_release_date": "2026-06-17T00:00:00Z",
"generator": {
"date": "2026-06-17T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2026:11050-1",
"initial_release_date": "2026-06-17T00:00:00Z",
"revision_history": [
{
"date": "2026-06-17T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "warewulf4-4.7.0-1.1.aarch64",
"product": {
"name": "warewulf4-4.7.0-1.1.aarch64",
"product_id": "warewulf4-4.7.0-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "warewulf4-dracut-4.7.0-1.1.aarch64",
"product": {
"name": "warewulf4-dracut-4.7.0-1.1.aarch64",
"product_id": "warewulf4-dracut-4.7.0-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "warewulf4-man-4.7.0-1.1.aarch64",
"product": {
"name": "warewulf4-man-4.7.0-1.1.aarch64",
"product_id": "warewulf4-man-4.7.0-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "warewulf4-overlay-4.7.0-1.1.aarch64",
"product": {
"name": "warewulf4-overlay-4.7.0-1.1.aarch64",
"product_id": "warewulf4-overlay-4.7.0-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "warewulf4-overlay-rke2-4.7.0-1.1.aarch64",
"product": {
"name": "warewulf4-overlay-rke2-4.7.0-1.1.aarch64",
"product_id": "warewulf4-overlay-rke2-4.7.0-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "warewulf4-reference-doc-4.7.0-1.1.aarch64",
"product": {
"name": "warewulf4-reference-doc-4.7.0-1.1.aarch64",
"product_id": "warewulf4-reference-doc-4.7.0-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "warewulf4-4.7.0-1.1.ppc64le",
"product": {
"name": "warewulf4-4.7.0-1.1.ppc64le",
"product_id": "warewulf4-4.7.0-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "warewulf4-dracut-4.7.0-1.1.ppc64le",
"product": {
"name": "warewulf4-dracut-4.7.0-1.1.ppc64le",
"product_id": "warewulf4-dracut-4.7.0-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "warewulf4-man-4.7.0-1.1.ppc64le",
"product": {
"name": "warewulf4-man-4.7.0-1.1.ppc64le",
"product_id": "warewulf4-man-4.7.0-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "warewulf4-overlay-4.7.0-1.1.ppc64le",
"product": {
"name": "warewulf4-overlay-4.7.0-1.1.ppc64le",
"product_id": "warewulf4-overlay-4.7.0-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "warewulf4-overlay-rke2-4.7.0-1.1.ppc64le",
"product": {
"name": "warewulf4-overlay-rke2-4.7.0-1.1.ppc64le",
"product_id": "warewulf4-overlay-rke2-4.7.0-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "warewulf4-reference-doc-4.7.0-1.1.ppc64le",
"product": {
"name": "warewulf4-reference-doc-4.7.0-1.1.ppc64le",
"product_id": "warewulf4-reference-doc-4.7.0-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "warewulf4-4.7.0-1.1.s390x",
"product": {
"name": "warewulf4-4.7.0-1.1.s390x",
"product_id": "warewulf4-4.7.0-1.1.s390x"
}
},
{
"category": "product_version",
"name": "warewulf4-dracut-4.7.0-1.1.s390x",
"product": {
"name": "warewulf4-dracut-4.7.0-1.1.s390x",
"product_id": "warewulf4-dracut-4.7.0-1.1.s390x"
}
},
{
"category": "product_version",
"name": "warewulf4-man-4.7.0-1.1.s390x",
"product": {
"name": "warewulf4-man-4.7.0-1.1.s390x",
"product_id": "warewulf4-man-4.7.0-1.1.s390x"
}
},
{
"category": "product_version",
"name": "warewulf4-overlay-4.7.0-1.1.s390x",
"product": {
"name": "warewulf4-overlay-4.7.0-1.1.s390x",
"product_id": "warewulf4-overlay-4.7.0-1.1.s390x"
}
},
{
"category": "product_version",
"name": "warewulf4-overlay-rke2-4.7.0-1.1.s390x",
"product": {
"name": "warewulf4-overlay-rke2-4.7.0-1.1.s390x",
"product_id": "warewulf4-overlay-rke2-4.7.0-1.1.s390x"
}
},
{
"category": "product_version",
"name": "warewulf4-reference-doc-4.7.0-1.1.s390x",
"product": {
"name": "warewulf4-reference-doc-4.7.0-1.1.s390x",
"product_id": "warewulf4-reference-doc-4.7.0-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "warewulf4-4.7.0-1.1.x86_64",
"product": {
"name": "warewulf4-4.7.0-1.1.x86_64",
"product_id": "warewulf4-4.7.0-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "warewulf4-dracut-4.7.0-1.1.x86_64",
"product": {
"name": "warewulf4-dracut-4.7.0-1.1.x86_64",
"product_id": "warewulf4-dracut-4.7.0-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "warewulf4-man-4.7.0-1.1.x86_64",
"product": {
"name": "warewulf4-man-4.7.0-1.1.x86_64",
"product_id": "warewulf4-man-4.7.0-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "warewulf4-overlay-4.7.0-1.1.x86_64",
"product": {
"name": "warewulf4-overlay-4.7.0-1.1.x86_64",
"product_id": "warewulf4-overlay-4.7.0-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "warewulf4-overlay-rke2-4.7.0-1.1.x86_64",
"product": {
"name": "warewulf4-overlay-rke2-4.7.0-1.1.x86_64",
"product_id": "warewulf4-overlay-rke2-4.7.0-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "warewulf4-reference-doc-4.7.0-1.1.x86_64",
"product": {
"name": "warewulf4-reference-doc-4.7.0-1.1.x86_64",
"product_id": "warewulf4-reference-doc-4.7.0-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "warewulf4-4.7.0-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:warewulf4-4.7.0-1.1.aarch64"
},
"product_reference": "warewulf4-4.7.0-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "warewulf4-4.7.0-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:warewulf4-4.7.0-1.1.ppc64le"
},
"product_reference": "warewulf4-4.7.0-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "warewulf4-4.7.0-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:warewulf4-4.7.0-1.1.s390x"
},
"product_reference": "warewulf4-4.7.0-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "warewulf4-4.7.0-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:warewulf4-4.7.0-1.1.x86_64"
},
"product_reference": "warewulf4-4.7.0-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "warewulf4-dracut-4.7.0-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:warewulf4-dracut-4.7.0-1.1.aarch64"
},
"product_reference": "warewulf4-dracut-4.7.0-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "warewulf4-dracut-4.7.0-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:warewulf4-dracut-4.7.0-1.1.ppc64le"
},
"product_reference": "warewulf4-dracut-4.7.0-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "warewulf4-dracut-4.7.0-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:warewulf4-dracut-4.7.0-1.1.s390x"
},
"product_reference": "warewulf4-dracut-4.7.0-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "warewulf4-dracut-4.7.0-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:warewulf4-dracut-4.7.0-1.1.x86_64"
},
"product_reference": "warewulf4-dracut-4.7.0-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "warewulf4-man-4.7.0-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:warewulf4-man-4.7.0-1.1.aarch64"
},
"product_reference": "warewulf4-man-4.7.0-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "warewulf4-man-4.7.0-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:warewulf4-man-4.7.0-1.1.ppc64le"
},
"product_reference": "warewulf4-man-4.7.0-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "warewulf4-man-4.7.0-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:warewulf4-man-4.7.0-1.1.s390x"
},
"product_reference": "warewulf4-man-4.7.0-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "warewulf4-man-4.7.0-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:warewulf4-man-4.7.0-1.1.x86_64"
},
"product_reference": "warewulf4-man-4.7.0-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "warewulf4-overlay-4.7.0-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:warewulf4-overlay-4.7.0-1.1.aarch64"
},
"product_reference": "warewulf4-overlay-4.7.0-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "warewulf4-overlay-4.7.0-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:warewulf4-overlay-4.7.0-1.1.ppc64le"
},
"product_reference": "warewulf4-overlay-4.7.0-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "warewulf4-overlay-4.7.0-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:warewulf4-overlay-4.7.0-1.1.s390x"
},
"product_reference": "warewulf4-overlay-4.7.0-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "warewulf4-overlay-4.7.0-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:warewulf4-overlay-4.7.0-1.1.x86_64"
},
"product_reference": "warewulf4-overlay-4.7.0-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "warewulf4-overlay-rke2-4.7.0-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:warewulf4-overlay-rke2-4.7.0-1.1.aarch64"
},
"product_reference": "warewulf4-overlay-rke2-4.7.0-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "warewulf4-overlay-rke2-4.7.0-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:warewulf4-overlay-rke2-4.7.0-1.1.ppc64le"
},
"product_reference": "warewulf4-overlay-rke2-4.7.0-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "warewulf4-overlay-rke2-4.7.0-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:warewulf4-overlay-rke2-4.7.0-1.1.s390x"
},
"product_reference": "warewulf4-overlay-rke2-4.7.0-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "warewulf4-overlay-rke2-4.7.0-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:warewulf4-overlay-rke2-4.7.0-1.1.x86_64"
},
"product_reference": "warewulf4-overlay-rke2-4.7.0-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "warewulf4-reference-doc-4.7.0-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:warewulf4-reference-doc-4.7.0-1.1.aarch64"
},
"product_reference": "warewulf4-reference-doc-4.7.0-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "warewulf4-reference-doc-4.7.0-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:warewulf4-reference-doc-4.7.0-1.1.ppc64le"
},
"product_reference": "warewulf4-reference-doc-4.7.0-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "warewulf4-reference-doc-4.7.0-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:warewulf4-reference-doc-4.7.0-1.1.s390x"
},
"product_reference": "warewulf4-reference-doc-4.7.0-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "warewulf4-reference-doc-4.7.0-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:warewulf4-reference-doc-4.7.0-1.1.x86_64"
},
"product_reference": "warewulf4-reference-doc-4.7.0-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-33814",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-33814"
}
],
"notes": [
{
"category": "general",
"text": "When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a SETTINGS_MAX_FRAME_SIZE with a value of 0.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:warewulf4-4.7.0-1.1.aarch64",
"openSUSE Tumbleweed:warewulf4-4.7.0-1.1.ppc64le",
"openSUSE Tumbleweed:warewulf4-4.7.0-1.1.s390x",
"openSUSE Tumbleweed:warewulf4-4.7.0-1.1.x86_64",
"openSUSE Tumbleweed:warewulf4-dracut-4.7.0-1.1.aarch64",
"openSUSE Tumbleweed:warewulf4-dracut-4.7.0-1.1.ppc64le",
"openSUSE Tumbleweed:warewulf4-dracut-4.7.0-1.1.s390x",
"openSUSE Tumbleweed:warewulf4-dracut-4.7.0-1.1.x86_64",
"openSUSE Tumbleweed:warewulf4-man-4.7.0-1.1.aarch64",
"openSUSE Tumbleweed:warewulf4-man-4.7.0-1.1.ppc64le",
"openSUSE Tumbleweed:warewulf4-man-4.7.0-1.1.s390x",
"openSUSE Tumbleweed:warewulf4-man-4.7.0-1.1.x86_64",
"openSUSE Tumbleweed:warewulf4-overlay-4.7.0-1.1.aarch64",
"openSUSE Tumbleweed:warewulf4-overlay-4.7.0-1.1.ppc64le",
"openSUSE Tumbleweed:warewulf4-overlay-4.7.0-1.1.s390x",
"openSUSE Tumbleweed:warewulf4-overlay-4.7.0-1.1.x86_64",
"openSUSE Tumbleweed:warewulf4-overlay-rke2-4.7.0-1.1.aarch64",
"openSUSE Tumbleweed:warewulf4-overlay-rke2-4.7.0-1.1.ppc64le",
"openSUSE Tumbleweed:warewulf4-overlay-rke2-4.7.0-1.1.s390x",
"openSUSE Tumbleweed:warewulf4-overlay-rke2-4.7.0-1.1.x86_64",
"openSUSE Tumbleweed:warewulf4-reference-doc-4.7.0-1.1.aarch64",
"openSUSE Tumbleweed:warewulf4-reference-doc-4.7.0-1.1.ppc64le",
"openSUSE Tumbleweed:warewulf4-reference-doc-4.7.0-1.1.s390x",
"openSUSE Tumbleweed:warewulf4-reference-doc-4.7.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-33814",
"url": "https://www.suse.com/security/cve/CVE-2026-33814"
},
{
"category": "external",
"summary": "SUSE Bug 1264506 for CVE-2026-33814",
"url": "https://bugzilla.suse.com/1264506"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:warewulf4-4.7.0-1.1.aarch64",
"openSUSE Tumbleweed:warewulf4-4.7.0-1.1.ppc64le",
"openSUSE Tumbleweed:warewulf4-4.7.0-1.1.s390x",
"openSUSE Tumbleweed:warewulf4-4.7.0-1.1.x86_64",
"openSUSE Tumbleweed:warewulf4-dracut-4.7.0-1.1.aarch64",
"openSUSE Tumbleweed:warewulf4-dracut-4.7.0-1.1.ppc64le",
"openSUSE Tumbleweed:warewulf4-dracut-4.7.0-1.1.s390x",
"openSUSE Tumbleweed:warewulf4-dracut-4.7.0-1.1.x86_64",
"openSUSE Tumbleweed:warewulf4-man-4.7.0-1.1.aarch64",
"openSUSE Tumbleweed:warewulf4-man-4.7.0-1.1.ppc64le",
"openSUSE Tumbleweed:warewulf4-man-4.7.0-1.1.s390x",
"openSUSE Tumbleweed:warewulf4-man-4.7.0-1.1.x86_64",
"openSUSE Tumbleweed:warewulf4-overlay-4.7.0-1.1.aarch64",
"openSUSE Tumbleweed:warewulf4-overlay-4.7.0-1.1.ppc64le",
"openSUSE Tumbleweed:warewulf4-overlay-4.7.0-1.1.s390x",
"openSUSE Tumbleweed:warewulf4-overlay-4.7.0-1.1.x86_64",
"openSUSE Tumbleweed:warewulf4-overlay-rke2-4.7.0-1.1.aarch64",
"openSUSE Tumbleweed:warewulf4-overlay-rke2-4.7.0-1.1.ppc64le",
"openSUSE Tumbleweed:warewulf4-overlay-rke2-4.7.0-1.1.s390x",
"openSUSE Tumbleweed:warewulf4-overlay-rke2-4.7.0-1.1.x86_64",
"openSUSE Tumbleweed:warewulf4-reference-doc-4.7.0-1.1.aarch64",
"openSUSE Tumbleweed:warewulf4-reference-doc-4.7.0-1.1.ppc64le",
"openSUSE Tumbleweed:warewulf4-reference-doc-4.7.0-1.1.s390x",
"openSUSE Tumbleweed:warewulf4-reference-doc-4.7.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:warewulf4-4.7.0-1.1.aarch64",
"openSUSE Tumbleweed:warewulf4-4.7.0-1.1.ppc64le",
"openSUSE Tumbleweed:warewulf4-4.7.0-1.1.s390x",
"openSUSE Tumbleweed:warewulf4-4.7.0-1.1.x86_64",
"openSUSE Tumbleweed:warewulf4-dracut-4.7.0-1.1.aarch64",
"openSUSE Tumbleweed:warewulf4-dracut-4.7.0-1.1.ppc64le",
"openSUSE Tumbleweed:warewulf4-dracut-4.7.0-1.1.s390x",
"openSUSE Tumbleweed:warewulf4-dracut-4.7.0-1.1.x86_64",
"openSUSE Tumbleweed:warewulf4-man-4.7.0-1.1.aarch64",
"openSUSE Tumbleweed:warewulf4-man-4.7.0-1.1.ppc64le",
"openSUSE Tumbleweed:warewulf4-man-4.7.0-1.1.s390x",
"openSUSE Tumbleweed:warewulf4-man-4.7.0-1.1.x86_64",
"openSUSE Tumbleweed:warewulf4-overlay-4.7.0-1.1.aarch64",
"openSUSE Tumbleweed:warewulf4-overlay-4.7.0-1.1.ppc64le",
"openSUSE Tumbleweed:warewulf4-overlay-4.7.0-1.1.s390x",
"openSUSE Tumbleweed:warewulf4-overlay-4.7.0-1.1.x86_64",
"openSUSE Tumbleweed:warewulf4-overlay-rke2-4.7.0-1.1.aarch64",
"openSUSE Tumbleweed:warewulf4-overlay-rke2-4.7.0-1.1.ppc64le",
"openSUSE Tumbleweed:warewulf4-overlay-rke2-4.7.0-1.1.s390x",
"openSUSE Tumbleweed:warewulf4-overlay-rke2-4.7.0-1.1.x86_64",
"openSUSE Tumbleweed:warewulf4-reference-doc-4.7.0-1.1.aarch64",
"openSUSE Tumbleweed:warewulf4-reference-doc-4.7.0-1.1.ppc64le",
"openSUSE Tumbleweed:warewulf4-reference-doc-4.7.0-1.1.s390x",
"openSUSE Tumbleweed:warewulf4-reference-doc-4.7.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-17T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-33814"
},
{
"cve": "CVE-2026-39821",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39821"
}
],
"notes": [
{
"category": "general",
"text": "The ToASCII and ToUnicode functions incorrectly accept Punycode-encoded labels that decode to an ASCII-only label. For example, ToUnicode(\"xn--example-.com\") incorrectly returns the name \"example.com\" rather than an error. This behavior can lead to privilege escalation in programs using the idna package. For example, a program which performs privilege checks on the ASCII hostname may reject \"example.com\" but permit \"xn--example-.com\". If that program subsequently converts the ASCII hostname to Unicode, it will inadvertently permits access to the Unicode name \"example.com\".",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:warewulf4-4.7.0-1.1.aarch64",
"openSUSE Tumbleweed:warewulf4-4.7.0-1.1.ppc64le",
"openSUSE Tumbleweed:warewulf4-4.7.0-1.1.s390x",
"openSUSE Tumbleweed:warewulf4-4.7.0-1.1.x86_64",
"openSUSE Tumbleweed:warewulf4-dracut-4.7.0-1.1.aarch64",
"openSUSE Tumbleweed:warewulf4-dracut-4.7.0-1.1.ppc64le",
"openSUSE Tumbleweed:warewulf4-dracut-4.7.0-1.1.s390x",
"openSUSE Tumbleweed:warewulf4-dracut-4.7.0-1.1.x86_64",
"openSUSE Tumbleweed:warewulf4-man-4.7.0-1.1.aarch64",
"openSUSE Tumbleweed:warewulf4-man-4.7.0-1.1.ppc64le",
"openSUSE Tumbleweed:warewulf4-man-4.7.0-1.1.s390x",
"openSUSE Tumbleweed:warewulf4-man-4.7.0-1.1.x86_64",
"openSUSE Tumbleweed:warewulf4-overlay-4.7.0-1.1.aarch64",
"openSUSE Tumbleweed:warewulf4-overlay-4.7.0-1.1.ppc64le",
"openSUSE Tumbleweed:warewulf4-overlay-4.7.0-1.1.s390x",
"openSUSE Tumbleweed:warewulf4-overlay-4.7.0-1.1.x86_64",
"openSUSE Tumbleweed:warewulf4-overlay-rke2-4.7.0-1.1.aarch64",
"openSUSE Tumbleweed:warewulf4-overlay-rke2-4.7.0-1.1.ppc64le",
"openSUSE Tumbleweed:warewulf4-overlay-rke2-4.7.0-1.1.s390x",
"openSUSE Tumbleweed:warewulf4-overlay-rke2-4.7.0-1.1.x86_64",
"openSUSE Tumbleweed:warewulf4-reference-doc-4.7.0-1.1.aarch64",
"openSUSE Tumbleweed:warewulf4-reference-doc-4.7.0-1.1.ppc64le",
"openSUSE Tumbleweed:warewulf4-reference-doc-4.7.0-1.1.s390x",
"openSUSE Tumbleweed:warewulf4-reference-doc-4.7.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39821",
"url": "https://www.suse.com/security/cve/CVE-2026-39821"
},
{
"category": "external",
"summary": "SUSE Bug 1266474 for CVE-2026-39821",
"url": "https://bugzilla.suse.com/1266474"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:warewulf4-4.7.0-1.1.aarch64",
"openSUSE Tumbleweed:warewulf4-4.7.0-1.1.ppc64le",
"openSUSE Tumbleweed:warewulf4-4.7.0-1.1.s390x",
"openSUSE Tumbleweed:warewulf4-4.7.0-1.1.x86_64",
"openSUSE Tumbleweed:warewulf4-dracut-4.7.0-1.1.aarch64",
"openSUSE Tumbleweed:warewulf4-dracut-4.7.0-1.1.ppc64le",
"openSUSE Tumbleweed:warewulf4-dracut-4.7.0-1.1.s390x",
"openSUSE Tumbleweed:warewulf4-dracut-4.7.0-1.1.x86_64",
"openSUSE Tumbleweed:warewulf4-man-4.7.0-1.1.aarch64",
"openSUSE Tumbleweed:warewulf4-man-4.7.0-1.1.ppc64le",
"openSUSE Tumbleweed:warewulf4-man-4.7.0-1.1.s390x",
"openSUSE Tumbleweed:warewulf4-man-4.7.0-1.1.x86_64",
"openSUSE Tumbleweed:warewulf4-overlay-4.7.0-1.1.aarch64",
"openSUSE Tumbleweed:warewulf4-overlay-4.7.0-1.1.ppc64le",
"openSUSE Tumbleweed:warewulf4-overlay-4.7.0-1.1.s390x",
"openSUSE Tumbleweed:warewulf4-overlay-4.7.0-1.1.x86_64",
"openSUSE Tumbleweed:warewulf4-overlay-rke2-4.7.0-1.1.aarch64",
"openSUSE Tumbleweed:warewulf4-overlay-rke2-4.7.0-1.1.ppc64le",
"openSUSE Tumbleweed:warewulf4-overlay-rke2-4.7.0-1.1.s390x",
"openSUSE Tumbleweed:warewulf4-overlay-rke2-4.7.0-1.1.x86_64",
"openSUSE Tumbleweed:warewulf4-reference-doc-4.7.0-1.1.aarch64",
"openSUSE Tumbleweed:warewulf4-reference-doc-4.7.0-1.1.ppc64le",
"openSUSE Tumbleweed:warewulf4-reference-doc-4.7.0-1.1.s390x",
"openSUSE Tumbleweed:warewulf4-reference-doc-4.7.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:warewulf4-4.7.0-1.1.aarch64",
"openSUSE Tumbleweed:warewulf4-4.7.0-1.1.ppc64le",
"openSUSE Tumbleweed:warewulf4-4.7.0-1.1.s390x",
"openSUSE Tumbleweed:warewulf4-4.7.0-1.1.x86_64",
"openSUSE Tumbleweed:warewulf4-dracut-4.7.0-1.1.aarch64",
"openSUSE Tumbleweed:warewulf4-dracut-4.7.0-1.1.ppc64le",
"openSUSE Tumbleweed:warewulf4-dracut-4.7.0-1.1.s390x",
"openSUSE Tumbleweed:warewulf4-dracut-4.7.0-1.1.x86_64",
"openSUSE Tumbleweed:warewulf4-man-4.7.0-1.1.aarch64",
"openSUSE Tumbleweed:warewulf4-man-4.7.0-1.1.ppc64le",
"openSUSE Tumbleweed:warewulf4-man-4.7.0-1.1.s390x",
"openSUSE Tumbleweed:warewulf4-man-4.7.0-1.1.x86_64",
"openSUSE Tumbleweed:warewulf4-overlay-4.7.0-1.1.aarch64",
"openSUSE Tumbleweed:warewulf4-overlay-4.7.0-1.1.ppc64le",
"openSUSE Tumbleweed:warewulf4-overlay-4.7.0-1.1.s390x",
"openSUSE Tumbleweed:warewulf4-overlay-4.7.0-1.1.x86_64",
"openSUSE Tumbleweed:warewulf4-overlay-rke2-4.7.0-1.1.aarch64",
"openSUSE Tumbleweed:warewulf4-overlay-rke2-4.7.0-1.1.ppc64le",
"openSUSE Tumbleweed:warewulf4-overlay-rke2-4.7.0-1.1.s390x",
"openSUSE Tumbleweed:warewulf4-overlay-rke2-4.7.0-1.1.x86_64",
"openSUSE Tumbleweed:warewulf4-reference-doc-4.7.0-1.1.aarch64",
"openSUSE Tumbleweed:warewulf4-reference-doc-4.7.0-1.1.ppc64le",
"openSUSE Tumbleweed:warewulf4-reference-doc-4.7.0-1.1.s390x",
"openSUSE Tumbleweed:warewulf4-reference-doc-4.7.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-17T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-39821"
}
]
}
OPENSUSE-SU-2026:11075-1
Vulnerability from csaf_opensuse - Published: 2026-06-22 00:00 - Updated: 2026-06-22 00:00| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.x86_64 | — |
Vendor Fix
|
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "docker-stable-24.0.9_ce-18.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the docker-stable-24.0.9_ce-18.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2026-11075",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2026_11075-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-33186 page",
"url": "https://www.suse.com/security/cve/CVE-2026-33186/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-33747 page",
"url": "https://www.suse.com/security/cve/CVE-2026-33747/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-33748 page",
"url": "https://www.suse.com/security/cve/CVE-2026-33748/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-33814 page",
"url": "https://www.suse.com/security/cve/CVE-2026-33814/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-33997 page",
"url": "https://www.suse.com/security/cve/CVE-2026-33997/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-34040 page",
"url": "https://www.suse.com/security/cve/CVE-2026-34040/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39821 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39821/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-41567 page",
"url": "https://www.suse.com/security/cve/CVE-2026-41567/"
}
],
"title": "docker-stable-24.0.9_ce-18.1 on GA media",
"tracking": {
"current_release_date": "2026-06-22T00:00:00Z",
"generator": {
"date": "2026-06-22T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2026:11075-1",
"initial_release_date": "2026-06-22T00:00:00Z",
"revision_history": [
{
"date": "2026-06-22T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "docker-stable-24.0.9_ce-18.1.aarch64",
"product": {
"name": "docker-stable-24.0.9_ce-18.1.aarch64",
"product_id": "docker-stable-24.0.9_ce-18.1.aarch64"
}
},
{
"category": "product_version",
"name": "docker-stable-bash-completion-24.0.9_ce-18.1.aarch64",
"product": {
"name": "docker-stable-bash-completion-24.0.9_ce-18.1.aarch64",
"product_id": "docker-stable-bash-completion-24.0.9_ce-18.1.aarch64"
}
},
{
"category": "product_version",
"name": "docker-stable-buildx-0.25.0-18.1.aarch64",
"product": {
"name": "docker-stable-buildx-0.25.0-18.1.aarch64",
"product_id": "docker-stable-buildx-0.25.0-18.1.aarch64"
}
},
{
"category": "product_version",
"name": "docker-stable-fish-completion-24.0.9_ce-18.1.aarch64",
"product": {
"name": "docker-stable-fish-completion-24.0.9_ce-18.1.aarch64",
"product_id": "docker-stable-fish-completion-24.0.9_ce-18.1.aarch64"
}
},
{
"category": "product_version",
"name": "docker-stable-rootless-extras-24.0.9_ce-18.1.aarch64",
"product": {
"name": "docker-stable-rootless-extras-24.0.9_ce-18.1.aarch64",
"product_id": "docker-stable-rootless-extras-24.0.9_ce-18.1.aarch64"
}
},
{
"category": "product_version",
"name": "docker-stable-zsh-completion-24.0.9_ce-18.1.aarch64",
"product": {
"name": "docker-stable-zsh-completion-24.0.9_ce-18.1.aarch64",
"product_id": "docker-stable-zsh-completion-24.0.9_ce-18.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "docker-stable-24.0.9_ce-18.1.ppc64le",
"product": {
"name": "docker-stable-24.0.9_ce-18.1.ppc64le",
"product_id": "docker-stable-24.0.9_ce-18.1.ppc64le"
}
},
{
"category": "product_version",
"name": "docker-stable-bash-completion-24.0.9_ce-18.1.ppc64le",
"product": {
"name": "docker-stable-bash-completion-24.0.9_ce-18.1.ppc64le",
"product_id": "docker-stable-bash-completion-24.0.9_ce-18.1.ppc64le"
}
},
{
"category": "product_version",
"name": "docker-stable-buildx-0.25.0-18.1.ppc64le",
"product": {
"name": "docker-stable-buildx-0.25.0-18.1.ppc64le",
"product_id": "docker-stable-buildx-0.25.0-18.1.ppc64le"
}
},
{
"category": "product_version",
"name": "docker-stable-fish-completion-24.0.9_ce-18.1.ppc64le",
"product": {
"name": "docker-stable-fish-completion-24.0.9_ce-18.1.ppc64le",
"product_id": "docker-stable-fish-completion-24.0.9_ce-18.1.ppc64le"
}
},
{
"category": "product_version",
"name": "docker-stable-rootless-extras-24.0.9_ce-18.1.ppc64le",
"product": {
"name": "docker-stable-rootless-extras-24.0.9_ce-18.1.ppc64le",
"product_id": "docker-stable-rootless-extras-24.0.9_ce-18.1.ppc64le"
}
},
{
"category": "product_version",
"name": "docker-stable-zsh-completion-24.0.9_ce-18.1.ppc64le",
"product": {
"name": "docker-stable-zsh-completion-24.0.9_ce-18.1.ppc64le",
"product_id": "docker-stable-zsh-completion-24.0.9_ce-18.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "docker-stable-24.0.9_ce-18.1.s390x",
"product": {
"name": "docker-stable-24.0.9_ce-18.1.s390x",
"product_id": "docker-stable-24.0.9_ce-18.1.s390x"
}
},
{
"category": "product_version",
"name": "docker-stable-bash-completion-24.0.9_ce-18.1.s390x",
"product": {
"name": "docker-stable-bash-completion-24.0.9_ce-18.1.s390x",
"product_id": "docker-stable-bash-completion-24.0.9_ce-18.1.s390x"
}
},
{
"category": "product_version",
"name": "docker-stable-buildx-0.25.0-18.1.s390x",
"product": {
"name": "docker-stable-buildx-0.25.0-18.1.s390x",
"product_id": "docker-stable-buildx-0.25.0-18.1.s390x"
}
},
{
"category": "product_version",
"name": "docker-stable-fish-completion-24.0.9_ce-18.1.s390x",
"product": {
"name": "docker-stable-fish-completion-24.0.9_ce-18.1.s390x",
"product_id": "docker-stable-fish-completion-24.0.9_ce-18.1.s390x"
}
},
{
"category": "product_version",
"name": "docker-stable-rootless-extras-24.0.9_ce-18.1.s390x",
"product": {
"name": "docker-stable-rootless-extras-24.0.9_ce-18.1.s390x",
"product_id": "docker-stable-rootless-extras-24.0.9_ce-18.1.s390x"
}
},
{
"category": "product_version",
"name": "docker-stable-zsh-completion-24.0.9_ce-18.1.s390x",
"product": {
"name": "docker-stable-zsh-completion-24.0.9_ce-18.1.s390x",
"product_id": "docker-stable-zsh-completion-24.0.9_ce-18.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "docker-stable-24.0.9_ce-18.1.x86_64",
"product": {
"name": "docker-stable-24.0.9_ce-18.1.x86_64",
"product_id": "docker-stable-24.0.9_ce-18.1.x86_64"
}
},
{
"category": "product_version",
"name": "docker-stable-bash-completion-24.0.9_ce-18.1.x86_64",
"product": {
"name": "docker-stable-bash-completion-24.0.9_ce-18.1.x86_64",
"product_id": "docker-stable-bash-completion-24.0.9_ce-18.1.x86_64"
}
},
{
"category": "product_version",
"name": "docker-stable-buildx-0.25.0-18.1.x86_64",
"product": {
"name": "docker-stable-buildx-0.25.0-18.1.x86_64",
"product_id": "docker-stable-buildx-0.25.0-18.1.x86_64"
}
},
{
"category": "product_version",
"name": "docker-stable-fish-completion-24.0.9_ce-18.1.x86_64",
"product": {
"name": "docker-stable-fish-completion-24.0.9_ce-18.1.x86_64",
"product_id": "docker-stable-fish-completion-24.0.9_ce-18.1.x86_64"
}
},
{
"category": "product_version",
"name": "docker-stable-rootless-extras-24.0.9_ce-18.1.x86_64",
"product": {
"name": "docker-stable-rootless-extras-24.0.9_ce-18.1.x86_64",
"product_id": "docker-stable-rootless-extras-24.0.9_ce-18.1.x86_64"
}
},
{
"category": "product_version",
"name": "docker-stable-zsh-completion-24.0.9_ce-18.1.x86_64",
"product": {
"name": "docker-stable-zsh-completion-24.0.9_ce-18.1.x86_64",
"product_id": "docker-stable-zsh-completion-24.0.9_ce-18.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-24.0.9_ce-18.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.aarch64"
},
"product_reference": "docker-stable-24.0.9_ce-18.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-24.0.9_ce-18.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.ppc64le"
},
"product_reference": "docker-stable-24.0.9_ce-18.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-24.0.9_ce-18.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.s390x"
},
"product_reference": "docker-stable-24.0.9_ce-18.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-24.0.9_ce-18.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.x86_64"
},
"product_reference": "docker-stable-24.0.9_ce-18.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-bash-completion-24.0.9_ce-18.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.aarch64"
},
"product_reference": "docker-stable-bash-completion-24.0.9_ce-18.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-bash-completion-24.0.9_ce-18.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.ppc64le"
},
"product_reference": "docker-stable-bash-completion-24.0.9_ce-18.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-bash-completion-24.0.9_ce-18.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.s390x"
},
"product_reference": "docker-stable-bash-completion-24.0.9_ce-18.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-bash-completion-24.0.9_ce-18.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.x86_64"
},
"product_reference": "docker-stable-bash-completion-24.0.9_ce-18.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-buildx-0.25.0-18.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.aarch64"
},
"product_reference": "docker-stable-buildx-0.25.0-18.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-buildx-0.25.0-18.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.ppc64le"
},
"product_reference": "docker-stable-buildx-0.25.0-18.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-buildx-0.25.0-18.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.s390x"
},
"product_reference": "docker-stable-buildx-0.25.0-18.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-buildx-0.25.0-18.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.x86_64"
},
"product_reference": "docker-stable-buildx-0.25.0-18.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-fish-completion-24.0.9_ce-18.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.aarch64"
},
"product_reference": "docker-stable-fish-completion-24.0.9_ce-18.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-fish-completion-24.0.9_ce-18.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.ppc64le"
},
"product_reference": "docker-stable-fish-completion-24.0.9_ce-18.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-fish-completion-24.0.9_ce-18.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.s390x"
},
"product_reference": "docker-stable-fish-completion-24.0.9_ce-18.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-fish-completion-24.0.9_ce-18.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.x86_64"
},
"product_reference": "docker-stable-fish-completion-24.0.9_ce-18.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-rootless-extras-24.0.9_ce-18.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.aarch64"
},
"product_reference": "docker-stable-rootless-extras-24.0.9_ce-18.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-rootless-extras-24.0.9_ce-18.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.ppc64le"
},
"product_reference": "docker-stable-rootless-extras-24.0.9_ce-18.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-rootless-extras-24.0.9_ce-18.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.s390x"
},
"product_reference": "docker-stable-rootless-extras-24.0.9_ce-18.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-rootless-extras-24.0.9_ce-18.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.x86_64"
},
"product_reference": "docker-stable-rootless-extras-24.0.9_ce-18.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-zsh-completion-24.0.9_ce-18.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.aarch64"
},
"product_reference": "docker-stable-zsh-completion-24.0.9_ce-18.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-zsh-completion-24.0.9_ce-18.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.ppc64le"
},
"product_reference": "docker-stable-zsh-completion-24.0.9_ce-18.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-zsh-completion-24.0.9_ce-18.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.s390x"
},
"product_reference": "docker-stable-zsh-completion-24.0.9_ce-18.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-zsh-completion-24.0.9_ce-18.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.x86_64"
},
"product_reference": "docker-stable-zsh-completion-24.0.9_ce-18.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-33186",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-33186"
}
],
"notes": [
{
"category": "general",
"text": "gRPC-Go is the Go language implementation of gRPC. Versions prior to 1.79.3 have an authorization bypass resulting from improper input validation of the HTTP/2 `:path` pseudo-header. The gRPC-Go server was too lenient in its routing logic, accepting requests where the `:path` omitted the mandatory leading slash (e.g., `Service/Method` instead of `/Service/Method`). While the server successfully routed these requests to the correct handler, authorization interceptors (including the official `grpc/authz` package) evaluated the raw, non-canonical path string. Consequently, \"deny\" rules defined using canonical paths (starting with `/`) failed to match the incoming request, allowing it to bypass the policy if a fallback \"allow\" rule was present. This affects gRPC-Go servers that use path-based authorization interceptors, such as the official RBAC implementation in `google.golang.org/grpc/authz` or custom interceptors relying on `info.FullMethod` or `grpc.Method(ctx)`; AND that have a security policy contains specific \"deny\" rules for canonical paths but allows other requests by default (a fallback \"allow\" rule). The vulnerability is exploitable by an attacker who can send raw HTTP/2 frames with malformed `:path` headers directly to the gRPC server. The fix in version 1.79.3 ensures that any request with a `:path` that does not start with a leading slash is immediately rejected with a `codes.Unimplemented` error, preventing it from reaching authorization interceptors or handlers with a non-canonical path string. While upgrading is the most secure and recommended path, users can mitigate the vulnerability using one of the following methods: Use a validating interceptor (recommended mitigation); infrastructure-level normalization; and/or policy hardening.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-33186",
"url": "https://www.suse.com/security/cve/CVE-2026-33186"
},
{
"category": "external",
"summary": "SUSE Bug 1260085 for CVE-2026-33186",
"url": "https://bugzilla.suse.com/1260085"
},
{
"category": "external",
"summary": "SUSE Bug 1268676 for CVE-2026-33186",
"url": "https://bugzilla.suse.com/1268676"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-22T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-33186"
},
{
"cve": "CVE-2026-33747",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-33747"
}
],
"notes": [
{
"category": "general",
"text": "BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. Prior to version 0.28.1, when using a custom BuildKit frontend, the frontend can craft an API message that causes files to be written outside of the BuildKit state directory for the execution context. The issue has been fixed in v0.28.1. The vulnerability requires using an untrusted BuildKit frontend set with `#syntax` or `--build-arg BUILDKIT_SYNTAX`. Using these options with a well-known frontend image like `docker/dockerfile` is not affected.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-33747",
"url": "https://www.suse.com/security/cve/CVE-2026-33747"
},
{
"category": "external",
"summary": "SUSE Bug 1260954 for CVE-2026-33747",
"url": "https://bugzilla.suse.com/1260954"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-22T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-33747"
},
{
"cve": "CVE-2026-33748",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-33748"
}
],
"notes": [
{
"category": "general",
"text": "BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. Prior to version 0.28.1, insufficient validation of Git URL fragment subdir components may allow access to files outside the checked-out Git repository root. Possible access is limited to files on the same mounted filesystem. The issue has been fixed in version v0.28.1 The issue affects only builds that use Git URLs with a subpath component. As a workaround, avoid building Dockerfiles from untrusted sources or using the subdir component from an untrusted Git repository where the subdir component could point to a symlink.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-33748",
"url": "https://www.suse.com/security/cve/CVE-2026-33748"
},
{
"category": "external",
"summary": "SUSE Bug 1261046 for CVE-2026-33748",
"url": "https://bugzilla.suse.com/1261046"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-22T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-33748"
},
{
"cve": "CVE-2026-33814",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-33814"
}
],
"notes": [
{
"category": "general",
"text": "When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a SETTINGS_MAX_FRAME_SIZE with a value of 0.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-33814",
"url": "https://www.suse.com/security/cve/CVE-2026-33814"
},
{
"category": "external",
"summary": "SUSE Bug 1264506 for CVE-2026-33814",
"url": "https://bugzilla.suse.com/1264506"
},
{
"category": "external",
"summary": "SUSE Bug 1268758 for CVE-2026-33814",
"url": "https://bugzilla.suse.com/1268758"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-22T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-33814"
},
{
"cve": "CVE-2026-33997",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-33997"
}
],
"notes": [
{
"category": "general",
"text": "Moby is an open source container framework. Prior to version 29.3.1, a security vulnerability has been detected that allows plugins privilege validation to be bypassed during docker plugin install. Due to an error in the daemon\u0027s privilege comparison logic, the daemon may incorrectly accept a privilege set that differs from the one approved by the user. Plugins that request exactly one privilege are also affected, because no comparison is performed at all. This issue has been patched in version 29.3.1.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-33997",
"url": "https://www.suse.com/security/cve/CVE-2026-33997"
},
{
"category": "external",
"summary": "SUSE Bug 1265907 for CVE-2026-33997",
"url": "https://bugzilla.suse.com/1265907"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-22T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-33997"
},
{
"cve": "CVE-2026-34040",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-34040"
}
],
"notes": [
{
"category": "general",
"text": "Moby is an open source container framework. Prior to version 29.3.1, a security vulnerability has been detected that allows attackers to bypass authorization plugins (AuthZ). This issue has been patched in version 29.3.1.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-34040",
"url": "https://www.suse.com/security/cve/CVE-2026-34040"
},
{
"category": "external",
"summary": "SUSE Bug 1261378 for CVE-2026-34040",
"url": "https://bugzilla.suse.com/1261378"
},
{
"category": "external",
"summary": "SUSE Bug 1265929 for CVE-2026-34040",
"url": "https://bugzilla.suse.com/1265929"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-22T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-34040"
},
{
"cve": "CVE-2026-39821",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39821"
}
],
"notes": [
{
"category": "general",
"text": "The ToASCII and ToUnicode functions incorrectly accept Punycode-encoded labels that decode to an ASCII-only label. For example, ToUnicode(\"xn--example-.com\") incorrectly returns the name \"example.com\" rather than an error. This behavior can lead to privilege escalation in programs using the idna package. For example, a program which performs privilege checks on the ASCII hostname may reject \"example.com\" but permit \"xn--example-.com\". If that program subsequently converts the ASCII hostname to Unicode, it will inadvertently permits access to the Unicode name \"example.com\".",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39821",
"url": "https://www.suse.com/security/cve/CVE-2026-39821"
},
{
"category": "external",
"summary": "SUSE Bug 1266474 for CVE-2026-39821",
"url": "https://bugzilla.suse.com/1266474"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-22T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-39821"
},
{
"cve": "CVE-2026-41567",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-41567"
}
],
"notes": [
{
"category": "general",
"text": "Moby is an open source container framework. In versions prior to 29.5.1 and in moby/moby v2 prior to v2.0.0-beta.14, when a compressed archive is uploaded to a container via `PUT /containers/{id}/archive` or piped through `docker cp -`, the daemon resolves decompression binaries (such as `xz` or `unpigz`) from the container\u0027s filesystem rather than the host\u0027s due to incorrect ordering of operations. A malicious container image containing a trojanized decompression binary can achieve arbitrary code execution with full daemon privileges, including host root UID and unrestricted capabilities, when a user uploads a compressed (xz or gzip) archive into that container. This issue is fixed in Docker Engine 29.5.1 and moby/moby v2.0.0-beta.14. Workarounds include only running containers from trusted images, using authorization plugins to restrict access to the `PUT /containers/{id}/archive` endpoint, and avoiding piping compressed archives into containers created from untrusted images",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-41567",
"url": "https://www.suse.com/security/cve/CVE-2026-41567"
},
{
"category": "external",
"summary": "SUSE Bug 1267827 for CVE-2026-41567",
"url": "https://bugzilla.suse.com/1267827"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-22T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-41567"
}
]
}
OPENSUSE-SU-2026:11126-1
Vulnerability from csaf_opensuse - Published: 2026-06-25 00:00 - Updated: 2026-06-25 00:00| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64 | — |
Vendor Fix
|
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "velociraptor-0.7.0.4.git185.a5708584-2.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the velociraptor-0.7.0.4.git185.a5708584-2.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2026-11126",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2026_11126-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-45288 page",
"url": "https://www.suse.com/security/cve/CVE-2023-45288/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-45339 page",
"url": "https://www.suse.com/security/cve/CVE-2024-45339/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-13465 page",
"url": "https://www.suse.com/security/cve/CVE-2025-13465/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22868 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22868/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22869 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22869/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22870 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22870/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22872 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22872/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-24358 page",
"url": "https://www.suse.com/security/cve/CVE-2025-24358/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-47911 page",
"url": "https://www.suse.com/security/cve/CVE-2025-47911/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-58058 page",
"url": "https://www.suse.com/security/cve/CVE-2025-58058/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-58181 page",
"url": "https://www.suse.com/security/cve/CVE-2025-58181/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-58190 page",
"url": "https://www.suse.com/security/cve/CVE-2025-58190/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-5889 page",
"url": "https://www.suse.com/security/cve/CVE-2025-5889/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-64718 page",
"url": "https://www.suse.com/security/cve/CVE-2025-64718/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-6545 page",
"url": "https://www.suse.com/security/cve/CVE-2025-6545/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-6547 page",
"url": "https://www.suse.com/security/cve/CVE-2025-6547/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-7783 page",
"url": "https://www.suse.com/security/cve/CVE-2025-7783/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-1229 page",
"url": "https://www.suse.com/security/cve/CVE-2026-1229/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-25128 page",
"url": "https://www.suse.com/security/cve/CVE-2026-25128/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-25680 page",
"url": "https://www.suse.com/security/cve/CVE-2026-25680/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-25681 page",
"url": "https://www.suse.com/security/cve/CVE-2026-25681/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-26278 page",
"url": "https://www.suse.com/security/cve/CVE-2026-26278/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-26996 page",
"url": "https://www.suse.com/security/cve/CVE-2026-26996/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-27136 page",
"url": "https://www.suse.com/security/cve/CVE-2026-27136/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-2739 page",
"url": "https://www.suse.com/security/cve/CVE-2026-2739/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-27606 page",
"url": "https://www.suse.com/security/cve/CVE-2026-27606/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-27904 page",
"url": "https://www.suse.com/security/cve/CVE-2026-27904/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-33036 page",
"url": "https://www.suse.com/security/cve/CVE-2026-33036/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-33186 page",
"url": "https://www.suse.com/security/cve/CVE-2026-33186/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-33487 page",
"url": "https://www.suse.com/security/cve/CVE-2026-33487/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-33814 page",
"url": "https://www.suse.com/security/cve/CVE-2026-33814/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-34986 page",
"url": "https://www.suse.com/security/cve/CVE-2026-34986/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39821 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39821/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39827 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39827/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39828 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39828/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39829 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39829/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39830 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39830/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39831 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39831/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39832 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39832/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39833 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39833/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39834 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39834/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39835 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39835/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-42039 page",
"url": "https://www.suse.com/security/cve/CVE-2026-42039/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-42502 page",
"url": "https://www.suse.com/security/cve/CVE-2026-42502/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-42506 page",
"url": "https://www.suse.com/security/cve/CVE-2026-42506/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-42508 page",
"url": "https://www.suse.com/security/cve/CVE-2026-42508/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-46595 page",
"url": "https://www.suse.com/security/cve/CVE-2026-46595/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-46597 page",
"url": "https://www.suse.com/security/cve/CVE-2026-46597/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-46598 page",
"url": "https://www.suse.com/security/cve/CVE-2026-46598/"
}
],
"title": "velociraptor-0.7.0.4.git185.a5708584-2.1 on GA media",
"tracking": {
"current_release_date": "2026-06-25T00:00:00Z",
"generator": {
"date": "2026-06-25T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2026:11126-1",
"initial_release_date": "2026-06-25T00:00:00Z",
"revision_history": [
{
"date": "2026-06-25T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"product": {
"name": "velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"product_id": "velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"product": {
"name": "velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"product_id": "velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"product": {
"name": "velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"product_id": "velociraptor-0.7.0.4.git185.a5708584-2.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64",
"product": {
"name": "velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64",
"product_id": "velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64"
},
"product_reference": "velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le"
},
"product_reference": "velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "velociraptor-0.7.0.4.git185.a5708584-2.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x"
},
"product_reference": "velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
},
"product_reference": "velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-45288",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-45288"
}
],
"notes": [
{
"category": "general",
"text": "An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request\u0027s headers exceed MaxHeaderBytes, no memory is allocated to store the excess headers, but they are still parsed. This permits an attacker to cause an HTTP/2 endpoint to read arbitrary amounts of header data, all associated with a request which is going to be rejected. These headers can include Huffman-encoded data which is significantly more expensive for the receiver to decode than for an attacker to send. The fix sets a limit on the amount of excess header frames we will process before closing a connection.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-45288",
"url": "https://www.suse.com/security/cve/CVE-2023-45288"
},
{
"category": "external",
"summary": "SUSE Bug 1221400 for CVE-2023-45288",
"url": "https://bugzilla.suse.com/1221400"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2023-45288"
},
{
"cve": "CVE-2024-45339",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-45339"
}
],
"notes": [
{
"category": "general",
"text": "When logs are written to a widely-writable directory (the default), an unprivileged attacker may predict a privileged process\u0027s log file path and pre-create a symbolic link to a sensitive file in its place. When that privileged process runs, it will follow the planted symlink and overwrite that sensitive file. To fix that, glog now causes the program to exit (with status code 2) when it finds that the configured log file already exists.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-45339",
"url": "https://www.suse.com/security/cve/CVE-2024-45339"
},
{
"category": "external",
"summary": "SUSE Bug 1236541 for CVE-2024-45339",
"url": "https://bugzilla.suse.com/1236541"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2024-45339"
},
{
"cve": "CVE-2025-13465",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-13465"
}
],
"notes": [
{
"category": "general",
"text": "Lodash versions 4.0.0 through 4.17.22 are vulnerable to prototype pollution in the _.unset and _.omit functions. An attacker can pass crafted paths which cause Lodash to delete methods from global prototypes.\n\nThe issue permits deletion of properties but does not allow overwriting their original behavior.\n\nThis issue is patched on 4.17.23",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-13465",
"url": "https://www.suse.com/security/cve/CVE-2025-13465"
},
{
"category": "external",
"summary": "SUSE Bug 1257321 for CVE-2025-13465",
"url": "https://bugzilla.suse.com/1257321"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2025-13465"
},
{
"cve": "CVE-2025-22868",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22868"
}
],
"notes": [
{
"category": "general",
"text": "An attacker can pass a malicious malformed token which causes unexpected memory to be consumed during parsing.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22868",
"url": "https://www.suse.com/security/cve/CVE-2025-22868"
},
{
"category": "external",
"summary": "SUSE Bug 1239185 for CVE-2025-22868",
"url": "https://bugzilla.suse.com/1239185"
},
{
"category": "external",
"summary": "SUSE Bug 1239186 for CVE-2025-22868",
"url": "https://bugzilla.suse.com/1239186"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2025-22868"
},
{
"cve": "CVE-2025-22869",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22869"
}
],
"notes": [
{
"category": "general",
"text": "SSH servers which implement file transfer protocols are vulnerable to a denial of service attack from clients which complete the key exchange slowly, or not at all, causing pending content to be read into memory, but never transmitted.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22869",
"url": "https://www.suse.com/security/cve/CVE-2025-22869"
},
{
"category": "external",
"summary": "SUSE Bug 1239322 for CVE-2025-22869",
"url": "https://bugzilla.suse.com/1239322"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2025-22869"
},
{
"cve": "CVE-2025-22870",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22870"
}
],
"notes": [
{
"category": "general",
"text": "Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NO_PROXY environment variable is set to \"*.example.com\", a request to \"[::1%25.example.com]:80` will incorrectly match and not be proxied.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22870",
"url": "https://www.suse.com/security/cve/CVE-2025-22870"
},
{
"category": "external",
"summary": "SUSE Bug 1238572 for CVE-2025-22870",
"url": "https://bugzilla.suse.com/1238572"
},
{
"category": "external",
"summary": "SUSE Bug 1238611 for CVE-2025-22870",
"url": "https://bugzilla.suse.com/1238611"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-22870"
},
{
"cve": "CVE-2025-22872",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22872"
}
],
"notes": [
{
"category": "general",
"text": "The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character (/) as self-closing. When directly using Tokenizer, this can result in such tags incorrectly being marked as self-closing, and when using the Parse functions, this can result in content following such tags as being placed in the wrong scope during DOM construction, but only when tags are in foreign content (e.g. \u003cmath\u003e, \u003csvg\u003e, etc contexts).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22872",
"url": "https://www.suse.com/security/cve/CVE-2025-22872"
},
{
"category": "external",
"summary": "SUSE Bug 1241710 for CVE-2025-22872",
"url": "https://bugzilla.suse.com/1241710"
},
{
"category": "external",
"summary": "SUSE Bug 1265255 for CVE-2025-22872",
"url": "https://bugzilla.suse.com/1265255"
},
{
"category": "external",
"summary": "SUSE Bug 1265256 for CVE-2025-22872",
"url": "https://bugzilla.suse.com/1265256"
},
{
"category": "external",
"summary": "SUSE Bug 1265259 for CVE-2025-22872",
"url": "https://bugzilla.suse.com/1265259"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-22872"
},
{
"cve": "CVE-2025-24358",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-24358"
}
],
"notes": [
{
"category": "general",
"text": "gorilla/csrf provides Cross Site Request Forgery (CSRF) prevention middleware for Go web applications \u0026 services. Prior to 1.7.2, gorilla/csrf does not validate the Origin header against an allowlist. Its executes its validation of the Referer header for cross-origin requests only when it believes the request is being served over TLS. It determines this by inspecting the r.URL.Scheme value. However, this value is never populated for \"server\" requests per the Go spec, and so this check does not run in practice. This vulnerability allows an attacker who has gained XSS on a subdomain or top level domain to perform authenticated form submissions against gorilla/csrf protected targets that share the same top level domain. This vulnerability is fixed in 1.7.2.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-24358",
"url": "https://www.suse.com/security/cve/CVE-2025-24358"
},
{
"category": "external",
"summary": "SUSE Bug 1241233 for CVE-2025-24358",
"url": "https://bugzilla.suse.com/1241233"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-24358"
},
{
"cve": "CVE-2025-47911",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-47911"
}
],
"notes": [
{
"category": "general",
"text": "The html.Parse function in golang.org/x/net/html has quadratic parsing complexity when processing certain inputs, which can lead to denial of service (DoS) if an attacker provides specially crafted HTML content.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-47911",
"url": "https://www.suse.com/security/cve/CVE-2025-47911"
},
{
"category": "external",
"summary": "SUSE Bug 1251308 for CVE-2025-47911",
"url": "https://bugzilla.suse.com/1251308"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-47911"
},
{
"cve": "CVE-2025-58058",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-58058"
}
],
"notes": [
{
"category": "general",
"text": "xz is a pure golang package for reading and writing xz-compressed files. Prior to version 0.5.14, it is possible to put data in front of an LZMA-encoded byte stream without detecting the situation while reading the header. This can lead to increased memory consumption because the current implementation allocates the full decoding buffer directly after reading the header. The LZMA header doesn\u0027t include a magic number or has a checksum to detect such an issue according to the specification. Note that the code recognizes the issue later while reading the stream, but at this time the memory allocation has already been done. This issue has been patched in version 0.5.14.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-58058",
"url": "https://www.suse.com/security/cve/CVE-2025-58058"
},
{
"category": "external",
"summary": "SUSE Bug 1248889 for CVE-2025-58058",
"url": "https://bugzilla.suse.com/1248889"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-58058"
},
{
"cve": "CVE-2025-58181",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-58181"
}
],
"notes": [
{
"category": "general",
"text": "SSH servers parsing GSSAPI authentication requests do not validate the number of mechanisms specified in the request, allowing an attacker to cause unbounded memory consumption.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-58181",
"url": "https://www.suse.com/security/cve/CVE-2025-58181"
},
{
"category": "external",
"summary": "SUSE Bug 1253784 for CVE-2025-58181",
"url": "https://bugzilla.suse.com/1253784"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-58181"
},
{
"cve": "CVE-2025-58190",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-58190"
}
],
"notes": [
{
"category": "general",
"text": "The html.Parse function in golang.org/x/net/html has an infinite parsing loop when processing certain inputs, which can lead to denial of service (DoS) if an attacker provides specially crafted HTML content.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-58190",
"url": "https://www.suse.com/security/cve/CVE-2025-58190"
},
{
"category": "external",
"summary": "SUSE Bug 1251309 for CVE-2025-58190",
"url": "https://bugzilla.suse.com/1251309"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-58190"
},
{
"cve": "CVE-2025-5889",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-5889"
}
],
"notes": [
{
"category": "general",
"text": "A vulnerability was found in juliangruber brace-expansion up to 1.1.11/2.0.1/3.0.0/4.0.0. It has been rated as problematic. Affected by this issue is the function expand of the file index.js. The manipulation leads to inefficient regular expression complexity. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. Upgrading to version 1.1.12, 2.0.2, 3.0.1 and 4.0.1 is able to address this issue. The name of the patch is a5b98a4f30d7813266b221435e1eaaf25a1b0ac5. It is recommended to upgrade the affected component.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-5889",
"url": "https://www.suse.com/security/cve/CVE-2025-5889"
},
{
"category": "external",
"summary": "SUSE Bug 1244340 for CVE-2025-5889",
"url": "https://bugzilla.suse.com/1244340"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2025-5889"
},
{
"cve": "CVE-2025-64718",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-64718"
}
],
"notes": [
{
"category": "general",
"text": "js-yaml is a JavaScript YAML parser and dumper. In js-yaml before 4.1.1 and 3.14.2, it\u0027s possible for an attacker to modify the prototype of the result of a parsed yaml document via prototype pollution (`__proto__`). All users who parse untrusted yaml documents may be impacted. The problem is patched in js-yaml 4.1.1 and 3.14.2. Users can protect against this kind of attack on the server by using `node --disable-proto=delete` or `deno` (in Deno, pollution protection is on by default).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-64718",
"url": "https://www.suse.com/security/cve/CVE-2025-64718"
},
{
"category": "external",
"summary": "SUSE Bug 1255407 for CVE-2025-64718",
"url": "https://bugzilla.suse.com/1255407"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-64718"
},
{
"cve": "CVE-2025-6545",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-6545"
}
],
"notes": [
{
"category": "general",
"text": "Improper Input Validation vulnerability in pbkdf2 allows Signature Spoofing by Improper Validation. This vulnerability is associated with program files lib/to-buffer.Js.\n\nThis issue affects pbkdf2: from 3.0.10 through 3.1.2.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-6545",
"url": "https://www.suse.com/security/cve/CVE-2025-6545"
},
{
"category": "external",
"summary": "SUSE Bug 1245273 for CVE-2025-6545",
"url": "https://bugzilla.suse.com/1245273"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2025-6545"
},
{
"cve": "CVE-2025-6547",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-6547"
}
],
"notes": [
{
"category": "general",
"text": "Improper Input Validation vulnerability in pbkdf2 allows Signature Spoofing by Improper Validation.This issue affects pbkdf2: \u003c=3.1.2.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-6547",
"url": "https://www.suse.com/security/cve/CVE-2025-6547"
},
{
"category": "external",
"summary": "SUSE Bug 1245271 for CVE-2025-6547",
"url": "https://bugzilla.suse.com/1245271"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2025-6547"
},
{
"cve": "CVE-2025-7783",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-7783"
}
],
"notes": [
{
"category": "general",
"text": "Use of Insufficiently Random Values vulnerability in form-data allows HTTP Parameter Pollution (HPP). This vulnerability is associated with program files lib/form_data.Js.\n\nThis issue affects form-data: \u003c 2.5.4, 3.0.0 - 3.0.3, 4.0.0 - 4.0.3.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-7783",
"url": "https://www.suse.com/security/cve/CVE-2025-7783"
},
{
"category": "external",
"summary": "SUSE Bug 1246810 for CVE-2025-7783",
"url": "https://bugzilla.suse.com/1246810"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2025-7783"
},
{
"cve": "CVE-2026-1229",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-1229"
}
],
"notes": [
{
"category": "general",
"text": "The CombinedMult function in the CIRCL ecc/p384 package (secp384r1 curve) produces an incorrect value for specific inputs. The issue is fixed by using complete addition formulas.\nECDH and ECDSA signing relying on this curve are not affected.\n\nThe bug was fixed in v1.6.3 https://github.com/cloudflare/circl/releases/tag/v1.6.3 .",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-1229",
"url": "https://www.suse.com/security/cve/CVE-2026-1229"
},
{
"category": "external",
"summary": "SUSE Bug 1265416 for CVE-2026-1229",
"url": "https://bugzilla.suse.com/1265416"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-1229"
},
{
"cve": "CVE-2026-25128",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-25128"
}
],
"notes": [
{
"category": "general",
"text": "fast-xml-parser allows users to validate XML, parse XML to JS object, or build XML from JS object without C/C++ based libraries and no callback. In versions 5.0.9 through 5.3.3, a RangeError vulnerability exists in the numeric entity processing of fast-xml-parser when parsing XML with out-of-range entity code points (e.g., `\u0026#9999999;` or `\u0026#xFFFFFF;`). This causes the parser to throw an uncaught exception, crashing any application that processes untrusted XML input. Version 5.3.4 fixes the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-25128",
"url": "https://www.suse.com/security/cve/CVE-2026-25128"
},
{
"category": "external",
"summary": "SUSE Bug 1257518 for CVE-2026-25128",
"url": "https://bugzilla.suse.com/1257518"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-25128"
},
{
"cve": "CVE-2026-25680",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-25680"
}
],
"notes": [
{
"category": "general",
"text": "Parsing arbitrary HTML can consume excessive CPU time, possibly leading to denial of service.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-25680",
"url": "https://www.suse.com/security/cve/CVE-2026-25680"
},
{
"category": "external",
"summary": "SUSE Bug 1267044 for CVE-2026-25680",
"url": "https://bugzilla.suse.com/1267044"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-25680"
},
{
"cve": "CVE-2026-25681",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-25681"
}
],
"notes": [
{
"category": "general",
"text": "Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt to sanitize input HTML before rendering.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-25681",
"url": "https://www.suse.com/security/cve/CVE-2026-25681"
},
{
"category": "external",
"summary": "SUSE Bug 1267044 for CVE-2026-25681",
"url": "https://bugzilla.suse.com/1267044"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-25681"
},
{
"cve": "CVE-2026-26278",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-26278"
}
],
"notes": [
{
"category": "general",
"text": "fast-xml-parser allows users to validate XML, parse XML to JS object, or build XML from JS object without C/C++ based libraries and no callback. In versions 4.1.3 through 5.3.5, the XML parser can be forced to do an unlimited amount of entity expansion. With a very small XML input, it\u0027s possible to make the parser spend seconds or even minutes processing a single request, effectively freezing the application. Version 5.3.6 fixes the issue. As a workaround, avoid using DOCTYPE parsing by `processEntities: false` option.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-26278",
"url": "https://www.suse.com/security/cve/CVE-2026-26278"
},
{
"category": "external",
"summary": "SUSE Bug 1258547 for CVE-2026-26278",
"url": "https://bugzilla.suse.com/1258547"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-26278"
},
{
"cve": "CVE-2026-26996",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-26996"
}
],
"notes": [
{
"category": "general",
"text": "minimatch is a minimal matching utility for converting glob expressions into JavaScript RegExp objects. Versions 10.2.0 and below are vulnerable to Regular Expression Denial of Service (ReDoS) when a glob pattern contains many consecutive * wildcards followed by a literal character that doesn\u0027t appear in the test string. Each * compiles to a separate [^/]*? regex group, and when the match fails, V8\u0027s regex engine backtracks exponentially across all possible splits. The time complexity is O(4^N) where N is the number of * characters. With N=15, a single minimatch() call takes ~2 seconds. With N=34, it hangs effectively forever. Any application that passes user-controlled strings to minimatch() as the pattern argument is vulnerable to DoS. This issue has been fixed in version 10.2.1.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-26996",
"url": "https://www.suse.com/security/cve/CVE-2026-26996"
},
{
"category": "external",
"summary": "SUSE Bug 1258621 for CVE-2026-26996",
"url": "https://bugzilla.suse.com/1258621"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-26996"
},
{
"cve": "CVE-2026-27136",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-27136"
}
],
"notes": [
{
"category": "general",
"text": "Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt to sanitize input HTML before rendering.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-27136",
"url": "https://www.suse.com/security/cve/CVE-2026-27136"
},
{
"category": "external",
"summary": "SUSE Bug 1267044 for CVE-2026-27136",
"url": "https://bugzilla.suse.com/1267044"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-27136"
},
{
"cve": "CVE-2026-2739",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-2739"
}
],
"notes": [
{
"category": "general",
"text": "This affects versions of the package bn.js before 5.2.3. Calling maskn(0) on any BN instance corrupts the internal state, causing toString(), divmod(), and other methods to enter an infinite loop, hanging the process indefinitely.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-2739",
"url": "https://www.suse.com/security/cve/CVE-2026-2739"
},
{
"category": "external",
"summary": "SUSE Bug 1258647 for CVE-2026-2739",
"url": "https://bugzilla.suse.com/1258647"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-2739"
},
{
"cve": "CVE-2026-27606",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-27606"
}
],
"notes": [
{
"category": "general",
"text": "Rollup is a module bundler for JavaScript. Versions prior to 2.80.0, 3.30.0, and 4.59.0 of the Rollup module bundler (specifically v4.x and present in current source) is vulnerable to an Arbitrary File Write via Path Traversal. Insecure file name sanitization in the core engine allows an attacker to control output filenames (e.g., via CLI named inputs, manual chunk aliases, or malicious plugins) and use traversal sequences (`../`) to overwrite files anywhere on the host filesystem that the build process has permissions for. This can lead to persistent Remote Code Execution (RCE) by overwriting critical system or user configuration files. Versions 2.80.0, 3.30.0, and 4.59.0 contain a patch for the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-27606",
"url": "https://www.suse.com/security/cve/CVE-2026-27606"
},
{
"category": "external",
"summary": "SUSE Bug 1258846 for CVE-2026-27606",
"url": "https://bugzilla.suse.com/1258846"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-27606"
},
{
"cve": "CVE-2026-27904",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-27904"
}
],
"notes": [
{
"category": "general",
"text": "minimatch is a minimal matching utility for converting glob expressions into JavaScript RegExp objects. Prior to version 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, and 3.1.4, nested `*()` extglobs produce regexps with nested unbounded quantifiers (e.g. `(?:(?:a|b)*)*`), which exhibit catastrophic backtracking in V8. With a 12-byte pattern `*(*(*(a|b)))` and an 18-byte non-matching input, `minimatch()` stalls for over 7 seconds. Adding a single nesting level or a few input characters pushes this to minutes. This is the most severe finding: it is triggered by the default `minimatch()` API with no special options, and the minimum viable pattern is only 12 bytes. The same issue affects `+()` extglobs equally. Versions 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, and 3.1.4 fix the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-27904",
"url": "https://www.suse.com/security/cve/CVE-2026-27904"
},
{
"category": "external",
"summary": "SUSE Bug 1258994 for CVE-2026-27904",
"url": "https://bugzilla.suse.com/1258994"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-27904"
},
{
"cve": "CVE-2026-33036",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-33036"
}
],
"notes": [
{
"category": "general",
"text": "fast-xml-parser allows users to process XML from JS object without C/C++ based libraries or callbacks. Versions 4.0.0-beta.3 through 5.5.5 contain a bypass vulnerability where numeric character references (\u0026#NNN;, \u0026#xHH;) and standard XML entities completely evade the entity expansion limits (e.g., maxTotalExpansions, maxExpandedLength) added to fix CVE-2026-26278, enabling XML entity expansion Denial of Service. The root cause is that replaceEntitiesValue() in OrderedObjParser.js only enforces expansion counting on DOCTYPE-defined entities while the lastEntities loop handling numeric/standard entities performs no counting at all. An attacker supplying 1M numeric entity references like \u0026#65; can force ~147MB of memory allocation and heavy CPU usage, potentially crashing the process-even when developers have configured strict limits. This issue has been fixed in version 5.5.6.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-33036",
"url": "https://www.suse.com/security/cve/CVE-2026-33036"
},
{
"category": "external",
"summary": "SUSE Bug 1259974 for CVE-2026-33036",
"url": "https://bugzilla.suse.com/1259974"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-33036"
},
{
"cve": "CVE-2026-33186",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-33186"
}
],
"notes": [
{
"category": "general",
"text": "gRPC-Go is the Go language implementation of gRPC. Versions prior to 1.79.3 have an authorization bypass resulting from improper input validation of the HTTP/2 `:path` pseudo-header. The gRPC-Go server was too lenient in its routing logic, accepting requests where the `:path` omitted the mandatory leading slash (e.g., `Service/Method` instead of `/Service/Method`). While the server successfully routed these requests to the correct handler, authorization interceptors (including the official `grpc/authz` package) evaluated the raw, non-canonical path string. Consequently, \"deny\" rules defined using canonical paths (starting with `/`) failed to match the incoming request, allowing it to bypass the policy if a fallback \"allow\" rule was present. This affects gRPC-Go servers that use path-based authorization interceptors, such as the official RBAC implementation in `google.golang.org/grpc/authz` or custom interceptors relying on `info.FullMethod` or `grpc.Method(ctx)`; AND that have a security policy contains specific \"deny\" rules for canonical paths but allows other requests by default (a fallback \"allow\" rule). The vulnerability is exploitable by an attacker who can send raw HTTP/2 frames with malformed `:path` headers directly to the gRPC server. The fix in version 1.79.3 ensures that any request with a `:path` that does not start with a leading slash is immediately rejected with a `codes.Unimplemented` error, preventing it from reaching authorization interceptors or handlers with a non-canonical path string. While upgrading is the most secure and recommended path, users can mitigate the vulnerability using one of the following methods: Use a validating interceptor (recommended mitigation); infrastructure-level normalization; and/or policy hardening.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-33186",
"url": "https://www.suse.com/security/cve/CVE-2026-33186"
},
{
"category": "external",
"summary": "SUSE Bug 1260085 for CVE-2026-33186",
"url": "https://bugzilla.suse.com/1260085"
},
{
"category": "external",
"summary": "SUSE Bug 1268676 for CVE-2026-33186",
"url": "https://bugzilla.suse.com/1268676"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-33186"
},
{
"cve": "CVE-2026-33487",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-33487"
}
],
"notes": [
{
"category": "general",
"text": "goxmlsig provides XML Digital Signatures implemented in Go. Prior to version 1.6.0, the `validateSignature` function in `validate.go` goes through the references in the `SignedInfo` block to find one that matches the signed element\u0027s ID. In Go versions before 1.22, or when `go.mod` uses an older version, there is a loop variable capture issue. The code takes the address of the loop variable `_ref` instead of its value. As a result, if more than one reference matches the ID or if the loop logic is incorrect, the `ref` pointer will always end up pointing to the last element in the `SignedInfo.References` slice after the loop. goxmlsig version 1.6.0 contains a patch.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-33487",
"url": "https://www.suse.com/security/cve/CVE-2026-33487"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-33487"
},
{
"cve": "CVE-2026-33814",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-33814"
}
],
"notes": [
{
"category": "general",
"text": "When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a SETTINGS_MAX_FRAME_SIZE with a value of 0.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-33814",
"url": "https://www.suse.com/security/cve/CVE-2026-33814"
},
{
"category": "external",
"summary": "SUSE Bug 1264506 for CVE-2026-33814",
"url": "https://bugzilla.suse.com/1264506"
},
{
"category": "external",
"summary": "SUSE Bug 1268758 for CVE-2026-33814",
"url": "https://bugzilla.suse.com/1268758"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-33814"
},
{
"cve": "CVE-2026-34986",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-34986"
}
],
"notes": [
{
"category": "general",
"text": "Go JOSE provides an implementation of the Javascript Object Signing and Encryption set of standards in Go, including support for JSON Web Encryption (JWE), JSON Web Signature (JWS), and JSON Web Token (JWT) standards. Prior to 4.1.4 and 3.0.5, decrypting a JSON Web Encryption (JWE) object will panic if the alg field indicates a key wrapping algorithm (one ending in KW, with the exception of A128GCMKW, A192GCMKW, and A256GCMKW) and the encrypted_key field is empty. The panic happens when cipher.KeyUnwrap() in key_wrap.go attempts to allocate a slice with a zero or negative length based on the length of the encrypted_key. This code path is reachable from ParseEncrypted() / ParseEncryptedJSON() / ParseEncryptedCompact() followed by Decrypt() on the resulting object. Note that the parse functions take a list of accepted key algorithms. If the accepted key algorithms do not include any key wrapping algorithms, parsing will fail and the application will be unaffected. This panic is also reachable by calling cipher.KeyUnwrap() directly with any ciphertext parameter less than 16 bytes long, but calling this function directly is less common. Panics can lead to denial of service. This vulnerability is fixed in 4.1.4 and 3.0.5.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-34986",
"url": "https://www.suse.com/security/cve/CVE-2026-34986"
},
{
"category": "external",
"summary": "SUSE Bug 1262805 for CVE-2026-34986",
"url": "https://bugzilla.suse.com/1262805"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-34986"
},
{
"cve": "CVE-2026-39821",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39821"
}
],
"notes": [
{
"category": "general",
"text": "The ToASCII and ToUnicode functions incorrectly accept Punycode-encoded labels that decode to an ASCII-only label. For example, ToUnicode(\"xn--example-.com\") incorrectly returns the name \"example.com\" rather than an error. This behavior can lead to privilege escalation in programs using the idna package. For example, a program which performs privilege checks on the ASCII hostname may reject \"example.com\" but permit \"xn--example-.com\". If that program subsequently converts the ASCII hostname to Unicode, it will inadvertently permits access to the Unicode name \"example.com\".",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39821",
"url": "https://www.suse.com/security/cve/CVE-2026-39821"
},
{
"category": "external",
"summary": "SUSE Bug 1266474 for CVE-2026-39821",
"url": "https://bugzilla.suse.com/1266474"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-39821"
},
{
"cve": "CVE-2026-39827",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39827"
}
],
"notes": [
{
"category": "general",
"text": "An authenticated SSH client that repeatedly opened channels which were rejected by the server caused unbounded memory growth, eventually crashing the server process and affecting all connected users. Rejected channels are now properly removed from the connection\u0027s internal state and released for garbage collection.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39827",
"url": "https://www.suse.com/security/cve/CVE-2026-39827"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-39827",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-39827"
},
{
"cve": "CVE-2026-39828",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39828"
}
],
"notes": [
{
"category": "general",
"text": "When an SSH server authentication callback returned PartialSuccessError with non-nil Permissions, those permissions were silently discarded, potentially dropping certificate restrictions such as force-command after a second factor succeeded. Returning non-nil Permissions with PartialSuccessError now results in a connection error.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39828",
"url": "https://www.suse.com/security/cve/CVE-2026-39828"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-39828",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-39828"
},
{
"cve": "CVE-2026-39829",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39829"
}
],
"notes": [
{
"category": "general",
"text": "The RSA and DSA public key parsers did not enforce size limits on key parameters. A crafted public key with an excessively large modulus or DSA parameter could cause several minutes of CPU consumption during signature verification. This could be triggered by unauthenticated clients during public key authentication. RSA moduli are now limited to 8192 bits, and DSA parameters are validated per FIPS 186-2.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39829",
"url": "https://www.suse.com/security/cve/CVE-2026-39829"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-39829",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-39829"
},
{
"cve": "CVE-2026-39830",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39830"
}
],
"notes": [
{
"category": "general",
"text": "A malicious SSH peer could send unsolicited global request responses to fill an internal buffer, blocking the connection\u0027s read loop. The blocked goroutine could not be released by calling Close(), resulting in a resource leak per connection. Unsolicited global responses are now discarded.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39830",
"url": "https://www.suse.com/security/cve/CVE-2026-39830"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-39830",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-39830"
},
{
"cve": "CVE-2026-39831",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39831"
}
],
"notes": [
{
"category": "general",
"text": "The Verify() method for FIDO/U2F security key types (sk-ecdsa-sha2-nistp256@openssh.com, sk-ssh-ed25519@openssh.com) did not check the User Presence flag. Signatures generated without physical touch were accepted, allowing unattended use of a hardware security key. To restore the previous behavior, return a \"no-touch-required\" extension in Permissions.Extensions from PublicKeyCallback.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39831",
"url": "https://www.suse.com/security/cve/CVE-2026-39831"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-39831",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-39831"
},
{
"cve": "CVE-2026-39832",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39832"
}
],
"notes": [
{
"category": "general",
"text": "When adding a key to a remote agent constraint extensions such as restrict-destination-v00@openssh.com were not serialized in the request. Destination restrictions were silently stripped when forwarding keys, allowing unrestricted use of the key on the remote host. The client now serializes all constraint extensions. Additionally, the in-memory keyring returned by NewKeyring() now rejects keys with unsupported constraint extensions instead of silently ignoring them.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39832",
"url": "https://www.suse.com/security/cve/CVE-2026-39832"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-39832",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-39832"
},
{
"cve": "CVE-2026-39833",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39833"
}
],
"notes": [
{
"category": "general",
"text": "The in-memory keyring returned by NewKeyring() silently accepted keys with the ConfirmBeforeUse constraint but never enforced it. The key would sign without any confirmation prompt, with no indication to the caller that the constraint was not in effect. NewKeyring() now returns an error when unsupported constraints are requested.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39833",
"url": "https://www.suse.com/security/cve/CVE-2026-39833"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-39833",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-39833"
},
{
"cve": "CVE-2026-39834",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39834"
}
],
"notes": [
{
"category": "general",
"text": "When writing data larger than 4GB in a single Write call on an SSH channel, an integer overflow in the internal payload size calculation caused the write loop to spin indefinitely, sending empty packets without making progress. The size comparison now uses int64 to prevent truncation.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39834",
"url": "https://www.suse.com/security/cve/CVE-2026-39834"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-39834",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-39834"
},
{
"cve": "CVE-2026-39835",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39835"
}
],
"notes": [
{
"category": "general",
"text": "SSH servers which use CertChecker as a public key callback without setting IsUserAuthority or IsHostAuthority could be caused to panic by a client presenting a certificate. CertChecker now returns an error instead of panicking when these callbacks are nil.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39835",
"url": "https://www.suse.com/security/cve/CVE-2026-39835"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-39835",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-39835"
},
{
"cve": "CVE-2026-42039",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-42039"
}
],
"notes": [
{
"category": "general",
"text": "Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.1 and 0.31.1, toFormData recursively walks nested objects with no depth limit, so a deeply nested value passed as request data crashes the Node.js process with a RangeError. This vulnerability is fixed in 1.15.1 and 0.31.1.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-42039",
"url": "https://www.suse.com/security/cve/CVE-2026-42039"
},
{
"category": "external",
"summary": "SUSE Bug 1267406 for CVE-2026-42039",
"url": "https://bugzilla.suse.com/1267406"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-42039"
},
{
"cve": "CVE-2026-42502",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-42502"
}
],
"notes": [
{
"category": "general",
"text": "Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt to sanitize input HTML before rendering.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-42502",
"url": "https://www.suse.com/security/cve/CVE-2026-42502"
},
{
"category": "external",
"summary": "SUSE Bug 1267044 for CVE-2026-42502",
"url": "https://bugzilla.suse.com/1267044"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-42502"
},
{
"cve": "CVE-2026-42506",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-42506"
}
],
"notes": [
{
"category": "general",
"text": "Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt to sanitize input HTML before rendering.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-42506",
"url": "https://www.suse.com/security/cve/CVE-2026-42506"
},
{
"category": "external",
"summary": "SUSE Bug 1267044 for CVE-2026-42506",
"url": "https://bugzilla.suse.com/1267044"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-42506"
},
{
"cve": "CVE-2026-42508",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-42508"
}
],
"notes": [
{
"category": "general",
"text": "Previously, a revoked \u0027SignatureKey\u0027 belonging to a CA was not correctly checked for revocation. Now, both the \u0027key\u0027 and \u0027key.SignatureKey\u0027 are checked for @revoked.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-42508",
"url": "https://www.suse.com/security/cve/CVE-2026-42508"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-42508",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-42508"
},
{
"cve": "CVE-2026-46595",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-46595"
}
],
"notes": [
{
"category": "general",
"text": "Previously, CVE-2024-45337 fixed an authorization bypass for misused ssh server configurations; if any other type of callback is passed other than public key, then the source-address validation would be skipped.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-46595",
"url": "https://www.suse.com/security/cve/CVE-2026-46595"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-46595",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-46595"
},
{
"cve": "CVE-2026-46597",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-46597"
}
],
"notes": [
{
"category": "general",
"text": "An incorrectly placed cast from bytes to int allowed for server-side panic in the AES-GCM packet decoder for well-crafted inputs.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-46597",
"url": "https://www.suse.com/security/cve/CVE-2026-46597"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-46597",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-46597"
},
{
"cve": "CVE-2026-46598",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-46598"
}
],
"notes": [
{
"category": "general",
"text": "For certain crafted inputs, a \u0027ed25519.PrivateKey\u0027 was created by casting malformed wire bytes, leading to a panic when used.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-46598",
"url": "https://www.suse.com/security/cve/CVE-2026-46598"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-46598",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-46598"
}
]
}
OPENSUSE-SU-2026:20853-1
Vulnerability from csaf_opensuse - Published: 2026-06-01 15:52 - Updated: 2026-06-01 15:52| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:hauler-1.4.3-bp160.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:hauler-1.4.3-bp160.3.1.x86_64 | — |
Vendor Fix
|
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for hauler",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for hauler fixes the following issues:\n\nChanges in hauler:\n\n- update x/net to v0.55.0 (bsc#1266602, CVE-2026-39821)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Leap-16.0-packagehub-283",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2026_20853-1.json"
},
{
"category": "self",
"summary": "SUSE Bug 1266602",
"url": "https://bugzilla.suse.com/1266602"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39821 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39821/"
}
],
"title": "Security update for hauler",
"tracking": {
"current_release_date": "2026-06-01T15:52:42Z",
"generator": {
"date": "2026-06-01T15:52:42Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2026:20853-1",
"initial_release_date": "2026-06-01T15:52:42Z",
"revision_history": [
{
"date": "2026-06-01T15:52:42Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "hauler-1.4.3-bp160.3.1.aarch64",
"product": {
"name": "hauler-1.4.3-bp160.3.1.aarch64",
"product_id": "hauler-1.4.3-bp160.3.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "hauler-1.4.3-bp160.3.1.x86_64",
"product": {
"name": "hauler-1.4.3-bp160.3.1.x86_64",
"product_id": "hauler-1.4.3-bp160.3.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 16.0",
"product": {
"name": "openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0"
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "hauler-1.4.3-bp160.3.1.aarch64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:hauler-1.4.3-bp160.3.1.aarch64"
},
"product_reference": "hauler-1.4.3-bp160.3.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "hauler-1.4.3-bp160.3.1.x86_64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:hauler-1.4.3-bp160.3.1.x86_64"
},
"product_reference": "hauler-1.4.3-bp160.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 16.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-39821",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39821"
}
],
"notes": [
{
"category": "general",
"text": "The ToASCII and ToUnicode functions incorrectly accept Punycode-encoded labels that decode to an ASCII-only label. For example, ToUnicode(\"xn--example-.com\") incorrectly returns the name \"example.com\" rather than an error. This behavior can lead to privilege escalation in programs using the idna package. For example, a program which performs privilege checks on the ASCII hostname may reject \"example.com\" but permit \"xn--example-.com\". If that program subsequently converts the ASCII hostname to Unicode, it will inadvertently permits access to the Unicode name \"example.com\".",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:hauler-1.4.3-bp160.3.1.aarch64",
"openSUSE Leap 16.0:hauler-1.4.3-bp160.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39821",
"url": "https://www.suse.com/security/cve/CVE-2026-39821"
},
{
"category": "external",
"summary": "SUSE Bug 1266474 for CVE-2026-39821",
"url": "https://bugzilla.suse.com/1266474"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:hauler-1.4.3-bp160.3.1.aarch64",
"openSUSE Leap 16.0:hauler-1.4.3-bp160.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:hauler-1.4.3-bp160.3.1.aarch64",
"openSUSE Leap 16.0:hauler-1.4.3-bp160.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-01T15:52:42Z",
"details": "important"
}
],
"title": "CVE-2026-39821"
}
]
}
OPENSUSE-SU-2026:20854-1
Vulnerability from csaf_opensuse - Published: 2026-06-01 15:50 - Updated: 2026-06-01 15:50| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:rqlite-10.2.0-bp160.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:rqlite-10.2.0-bp160.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:rqlite-10.2.0-bp160.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:rqlite-10.2.0-bp160.1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:rqlite-10.2.0-bp160.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:rqlite-10.2.0-bp160.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:rqlite-10.2.0-bp160.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:rqlite-10.2.0-bp160.1.1.x86_64 | — |
Vendor Fix
|
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for rqlite",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for rqlite fixes the following issues:\n\nChanges in rqlite:\n\n- Update to version 10.2.0:\n * Support verifying mTLS peer Common Name\n * Console supports restore from SQLite data\n * Console \"count rows\" respects current Tables Expand/Collapse state\n * Console supports dropping indexes\n * Further Console app improvements\n\n- update go-net depdendency to address IDN Punycode validation\n bypass CVE-2026-39821 boo#1266544\n\n- Update to version 10.1.0:\n * Add Schema management page to Console app\n * Display node TLS state in console\u0027s Cluster panel\n\n- includes changes from 10.0.6:\n * Limit number of redirects followed on cluster-join\n * fix HTTP auth reporting\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Leap-16.0-packagehub-284",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2026_20854-1.json"
},
{
"category": "self",
"summary": "SUSE Bug 1265706",
"url": "https://bugzilla.suse.com/1265706"
},
{
"category": "self",
"summary": "SUSE Bug 1266544",
"url": "https://bugzilla.suse.com/1266544"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-33814 page",
"url": "https://www.suse.com/security/cve/CVE-2026-33814/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39821 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39821/"
}
],
"title": "Security update for rqlite",
"tracking": {
"current_release_date": "2026-06-01T15:50:58Z",
"generator": {
"date": "2026-06-01T15:50:58Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2026:20854-1",
"initial_release_date": "2026-06-01T15:50:58Z",
"revision_history": [
{
"date": "2026-06-01T15:50:58Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "rqlite-10.2.0-bp160.1.1.aarch64",
"product": {
"name": "rqlite-10.2.0-bp160.1.1.aarch64",
"product_id": "rqlite-10.2.0-bp160.1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "rqlite-10.2.0-bp160.1.1.ppc64le",
"product": {
"name": "rqlite-10.2.0-bp160.1.1.ppc64le",
"product_id": "rqlite-10.2.0-bp160.1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "rqlite-10.2.0-bp160.1.1.s390x",
"product": {
"name": "rqlite-10.2.0-bp160.1.1.s390x",
"product_id": "rqlite-10.2.0-bp160.1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "rqlite-10.2.0-bp160.1.1.x86_64",
"product": {
"name": "rqlite-10.2.0-bp160.1.1.x86_64",
"product_id": "rqlite-10.2.0-bp160.1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 16.0",
"product": {
"name": "openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0"
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "rqlite-10.2.0-bp160.1.1.aarch64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:rqlite-10.2.0-bp160.1.1.aarch64"
},
"product_reference": "rqlite-10.2.0-bp160.1.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rqlite-10.2.0-bp160.1.1.ppc64le as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:rqlite-10.2.0-bp160.1.1.ppc64le"
},
"product_reference": "rqlite-10.2.0-bp160.1.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rqlite-10.2.0-bp160.1.1.s390x as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:rqlite-10.2.0-bp160.1.1.s390x"
},
"product_reference": "rqlite-10.2.0-bp160.1.1.s390x",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rqlite-10.2.0-bp160.1.1.x86_64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:rqlite-10.2.0-bp160.1.1.x86_64"
},
"product_reference": "rqlite-10.2.0-bp160.1.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 16.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-33814",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-33814"
}
],
"notes": [
{
"category": "general",
"text": "When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a SETTINGS_MAX_FRAME_SIZE with a value of 0.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:rqlite-10.2.0-bp160.1.1.aarch64",
"openSUSE Leap 16.0:rqlite-10.2.0-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:rqlite-10.2.0-bp160.1.1.s390x",
"openSUSE Leap 16.0:rqlite-10.2.0-bp160.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-33814",
"url": "https://www.suse.com/security/cve/CVE-2026-33814"
},
{
"category": "external",
"summary": "SUSE Bug 1264506 for CVE-2026-33814",
"url": "https://bugzilla.suse.com/1264506"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:rqlite-10.2.0-bp160.1.1.aarch64",
"openSUSE Leap 16.0:rqlite-10.2.0-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:rqlite-10.2.0-bp160.1.1.s390x",
"openSUSE Leap 16.0:rqlite-10.2.0-bp160.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:rqlite-10.2.0-bp160.1.1.aarch64",
"openSUSE Leap 16.0:rqlite-10.2.0-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:rqlite-10.2.0-bp160.1.1.s390x",
"openSUSE Leap 16.0:rqlite-10.2.0-bp160.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-01T15:50:58Z",
"details": "important"
}
],
"title": "CVE-2026-33814"
},
{
"cve": "CVE-2026-39821",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39821"
}
],
"notes": [
{
"category": "general",
"text": "The ToASCII and ToUnicode functions incorrectly accept Punycode-encoded labels that decode to an ASCII-only label. For example, ToUnicode(\"xn--example-.com\") incorrectly returns the name \"example.com\" rather than an error. This behavior can lead to privilege escalation in programs using the idna package. For example, a program which performs privilege checks on the ASCII hostname may reject \"example.com\" but permit \"xn--example-.com\". If that program subsequently converts the ASCII hostname to Unicode, it will inadvertently permits access to the Unicode name \"example.com\".",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:rqlite-10.2.0-bp160.1.1.aarch64",
"openSUSE Leap 16.0:rqlite-10.2.0-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:rqlite-10.2.0-bp160.1.1.s390x",
"openSUSE Leap 16.0:rqlite-10.2.0-bp160.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39821",
"url": "https://www.suse.com/security/cve/CVE-2026-39821"
},
{
"category": "external",
"summary": "SUSE Bug 1266474 for CVE-2026-39821",
"url": "https://bugzilla.suse.com/1266474"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:rqlite-10.2.0-bp160.1.1.aarch64",
"openSUSE Leap 16.0:rqlite-10.2.0-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:rqlite-10.2.0-bp160.1.1.s390x",
"openSUSE Leap 16.0:rqlite-10.2.0-bp160.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:rqlite-10.2.0-bp160.1.1.aarch64",
"openSUSE Leap 16.0:rqlite-10.2.0-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:rqlite-10.2.0-bp160.1.1.s390x",
"openSUSE Leap 16.0:rqlite-10.2.0-bp160.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-01T15:50:58Z",
"details": "important"
}
],
"title": "CVE-2026-39821"
}
]
}
OPENSUSE-SU-2026:21210-1
Vulnerability from csaf_opensuse - Published: 2026-07-02 09:47 - Updated: 2026-07-02 09:47| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:google-osconfig-agent-20260615.01-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:google-osconfig-agent-20260615.01-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:google-osconfig-agent-20260615.01-160000.1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:google-osconfig-agent-20260615.01-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:google-osconfig-agent-20260615.01-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:google-osconfig-agent-20260615.01-160000.1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:google-osconfig-agent-20260615.01-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:google-osconfig-agent-20260615.01-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:google-osconfig-agent-20260615.01-160000.1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:google-osconfig-agent-20260615.01-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:google-osconfig-agent-20260615.01-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:google-osconfig-agent-20260615.01-160000.1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:google-osconfig-agent-20260615.01-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:google-osconfig-agent-20260615.01-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:google-osconfig-agent-20260615.01-160000.1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:google-osconfig-agent-20260615.01-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:google-osconfig-agent-20260615.01-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:google-osconfig-agent-20260615.01-160000.1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:google-osconfig-agent-20260615.01-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:google-osconfig-agent-20260615.01-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:google-osconfig-agent-20260615.01-160000.1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:google-osconfig-agent-20260615.01-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:google-osconfig-agent-20260615.01-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:google-osconfig-agent-20260615.01-160000.1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:google-osconfig-agent-20260615.01-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:google-osconfig-agent-20260615.01-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:google-osconfig-agent-20260615.01-160000.1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:google-osconfig-agent-20260615.01-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:google-osconfig-agent-20260615.01-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:google-osconfig-agent-20260615.01-160000.1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:google-osconfig-agent-20260615.01-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:google-osconfig-agent-20260615.01-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:google-osconfig-agent-20260615.01-160000.1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:google-osconfig-agent-20260615.01-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:google-osconfig-agent-20260615.01-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:google-osconfig-agent-20260615.01-160000.1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:google-osconfig-agent-20260615.01-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:google-osconfig-agent-20260615.01-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:google-osconfig-agent-20260615.01-160000.1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:google-osconfig-agent-20260615.01-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:google-osconfig-agent-20260615.01-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:google-osconfig-agent-20260615.01-160000.1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:google-osconfig-agent-20260615.01-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:google-osconfig-agent-20260615.01-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:google-osconfig-agent-20260615.01-160000.1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:google-osconfig-agent-20260615.01-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:google-osconfig-agent-20260615.01-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:google-osconfig-agent-20260615.01-160000.1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:google-osconfig-agent-20260615.01-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:google-osconfig-agent-20260615.01-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:google-osconfig-agent-20260615.01-160000.1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:google-osconfig-agent-20260615.01-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:google-osconfig-agent-20260615.01-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:google-osconfig-agent-20260615.01-160000.1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:google-osconfig-agent-20260615.01-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:google-osconfig-agent-20260615.01-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:google-osconfig-agent-20260615.01-160000.1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:google-osconfig-agent-20260615.01-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:google-osconfig-agent-20260615.01-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:google-osconfig-agent-20260615.01-160000.1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:google-osconfig-agent-20260615.01-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:google-osconfig-agent-20260615.01-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:google-osconfig-agent-20260615.01-160000.1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:google-osconfig-agent-20260615.01-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:google-osconfig-agent-20260615.01-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:google-osconfig-agent-20260615.01-160000.1.1.x86_64 | — |
Vendor Fix
|
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for google-osconfig-agent",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for google-osconfig-agent fixes the following issues\n\n- CVE-2023-45288: golang.org/x/net/http2: close connections when receiving too many headers.\n- CVE-2025-47911: golang.org/x/net/html: various algorithms with quadratic complexity when parsing HTML documents\n (bsc#1251453).\n- CVE-2025-58190: golang.org/x/net/html: excessive memory consumption by `html.ParseFragment` when processing specially\n crafted input (bsc#1251704).\n- CVE-2026-33186: google.golang.org/grpc: authorization bypass due to improper validation of the HTTP/2 :path pseudo-\n header (bsc#1260264).\n- CVE-2026-33814: golang.org/x/net/http2: infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE\n (bsc#1265762).\n- CVE-2026-34986: github.com/go-jose/go-jose/v4: crafted JWE input with a missing encrypted key can lead to a denial of\n service (bsc#1262926).\n- CVE-2026-39821: golang.org/x/net/idna: failure to reject ASCII-only Punycode-encoded labels allows for validation\n bypass and privilege escalation (bsc#1266603).\n- CVE-2026-39827: Invoking memory leak when rejecting channels can lead to DoS in golang.org/x/crypto/ssh (bsc#1266171).\n- CVE-2026-39828: Invoking bypass of certificate restrictions in golang.org/x/crypto/ssh (bsc#1266171).\n- CVE-2026-39829: Invoking pathological RSA/DSA parameters may cause DoS in golang.org/x/crypto/ssh (bsc#1266171).\n- CVE-2026-39830: Invoking client can cause server deadlock on unexpected responses in golang.org/x/crypto/ssh\n (bsc#1266171).\n- CVE-2026-39831: Invoking bypass of FIDO/U2F security keys physical interaction in golang.org/x/crypto/ssh\n (bsc#1266171).\n- CVE-2026-39832: Invoking agent constraints dropped when forwarding keys in golang.org/x/crypto/ssh/agent\n (bsc#1266171).\n- CVE-2026-39833: Invoking key constraints not enforced in golang.org/x/crypto/ssh/agent (bsc#1266171).\n- CVE-2026-39834: Invoking infinite loop on large channel writes in golang.org/x/crypto/ssh (bsc#1266171).\n- CVE-2026-39835: Invoking server panic during CheckHostKey/Authenticate in golang.org/x/crypto/ssh (bsc#1266171).\n- CVE-2026-42508: Invoking auth bypass via unenforced @revoked status in golang.org/x/crypto/ssh/knownhosts\n (bsc#1266171).\n- CVE-2026-46595: Invoking VerifiedPublicKeyCallback permissions skip enforcement in golang.org/x/crypto/ssh\n (bsc#1266171).\n- CVE-2026-46597: Invoking byte arithmetic causes underflow and panic in golang.org/x/crypto/ssh (bsc#1266171).\n- CVE-2026-46598: Invoking pathological inputs can lead to client panic in golang.org/x/crypto/ssh/agent (bsc#1266171).\n- CVE-2026-41506: github.com/go-git/go-git/v5: HTTP authentication credential leak when following redirects during\n smart-HTTP clone and fetch operations (bsc#1264923).\n\nChanges for google-osconfig-agent:\n\n- Update to version 20260615.01\n * Upgrade golang.org/x/crypto \u0026 golang.org/x/net (#1006)\n- from version 20260615.00\n * Add unit tests for ospatch_apt_upgrade.go (#938)\n- Update to version 20260611.00\n * Add unit tests for policies/policies.go PART 5 (#998)\n- from version 20260610.00\n * Add unit tests for policies/policies.go PART 4 (#997)\n- from version 20260609.02\n * squash commits (#936)\n- from version 20260609.01\n * Add unit tests for policies/policies.go PART 3 (#996)\n- from version 20260609.00\n * Add unit tests for policies/policies.go PART 2 (#991)\n- from version 20260602.01\n * Align format of dates and timestamp collected across Windows packages (#973)\n- from version 20260602.00\n * Add unit tests for config/config,go (#979)\n- from version 20260528.00\n * Bump github.com/containerd/containerd (#990)\n- from version 20260521.00\n * Cover agentconfig functionality by unit tests (#925)\n- from version 20260520.04\n * Add unit tests for policies/googet.go (#961)\n * Bump github.com/go-git/go-git/v5 (#987)\n- from version 20260520.02\n * Add unit tests for policies/yum.go (#952)\n * Add unit tests for policies/apt.go PART 3 (#951)\n- from version 20260520.00\n * Add unit tests for policies/zypper.go (#953)\n- from version 20260519.00\n * Add unit tests for policies/policies.go PART 1 (#949)\n- from version 20260513.01\n * Bump github.com/go-git/go-git/v5 (#981), this also updates\n golang.org/x/net to v0.53.0 (bsc#1265762, CVE-2026-33814)\n- from version 20260513.00\n * upgrade a few packages (#980)\n- from version 20260512.02\n * Add/improve unit tests for agentendpoint/exec_task.go (#933)\n- from version 20260512.01\n * Cover google_update.go by unit tests (#941)\n- from version 20260512.00\n * Change zone for arm64 builds because of stockout (#978)\n- Update to version 20260511.00\n * switch to t2a-standard-2 on ARM package build (#977)\n- from version 20260505.03\n * Cover zypper_patch by unit tests (#958)\n- from version 20260505.02\n * Remove unused functions DisableAutoUpdates (#970)\n- from version 20260505.01\n * Bump go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc (#966)\n- from version 20260505.00\n * Upgrade a few dependencies across the repo (#968)\n + github.com/go-git/go-git/v5 5.16.2-\u003e5.18.0 (bsc#1264923, CVE-2026-41506)\n + github.com/go-jose/go-jose/v4 4.1.3-\u003e4.1.4 (bsc#1262926, CVE-2026-34986)\n + github.com/go-viper/mapstructure/v2 2.3.0-\u003e2.4.0\n + go.opentelemetry.io/otel 1.40.0-\u003e1.41.0\n + go.opentelemetry.io/otel/sdk 1.39.0-\u003e1.43.0\n- from version 20260504.01\n * bump github.com/docker/cli to 29.2.0 (#962)\n- from version 20260504.00\n * Bump github.com/opencontainers/selinux (#960)\n- Update to version 20260428.00\n * Add/improve unit tests for agentendpoint/agentendpoint.go (#930)\n- from version 20260427.03\n * Cover config/file.go by unit tests (#935)\n- from version 20260422.01\n * Cover patch_linux.go by unit tests (#932)\n- from version 20260422.00\n * upgrade grpc package in main package and e2e tests (#959)\n (bsc#1260264, CVE-2026-33186)\n- from version 20260417.04\n * Bump OSV-Scalibr version to v0.4.3 (#956)\n- from version 20260417.03\n * Add unit tests for updates_linux.go (#937)\n- from version 20260417.02\n * Add zone to CreateDisk step (#955)\n- from version 20260417.01\n * Change disk type for deb11 (#954)\n- from version 20260417.00\n * Add unit tests for policies/apt.go PART 1 (#950)\n- from version 20260410.02\n * Add unit tests for packages/pty_linux.go (#943)\n- from version 20260410.01\n * fix disk type for arm workflows (#948)\n- from version 20260410.00\n * Change machine type for arm based workflows (#946)\n- Update to version 20260330.00\n * bump timeouts for all workflows (#940)\n- from version 20260326.00\n * Cover exec_resource.go by unit tests (#934)\n- from version 20260318.00\n * Integrate OSConfig agent with ReportVmInventory (#923)\n- from version 20260313.02\n * remove cacheonly flag from yum upgrade (#924)\n- from version 20260313.01\n * conditions python version override (#927)\n- from version 20260313.00\n * Fix presubmits by explicitly set python version for rpm based systems (#926)\n- from version 20260311.00\n * Bump osconfig version (#922)\n- from version 20260309.02\n * Extend OSV scalibr extractor (#921)\n- from version 20260309.01\n * upgrade golang.org/x/crypto and it\u0027s transitive deps (#918)\n- from version 20260309.00\n * Add purl to pkg info (#920)\n- from version 20260306.00\n * Add \u0027Type\u0027 field to PkgInfo (#919)\n- from version 20260303.01\n * Upgrade go.opentelemetry.io/otel/sdk (#913)\n- from version 20260303.00\n * Bump github.com/vbatts/tar-split from 0.11.5 to 0.12.2 (#908)\n- from version 20260302.00\n * Bump github.com/spdx/tools-golang from 0.5.3 to 0.5.7 (#906)\n- from version 20260126.00\n * Bump go.opentelemetry.io/otel/sdk from 1.38.0 to 1.39.0 (#905)\n * Bump github.com/sirupsen/logrus (#894)\n- Update to version 20260119.00\n * Bump cloud.google.com/go/storage from 1.56.0 to 1.58.0 (#899)\n- Update to version 20251230.00\n * chore: Migrate gsutil usage to gcloud storage (#904)\n- from version 20251223.00\n * fix e2e tests for report inventory (#903)\n- from version 20251222.01\n * Revert \"Bump cloud.google.com/go/longrunning from 0.6.3 to 0.7.0 (#882)\" (#902)\n- from version 20251222.00\n * Bump golang to the new version (#900)\n- from version 20251218.00\n * add new CODEOWNERS (#901)\n- from version 20251217.00\n * Bump cloud.google.com/go/longrunning from 0.6.3 to 0.7.0 (#882)\n- Bump the golang compiler version to 1.24.5\n- Update to version 20251202.00\n * Revert \"Bump github.com/spdx/tools-golang from 0.5.3 to 0.5.5 (#887)\" (#893)\n- Update to version 20251201.00\n * Revert \"Bump github.com/containerd/containerd (#890)\" (#892)\n- Update to version 20251126.00\n * Bump github.com/containerd/containerd (#890)\n * Bump github.com/spdx/tools-golang from 0.5.3 to 0.5.5 (#887)\n- Update to version 20251028.00\n * Bump go.opentelemetry.io/otel/sdk/metric from 1.35.0 to 1.38.0 (#886)\n * Bump github.com/tidwall/pretty from 1.2.0 to 1.2.1 (#880)\n- from version 20251023.02\n * Create multiple_os.yaml (#883)\n- from version 20251023.00\n * Bump github.com/docker/go-connections from 0.4.0 to 0.6.0 (#877)\n * Add test runner for e2e tests (#876)\n- Update to version 20250925.00\n * Bump cloud.google.com/go/auth/oauth2adapt from 0.2.7 to 0.2.8 (#870)\n * Bump google.golang.org/protobuf from 1.36.6 to 1.36.9 (#874)\n * Bump go.opentelemetry.io/otel from 1.35.0 to 1.38.0 (#872)\n * Bump github.com/golang/glog from 1.2.4 to 1.2.5 (#830)\n- Update to version 20250902.01\n * Bump github.com/googleapis/enterprise-certificate-proxy (#829)\n- from version 20250902.00\n * update github.com/go-jose/go-jose/v4 (#869)\n * Upgrade scalibr and other deps (#866)\n- from version 20250901.00\n * Fix possibility of path traversal for zip and tar archival (#868)\n- from version 20250825.00\n * set CODEOWNERS file as required by org (#863)\n- from version 20250819.00\n * Fix/rhel10 build centos image (#860)\n- from version 20250814.00\n * Fix/rhel10 build image (#859)\n- from version 20250813.00\n * Fix: Add RHEL 10 support to RPM startup script (#858)\n- from version 20250811.00\n * Remove old/sles-15-sp4-sap as image is deprecated (#857)\n- Update to version 20250806.00\n * Fixed JSON identifier for the universe domain (#855)\n- from version 20250729.00\n * Bump github.com/google/s2a-go from 0.1.8 to 0.1.9 (#828)\n- from version 20250725.02\n * Update utils.go (#854)\n * Upgrade golang.org/x/oauth2 package to the latest. (#853)\n * Bump golang.org/x/time from 0.9.0 to 0.12.0 (#839)\n- from version 20250725.01\n * Bump golang.org/x/oauth2 (#848)\n * Port fix for debian 11 to goo package manager. (#852)\n- from version 20250725.00\n * Update Golang version in common.sh and skip backports\n repo for debian 11 (#850)\n- from version 20250723.01\n * Add workflows to build package for el10 (#849)\n- from version 20250721.00\n * Make OS Config agent TPC aware (#846)\n- from version 20250718.00\n * Create workflows for new Debian 13. (#847)\n- Update to version 20250703.00\n * Fix sles images (#844)\n- from version 20250702.00\n * Remove rhel-sap 8-4 add rhel-sap 8-10 (#843)\n- from version 20250701.00\n * Bump the go_modules group across 1 directory with 2 updates (#840)\n- Update to version 20250606.00\n * Change base docker images Google\u0027s official base images. (#838)\n- Update to version 20250523.01\n * Add a simple no-op OS policy for user testing (#837)\n- from version 20250523.00\n * Introduce scalibr inventory extractor for dpkg/rpm/cos\n os/filesystem extractors (linux) (#834)\n * Trace GetInstalledPackages memory levels (#835)\n- from version 20250520.00\n- Update to version 20250513.00\n * Fix rpm extractor, handle (none) value correctly. (#833)\n- from version 20250512.01\n * Bump github.com/envoyproxy/go-control-plane from 0.13.1 to 0.13.4 (#816)\n- from version 20250512.00\n * Bump golang.org/x/net from 0.39.0 to 0.40.0 (#819)\n- from version 20250508.01\n * cosmetic refactoring to osinfo package (#826)\n- from version 20250508.00\n * Refactor /inventory with dependency injection (#825)\n * Add debian, ubuntu (InstalledDebPackages) snapshots (#821)\n * cover packages_linux.go file with tests (#824)\n * Add debian (10,11,12) GetPackageUpdates output snapshots (#822)\n- from version 20250507.00\n * Add InstalledRPMPackages snapshot tests (#823)\n- from version 20250506.02\n * Yum tests: simplify initialization of exit errors (#820)\n- from version 20250506.01\n * Improve test coverage for gem package manager (#818)\n- from version 20250506.00\n * after go/x/crypto update 0.32.0 -\u003e 0.37.0 (#817)\n- from version 20250505.01\n * Improve packages package coverage (#814)\n * Bump golang.org/x/net from 0.34.0 to 0.39.0 (#807)\n- from version 20250505.00\n * Bump golang.org/x/crypto from 0.32.0 to 0.37.0 (#806)\n- from version 20250430.00\n * Snapshot YumUpdates (GetPackageUpdates) output (#813)\n- from version 20250428.00\n * Snapshot ZypperPatches, ZypperUpdates (GetPackageUpdates) output\n for sles 12, 15 testdata (#812)\n- from version 20250423.00\n * Introduce MatchSnapshot large test results matcher function, snapshot\n apt-deb GetPackageUpdates (#811)\n- from version 20250416.02\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Leap-16.0-1136",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2026_21210-1.json"
},
{
"category": "self",
"summary": "SUSE Bug 1210938",
"url": "https://bugzilla.suse.com/1210938"
},
{
"category": "self",
"summary": "SUSE Bug 1251453",
"url": "https://bugzilla.suse.com/1251453"
},
{
"category": "self",
"summary": "SUSE Bug 1251704",
"url": "https://bugzilla.suse.com/1251704"
},
{
"category": "self",
"summary": "SUSE Bug 1260264",
"url": "https://bugzilla.suse.com/1260264"
},
{
"category": "self",
"summary": "SUSE Bug 1262926",
"url": "https://bugzilla.suse.com/1262926"
},
{
"category": "self",
"summary": "SUSE Bug 1264923",
"url": "https://bugzilla.suse.com/1264923"
},
{
"category": "self",
"summary": "SUSE Bug 1265762",
"url": "https://bugzilla.suse.com/1265762"
},
{
"category": "self",
"summary": "SUSE Bug 1266171",
"url": "https://bugzilla.suse.com/1266171"
},
{
"category": "self",
"summary": "SUSE Bug 1266603",
"url": "https://bugzilla.suse.com/1266603"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-45288 page",
"url": "https://www.suse.com/security/cve/CVE-2023-45288/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22868 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22868/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-47911 page",
"url": "https://www.suse.com/security/cve/CVE-2025-47911/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-58190 page",
"url": "https://www.suse.com/security/cve/CVE-2025-58190/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-33186 page",
"url": "https://www.suse.com/security/cve/CVE-2026-33186/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-33814 page",
"url": "https://www.suse.com/security/cve/CVE-2026-33814/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-34986 page",
"url": "https://www.suse.com/security/cve/CVE-2026-34986/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39821 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39821/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39827 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39827/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39828 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39828/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39829 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39829/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39830 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39830/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39831 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39831/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39832 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39832/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39833 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39833/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39834 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39834/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39835 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39835/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-41506 page",
"url": "https://www.suse.com/security/cve/CVE-2026-41506/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-42508 page",
"url": "https://www.suse.com/security/cve/CVE-2026-42508/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-46595 page",
"url": "https://www.suse.com/security/cve/CVE-2026-46595/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-46597 page",
"url": "https://www.suse.com/security/cve/CVE-2026-46597/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-46598 page",
"url": "https://www.suse.com/security/cve/CVE-2026-46598/"
}
],
"title": "Security update for google-osconfig-agent",
"tracking": {
"current_release_date": "2026-07-02T09:47:31Z",
"generator": {
"date": "2026-07-02T09:47:31Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2026:21210-1",
"initial_release_date": "2026-07-02T09:47:31Z",
"revision_history": [
{
"date": "2026-07-02T09:47:31Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "google-osconfig-agent-20260615.01-160000.1.1.aarch64",
"product": {
"name": "google-osconfig-agent-20260615.01-160000.1.1.aarch64",
"product_id": "google-osconfig-agent-20260615.01-160000.1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "google-osconfig-agent-20260615.01-160000.1.1.ppc64le",
"product": {
"name": "google-osconfig-agent-20260615.01-160000.1.1.ppc64le",
"product_id": "google-osconfig-agent-20260615.01-160000.1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "google-osconfig-agent-20260615.01-160000.1.1.x86_64",
"product": {
"name": "google-osconfig-agent-20260615.01-160000.1.1.x86_64",
"product_id": "google-osconfig-agent-20260615.01-160000.1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 16.0",
"product": {
"name": "openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0"
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "google-osconfig-agent-20260615.01-160000.1.1.aarch64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:google-osconfig-agent-20260615.01-160000.1.1.aarch64"
},
"product_reference": "google-osconfig-agent-20260615.01-160000.1.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "google-osconfig-agent-20260615.01-160000.1.1.ppc64le as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:google-osconfig-agent-20260615.01-160000.1.1.ppc64le"
},
"product_reference": "google-osconfig-agent-20260615.01-160000.1.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "google-osconfig-agent-20260615.01-160000.1.1.x86_64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:google-osconfig-agent-20260615.01-160000.1.1.x86_64"
},
"product_reference": "google-osconfig-agent-20260615.01-160000.1.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 16.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-45288",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-45288"
}
],
"notes": [
{
"category": "general",
"text": "An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request\u0027s headers exceed MaxHeaderBytes, no memory is allocated to store the excess headers, but they are still parsed. This permits an attacker to cause an HTTP/2 endpoint to read arbitrary amounts of header data, all associated with a request which is going to be rejected. These headers can include Huffman-encoded data which is significantly more expensive for the receiver to decode than for an attacker to send. The fix sets a limit on the amount of excess header frames we will process before closing a connection.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:google-osconfig-agent-20260615.01-160000.1.1.aarch64",
"openSUSE Leap 16.0:google-osconfig-agent-20260615.01-160000.1.1.ppc64le",
"openSUSE Leap 16.0:google-osconfig-agent-20260615.01-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-45288",
"url": "https://www.suse.com/security/cve/CVE-2023-45288"
},
{
"category": "external",
"summary": "SUSE Bug 1221400 for CVE-2023-45288",
"url": "https://bugzilla.suse.com/1221400"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:google-osconfig-agent-20260615.01-160000.1.1.aarch64",
"openSUSE Leap 16.0:google-osconfig-agent-20260615.01-160000.1.1.ppc64le",
"openSUSE Leap 16.0:google-osconfig-agent-20260615.01-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:google-osconfig-agent-20260615.01-160000.1.1.aarch64",
"openSUSE Leap 16.0:google-osconfig-agent-20260615.01-160000.1.1.ppc64le",
"openSUSE Leap 16.0:google-osconfig-agent-20260615.01-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-07-02T09:47:31Z",
"details": "moderate"
}
],
"title": "CVE-2023-45288"
},
{
"cve": "CVE-2025-22868",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22868"
}
],
"notes": [
{
"category": "general",
"text": "An attacker can pass a malicious malformed token which causes unexpected memory to be consumed during parsing.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:google-osconfig-agent-20260615.01-160000.1.1.aarch64",
"openSUSE Leap 16.0:google-osconfig-agent-20260615.01-160000.1.1.ppc64le",
"openSUSE Leap 16.0:google-osconfig-agent-20260615.01-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22868",
"url": "https://www.suse.com/security/cve/CVE-2025-22868"
},
{
"category": "external",
"summary": "SUSE Bug 1239185 for CVE-2025-22868",
"url": "https://bugzilla.suse.com/1239185"
},
{
"category": "external",
"summary": "SUSE Bug 1239186 for CVE-2025-22868",
"url": "https://bugzilla.suse.com/1239186"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:google-osconfig-agent-20260615.01-160000.1.1.aarch64",
"openSUSE Leap 16.0:google-osconfig-agent-20260615.01-160000.1.1.ppc64le",
"openSUSE Leap 16.0:google-osconfig-agent-20260615.01-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:google-osconfig-agent-20260615.01-160000.1.1.aarch64",
"openSUSE Leap 16.0:google-osconfig-agent-20260615.01-160000.1.1.ppc64le",
"openSUSE Leap 16.0:google-osconfig-agent-20260615.01-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-07-02T09:47:31Z",
"details": "important"
}
],
"title": "CVE-2025-22868"
},
{
"cve": "CVE-2025-47911",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-47911"
}
],
"notes": [
{
"category": "general",
"text": "The html.Parse function in golang.org/x/net/html has quadratic parsing complexity when processing certain inputs, which can lead to denial of service (DoS) if an attacker provides specially crafted HTML content.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:google-osconfig-agent-20260615.01-160000.1.1.aarch64",
"openSUSE Leap 16.0:google-osconfig-agent-20260615.01-160000.1.1.ppc64le",
"openSUSE Leap 16.0:google-osconfig-agent-20260615.01-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-47911",
"url": "https://www.suse.com/security/cve/CVE-2025-47911"
},
{
"category": "external",
"summary": "SUSE Bug 1251308 for CVE-2025-47911",
"url": "https://bugzilla.suse.com/1251308"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:google-osconfig-agent-20260615.01-160000.1.1.aarch64",
"openSUSE Leap 16.0:google-osconfig-agent-20260615.01-160000.1.1.ppc64le",
"openSUSE Leap 16.0:google-osconfig-agent-20260615.01-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:google-osconfig-agent-20260615.01-160000.1.1.aarch64",
"openSUSE Leap 16.0:google-osconfig-agent-20260615.01-160000.1.1.ppc64le",
"openSUSE Leap 16.0:google-osconfig-agent-20260615.01-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-07-02T09:47:31Z",
"details": "moderate"
}
],
"title": "CVE-2025-47911"
},
{
"cve": "CVE-2025-58190",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-58190"
}
],
"notes": [
{
"category": "general",
"text": "The html.Parse function in golang.org/x/net/html has an infinite parsing loop when processing certain inputs, which can lead to denial of service (DoS) if an attacker provides specially crafted HTML content.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:google-osconfig-agent-20260615.01-160000.1.1.aarch64",
"openSUSE Leap 16.0:google-osconfig-agent-20260615.01-160000.1.1.ppc64le",
"openSUSE Leap 16.0:google-osconfig-agent-20260615.01-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-58190",
"url": "https://www.suse.com/security/cve/CVE-2025-58190"
},
{
"category": "external",
"summary": "SUSE Bug 1251309 for CVE-2025-58190",
"url": "https://bugzilla.suse.com/1251309"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:google-osconfig-agent-20260615.01-160000.1.1.aarch64",
"openSUSE Leap 16.0:google-osconfig-agent-20260615.01-160000.1.1.ppc64le",
"openSUSE Leap 16.0:google-osconfig-agent-20260615.01-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:google-osconfig-agent-20260615.01-160000.1.1.aarch64",
"openSUSE Leap 16.0:google-osconfig-agent-20260615.01-160000.1.1.ppc64le",
"openSUSE Leap 16.0:google-osconfig-agent-20260615.01-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-07-02T09:47:31Z",
"details": "moderate"
}
],
"title": "CVE-2025-58190"
},
{
"cve": "CVE-2026-33186",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-33186"
}
],
"notes": [
{
"category": "general",
"text": "gRPC-Go is the Go language implementation of gRPC. Versions prior to 1.79.3 have an authorization bypass resulting from improper input validation of the HTTP/2 `:path` pseudo-header. The gRPC-Go server was too lenient in its routing logic, accepting requests where the `:path` omitted the mandatory leading slash (e.g., `Service/Method` instead of `/Service/Method`). While the server successfully routed these requests to the correct handler, authorization interceptors (including the official `grpc/authz` package) evaluated the raw, non-canonical path string. Consequently, \"deny\" rules defined using canonical paths (starting with `/`) failed to match the incoming request, allowing it to bypass the policy if a fallback \"allow\" rule was present. This affects gRPC-Go servers that use path-based authorization interceptors, such as the official RBAC implementation in `google.golang.org/grpc/authz` or custom interceptors relying on `info.FullMethod` or `grpc.Method(ctx)`; AND that have a security policy contains specific \"deny\" rules for canonical paths but allows other requests by default (a fallback \"allow\" rule). The vulnerability is exploitable by an attacker who can send raw HTTP/2 frames with malformed `:path` headers directly to the gRPC server. The fix in version 1.79.3 ensures that any request with a `:path` that does not start with a leading slash is immediately rejected with a `codes.Unimplemented` error, preventing it from reaching authorization interceptors or handlers with a non-canonical path string. While upgrading is the most secure and recommended path, users can mitigate the vulnerability using one of the following methods: Use a validating interceptor (recommended mitigation); infrastructure-level normalization; and/or policy hardening.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:google-osconfig-agent-20260615.01-160000.1.1.aarch64",
"openSUSE Leap 16.0:google-osconfig-agent-20260615.01-160000.1.1.ppc64le",
"openSUSE Leap 16.0:google-osconfig-agent-20260615.01-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-33186",
"url": "https://www.suse.com/security/cve/CVE-2026-33186"
},
{
"category": "external",
"summary": "SUSE Bug 1260085 for CVE-2026-33186",
"url": "https://bugzilla.suse.com/1260085"
},
{
"category": "external",
"summary": "SUSE Bug 1268676 for CVE-2026-33186",
"url": "https://bugzilla.suse.com/1268676"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:google-osconfig-agent-20260615.01-160000.1.1.aarch64",
"openSUSE Leap 16.0:google-osconfig-agent-20260615.01-160000.1.1.ppc64le",
"openSUSE Leap 16.0:google-osconfig-agent-20260615.01-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:google-osconfig-agent-20260615.01-160000.1.1.aarch64",
"openSUSE Leap 16.0:google-osconfig-agent-20260615.01-160000.1.1.ppc64le",
"openSUSE Leap 16.0:google-osconfig-agent-20260615.01-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-07-02T09:47:31Z",
"details": "important"
}
],
"title": "CVE-2026-33186"
},
{
"cve": "CVE-2026-33814",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-33814"
}
],
"notes": [
{
"category": "general",
"text": "When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a SETTINGS_MAX_FRAME_SIZE with a value of 0.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:google-osconfig-agent-20260615.01-160000.1.1.aarch64",
"openSUSE Leap 16.0:google-osconfig-agent-20260615.01-160000.1.1.ppc64le",
"openSUSE Leap 16.0:google-osconfig-agent-20260615.01-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-33814",
"url": "https://www.suse.com/security/cve/CVE-2026-33814"
},
{
"category": "external",
"summary": "SUSE Bug 1264506 for CVE-2026-33814",
"url": "https://bugzilla.suse.com/1264506"
},
{
"category": "external",
"summary": "SUSE Bug 1268758 for CVE-2026-33814",
"url": "https://bugzilla.suse.com/1268758"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:google-osconfig-agent-20260615.01-160000.1.1.aarch64",
"openSUSE Leap 16.0:google-osconfig-agent-20260615.01-160000.1.1.ppc64le",
"openSUSE Leap 16.0:google-osconfig-agent-20260615.01-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:google-osconfig-agent-20260615.01-160000.1.1.aarch64",
"openSUSE Leap 16.0:google-osconfig-agent-20260615.01-160000.1.1.ppc64le",
"openSUSE Leap 16.0:google-osconfig-agent-20260615.01-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-07-02T09:47:31Z",
"details": "important"
}
],
"title": "CVE-2026-33814"
},
{
"cve": "CVE-2026-34986",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-34986"
}
],
"notes": [
{
"category": "general",
"text": "Go JOSE provides an implementation of the Javascript Object Signing and Encryption set of standards in Go, including support for JSON Web Encryption (JWE), JSON Web Signature (JWS), and JSON Web Token (JWT) standards. Prior to 4.1.4 and 3.0.5, decrypting a JSON Web Encryption (JWE) object will panic if the alg field indicates a key wrapping algorithm (one ending in KW, with the exception of A128GCMKW, A192GCMKW, and A256GCMKW) and the encrypted_key field is empty. The panic happens when cipher.KeyUnwrap() in key_wrap.go attempts to allocate a slice with a zero or negative length based on the length of the encrypted_key. This code path is reachable from ParseEncrypted() / ParseEncryptedJSON() / ParseEncryptedCompact() followed by Decrypt() on the resulting object. Note that the parse functions take a list of accepted key algorithms. If the accepted key algorithms do not include any key wrapping algorithms, parsing will fail and the application will be unaffected. This panic is also reachable by calling cipher.KeyUnwrap() directly with any ciphertext parameter less than 16 bytes long, but calling this function directly is less common. Panics can lead to denial of service. This vulnerability is fixed in 4.1.4 and 3.0.5.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:google-osconfig-agent-20260615.01-160000.1.1.aarch64",
"openSUSE Leap 16.0:google-osconfig-agent-20260615.01-160000.1.1.ppc64le",
"openSUSE Leap 16.0:google-osconfig-agent-20260615.01-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-34986",
"url": "https://www.suse.com/security/cve/CVE-2026-34986"
},
{
"category": "external",
"summary": "SUSE Bug 1262805 for CVE-2026-34986",
"url": "https://bugzilla.suse.com/1262805"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:google-osconfig-agent-20260615.01-160000.1.1.aarch64",
"openSUSE Leap 16.0:google-osconfig-agent-20260615.01-160000.1.1.ppc64le",
"openSUSE Leap 16.0:google-osconfig-agent-20260615.01-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:google-osconfig-agent-20260615.01-160000.1.1.aarch64",
"openSUSE Leap 16.0:google-osconfig-agent-20260615.01-160000.1.1.ppc64le",
"openSUSE Leap 16.0:google-osconfig-agent-20260615.01-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-07-02T09:47:31Z",
"details": "important"
}
],
"title": "CVE-2026-34986"
},
{
"cve": "CVE-2026-39821",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39821"
}
],
"notes": [
{
"category": "general",
"text": "The ToASCII and ToUnicode functions incorrectly accept Punycode-encoded labels that decode to an ASCII-only label. For example, ToUnicode(\"xn--example-.com\") incorrectly returns the name \"example.com\" rather than an error. This behavior can lead to privilege escalation in programs using the idna package. For example, a program which performs privilege checks on the ASCII hostname may reject \"example.com\" but permit \"xn--example-.com\". If that program subsequently converts the ASCII hostname to Unicode, it will inadvertently permits access to the Unicode name \"example.com\".",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:google-osconfig-agent-20260615.01-160000.1.1.aarch64",
"openSUSE Leap 16.0:google-osconfig-agent-20260615.01-160000.1.1.ppc64le",
"openSUSE Leap 16.0:google-osconfig-agent-20260615.01-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39821",
"url": "https://www.suse.com/security/cve/CVE-2026-39821"
},
{
"category": "external",
"summary": "SUSE Bug 1266474 for CVE-2026-39821",
"url": "https://bugzilla.suse.com/1266474"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:google-osconfig-agent-20260615.01-160000.1.1.aarch64",
"openSUSE Leap 16.0:google-osconfig-agent-20260615.01-160000.1.1.ppc64le",
"openSUSE Leap 16.0:google-osconfig-agent-20260615.01-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:google-osconfig-agent-20260615.01-160000.1.1.aarch64",
"openSUSE Leap 16.0:google-osconfig-agent-20260615.01-160000.1.1.ppc64le",
"openSUSE Leap 16.0:google-osconfig-agent-20260615.01-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-07-02T09:47:31Z",
"details": "important"
}
],
"title": "CVE-2026-39821"
},
{
"cve": "CVE-2026-39827",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39827"
}
],
"notes": [
{
"category": "general",
"text": "An authenticated SSH client that repeatedly opened channels which were rejected by the server caused unbounded memory growth, eventually crashing the server process and affecting all connected users. Rejected channels are now properly removed from the connection\u0027s internal state and released for garbage collection.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:google-osconfig-agent-20260615.01-160000.1.1.aarch64",
"openSUSE Leap 16.0:google-osconfig-agent-20260615.01-160000.1.1.ppc64le",
"openSUSE Leap 16.0:google-osconfig-agent-20260615.01-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39827",
"url": "https://www.suse.com/security/cve/CVE-2026-39827"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-39827",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:google-osconfig-agent-20260615.01-160000.1.1.aarch64",
"openSUSE Leap 16.0:google-osconfig-agent-20260615.01-160000.1.1.ppc64le",
"openSUSE Leap 16.0:google-osconfig-agent-20260615.01-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:google-osconfig-agent-20260615.01-160000.1.1.aarch64",
"openSUSE Leap 16.0:google-osconfig-agent-20260615.01-160000.1.1.ppc64le",
"openSUSE Leap 16.0:google-osconfig-agent-20260615.01-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-07-02T09:47:31Z",
"details": "important"
}
],
"title": "CVE-2026-39827"
},
{
"cve": "CVE-2026-39828",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39828"
}
],
"notes": [
{
"category": "general",
"text": "When an SSH server authentication callback returned PartialSuccessError with non-nil Permissions, those permissions were silently discarded, potentially dropping certificate restrictions such as force-command after a second factor succeeded. Returning non-nil Permissions with PartialSuccessError now results in a connection error.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:google-osconfig-agent-20260615.01-160000.1.1.aarch64",
"openSUSE Leap 16.0:google-osconfig-agent-20260615.01-160000.1.1.ppc64le",
"openSUSE Leap 16.0:google-osconfig-agent-20260615.01-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39828",
"url": "https://www.suse.com/security/cve/CVE-2026-39828"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-39828",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:google-osconfig-agent-20260615.01-160000.1.1.aarch64",
"openSUSE Leap 16.0:google-osconfig-agent-20260615.01-160000.1.1.ppc64le",
"openSUSE Leap 16.0:google-osconfig-agent-20260615.01-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:google-osconfig-agent-20260615.01-160000.1.1.aarch64",
"openSUSE Leap 16.0:google-osconfig-agent-20260615.01-160000.1.1.ppc64le",
"openSUSE Leap 16.0:google-osconfig-agent-20260615.01-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-07-02T09:47:31Z",
"details": "important"
}
],
"title": "CVE-2026-39828"
},
{
"cve": "CVE-2026-39829",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39829"
}
],
"notes": [
{
"category": "general",
"text": "The RSA and DSA public key parsers did not enforce size limits on key parameters. A crafted public key with an excessively large modulus or DSA parameter could cause several minutes of CPU consumption during signature verification. This could be triggered by unauthenticated clients during public key authentication. RSA moduli are now limited to 8192 bits, and DSA parameters are validated per FIPS 186-2.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:google-osconfig-agent-20260615.01-160000.1.1.aarch64",
"openSUSE Leap 16.0:google-osconfig-agent-20260615.01-160000.1.1.ppc64le",
"openSUSE Leap 16.0:google-osconfig-agent-20260615.01-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39829",
"url": "https://www.suse.com/security/cve/CVE-2026-39829"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-39829",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:google-osconfig-agent-20260615.01-160000.1.1.aarch64",
"openSUSE Leap 16.0:google-osconfig-agent-20260615.01-160000.1.1.ppc64le",
"openSUSE Leap 16.0:google-osconfig-agent-20260615.01-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:google-osconfig-agent-20260615.01-160000.1.1.aarch64",
"openSUSE Leap 16.0:google-osconfig-agent-20260615.01-160000.1.1.ppc64le",
"openSUSE Leap 16.0:google-osconfig-agent-20260615.01-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-07-02T09:47:31Z",
"details": "important"
}
],
"title": "CVE-2026-39829"
},
{
"cve": "CVE-2026-39830",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39830"
}
],
"notes": [
{
"category": "general",
"text": "A malicious SSH peer could send unsolicited global request responses to fill an internal buffer, blocking the connection\u0027s read loop. The blocked goroutine could not be released by calling Close(), resulting in a resource leak per connection. Unsolicited global responses are now discarded.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:google-osconfig-agent-20260615.01-160000.1.1.aarch64",
"openSUSE Leap 16.0:google-osconfig-agent-20260615.01-160000.1.1.ppc64le",
"openSUSE Leap 16.0:google-osconfig-agent-20260615.01-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39830",
"url": "https://www.suse.com/security/cve/CVE-2026-39830"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-39830",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:google-osconfig-agent-20260615.01-160000.1.1.aarch64",
"openSUSE Leap 16.0:google-osconfig-agent-20260615.01-160000.1.1.ppc64le",
"openSUSE Leap 16.0:google-osconfig-agent-20260615.01-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:google-osconfig-agent-20260615.01-160000.1.1.aarch64",
"openSUSE Leap 16.0:google-osconfig-agent-20260615.01-160000.1.1.ppc64le",
"openSUSE Leap 16.0:google-osconfig-agent-20260615.01-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-07-02T09:47:31Z",
"details": "important"
}
],
"title": "CVE-2026-39830"
},
{
"cve": "CVE-2026-39831",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39831"
}
],
"notes": [
{
"category": "general",
"text": "The Verify() method for FIDO/U2F security key types (sk-ecdsa-sha2-nistp256@openssh.com, sk-ssh-ed25519@openssh.com) did not check the User Presence flag. Signatures generated without physical touch were accepted, allowing unattended use of a hardware security key. To restore the previous behavior, return a \"no-touch-required\" extension in Permissions.Extensions from PublicKeyCallback.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:google-osconfig-agent-20260615.01-160000.1.1.aarch64",
"openSUSE Leap 16.0:google-osconfig-agent-20260615.01-160000.1.1.ppc64le",
"openSUSE Leap 16.0:google-osconfig-agent-20260615.01-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39831",
"url": "https://www.suse.com/security/cve/CVE-2026-39831"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-39831",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:google-osconfig-agent-20260615.01-160000.1.1.aarch64",
"openSUSE Leap 16.0:google-osconfig-agent-20260615.01-160000.1.1.ppc64le",
"openSUSE Leap 16.0:google-osconfig-agent-20260615.01-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:google-osconfig-agent-20260615.01-160000.1.1.aarch64",
"openSUSE Leap 16.0:google-osconfig-agent-20260615.01-160000.1.1.ppc64le",
"openSUSE Leap 16.0:google-osconfig-agent-20260615.01-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-07-02T09:47:31Z",
"details": "important"
}
],
"title": "CVE-2026-39831"
},
{
"cve": "CVE-2026-39832",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39832"
}
],
"notes": [
{
"category": "general",
"text": "When adding a key to a remote agent constraint extensions such as restrict-destination-v00@openssh.com were not serialized in the request. Destination restrictions were silently stripped when forwarding keys, allowing unrestricted use of the key on the remote host. The client now serializes all constraint extensions. Additionally, the in-memory keyring returned by NewKeyring() now rejects keys with unsupported constraint extensions instead of silently ignoring them.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:google-osconfig-agent-20260615.01-160000.1.1.aarch64",
"openSUSE Leap 16.0:google-osconfig-agent-20260615.01-160000.1.1.ppc64le",
"openSUSE Leap 16.0:google-osconfig-agent-20260615.01-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39832",
"url": "https://www.suse.com/security/cve/CVE-2026-39832"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-39832",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:google-osconfig-agent-20260615.01-160000.1.1.aarch64",
"openSUSE Leap 16.0:google-osconfig-agent-20260615.01-160000.1.1.ppc64le",
"openSUSE Leap 16.0:google-osconfig-agent-20260615.01-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:google-osconfig-agent-20260615.01-160000.1.1.aarch64",
"openSUSE Leap 16.0:google-osconfig-agent-20260615.01-160000.1.1.ppc64le",
"openSUSE Leap 16.0:google-osconfig-agent-20260615.01-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-07-02T09:47:31Z",
"details": "important"
}
],
"title": "CVE-2026-39832"
},
{
"cve": "CVE-2026-39833",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39833"
}
],
"notes": [
{
"category": "general",
"text": "The in-memory keyring returned by NewKeyring() silently accepted keys with the ConfirmBeforeUse constraint but never enforced it. The key would sign without any confirmation prompt, with no indication to the caller that the constraint was not in effect. NewKeyring() now returns an error when unsupported constraints are requested.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:google-osconfig-agent-20260615.01-160000.1.1.aarch64",
"openSUSE Leap 16.0:google-osconfig-agent-20260615.01-160000.1.1.ppc64le",
"openSUSE Leap 16.0:google-osconfig-agent-20260615.01-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39833",
"url": "https://www.suse.com/security/cve/CVE-2026-39833"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-39833",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:google-osconfig-agent-20260615.01-160000.1.1.aarch64",
"openSUSE Leap 16.0:google-osconfig-agent-20260615.01-160000.1.1.ppc64le",
"openSUSE Leap 16.0:google-osconfig-agent-20260615.01-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:google-osconfig-agent-20260615.01-160000.1.1.aarch64",
"openSUSE Leap 16.0:google-osconfig-agent-20260615.01-160000.1.1.ppc64le",
"openSUSE Leap 16.0:google-osconfig-agent-20260615.01-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-07-02T09:47:31Z",
"details": "important"
}
],
"title": "CVE-2026-39833"
},
{
"cve": "CVE-2026-39834",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39834"
}
],
"notes": [
{
"category": "general",
"text": "When writing data larger than 4GB in a single Write call on an SSH channel, an integer overflow in the internal payload size calculation caused the write loop to spin indefinitely, sending empty packets without making progress. The size comparison now uses int64 to prevent truncation.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:google-osconfig-agent-20260615.01-160000.1.1.aarch64",
"openSUSE Leap 16.0:google-osconfig-agent-20260615.01-160000.1.1.ppc64le",
"openSUSE Leap 16.0:google-osconfig-agent-20260615.01-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39834",
"url": "https://www.suse.com/security/cve/CVE-2026-39834"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-39834",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:google-osconfig-agent-20260615.01-160000.1.1.aarch64",
"openSUSE Leap 16.0:google-osconfig-agent-20260615.01-160000.1.1.ppc64le",
"openSUSE Leap 16.0:google-osconfig-agent-20260615.01-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:google-osconfig-agent-20260615.01-160000.1.1.aarch64",
"openSUSE Leap 16.0:google-osconfig-agent-20260615.01-160000.1.1.ppc64le",
"openSUSE Leap 16.0:google-osconfig-agent-20260615.01-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-07-02T09:47:31Z",
"details": "important"
}
],
"title": "CVE-2026-39834"
},
{
"cve": "CVE-2026-39835",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39835"
}
],
"notes": [
{
"category": "general",
"text": "SSH servers which use CertChecker as a public key callback without setting IsUserAuthority or IsHostAuthority could be caused to panic by a client presenting a certificate. CertChecker now returns an error instead of panicking when these callbacks are nil.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:google-osconfig-agent-20260615.01-160000.1.1.aarch64",
"openSUSE Leap 16.0:google-osconfig-agent-20260615.01-160000.1.1.ppc64le",
"openSUSE Leap 16.0:google-osconfig-agent-20260615.01-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39835",
"url": "https://www.suse.com/security/cve/CVE-2026-39835"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-39835",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:google-osconfig-agent-20260615.01-160000.1.1.aarch64",
"openSUSE Leap 16.0:google-osconfig-agent-20260615.01-160000.1.1.ppc64le",
"openSUSE Leap 16.0:google-osconfig-agent-20260615.01-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:google-osconfig-agent-20260615.01-160000.1.1.aarch64",
"openSUSE Leap 16.0:google-osconfig-agent-20260615.01-160000.1.1.ppc64le",
"openSUSE Leap 16.0:google-osconfig-agent-20260615.01-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-07-02T09:47:31Z",
"details": "important"
}
],
"title": "CVE-2026-39835"
},
{
"cve": "CVE-2026-41506",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-41506"
}
],
"notes": [
{
"category": "general",
"text": "go-git is an extensible git implementation library written in pure Go. Prior to versions 5.18.0 and 6.0.0-alpha.2, go-git may leak HTTP authentication credentials when following redirects during smart-HTTP clone and fetch operations. This issue has been patched in versions 5.18.0 and 6.0.0-alpha.2.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:google-osconfig-agent-20260615.01-160000.1.1.aarch64",
"openSUSE Leap 16.0:google-osconfig-agent-20260615.01-160000.1.1.ppc64le",
"openSUSE Leap 16.0:google-osconfig-agent-20260615.01-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-41506",
"url": "https://www.suse.com/security/cve/CVE-2026-41506"
},
{
"category": "external",
"summary": "SUSE Bug 1264854 for CVE-2026-41506",
"url": "https://bugzilla.suse.com/1264854"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:google-osconfig-agent-20260615.01-160000.1.1.aarch64",
"openSUSE Leap 16.0:google-osconfig-agent-20260615.01-160000.1.1.ppc64le",
"openSUSE Leap 16.0:google-osconfig-agent-20260615.01-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:google-osconfig-agent-20260615.01-160000.1.1.aarch64",
"openSUSE Leap 16.0:google-osconfig-agent-20260615.01-160000.1.1.ppc64le",
"openSUSE Leap 16.0:google-osconfig-agent-20260615.01-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-07-02T09:47:31Z",
"details": "moderate"
}
],
"title": "CVE-2026-41506"
},
{
"cve": "CVE-2026-42508",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-42508"
}
],
"notes": [
{
"category": "general",
"text": "Previously, a revoked \u0027SignatureKey\u0027 belonging to a CA was not correctly checked for revocation. Now, both the \u0027key\u0027 and \u0027key.SignatureKey\u0027 are checked for @revoked.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:google-osconfig-agent-20260615.01-160000.1.1.aarch64",
"openSUSE Leap 16.0:google-osconfig-agent-20260615.01-160000.1.1.ppc64le",
"openSUSE Leap 16.0:google-osconfig-agent-20260615.01-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-42508",
"url": "https://www.suse.com/security/cve/CVE-2026-42508"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-42508",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:google-osconfig-agent-20260615.01-160000.1.1.aarch64",
"openSUSE Leap 16.0:google-osconfig-agent-20260615.01-160000.1.1.ppc64le",
"openSUSE Leap 16.0:google-osconfig-agent-20260615.01-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:google-osconfig-agent-20260615.01-160000.1.1.aarch64",
"openSUSE Leap 16.0:google-osconfig-agent-20260615.01-160000.1.1.ppc64le",
"openSUSE Leap 16.0:google-osconfig-agent-20260615.01-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-07-02T09:47:31Z",
"details": "important"
}
],
"title": "CVE-2026-42508"
},
{
"cve": "CVE-2026-46595",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-46595"
}
],
"notes": [
{
"category": "general",
"text": "Previously, CVE-2024-45337 fixed an authorization bypass for misused ssh server configurations; if any other type of callback is passed other than public key, then the source-address validation would be skipped.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:google-osconfig-agent-20260615.01-160000.1.1.aarch64",
"openSUSE Leap 16.0:google-osconfig-agent-20260615.01-160000.1.1.ppc64le",
"openSUSE Leap 16.0:google-osconfig-agent-20260615.01-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-46595",
"url": "https://www.suse.com/security/cve/CVE-2026-46595"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-46595",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:google-osconfig-agent-20260615.01-160000.1.1.aarch64",
"openSUSE Leap 16.0:google-osconfig-agent-20260615.01-160000.1.1.ppc64le",
"openSUSE Leap 16.0:google-osconfig-agent-20260615.01-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:google-osconfig-agent-20260615.01-160000.1.1.aarch64",
"openSUSE Leap 16.0:google-osconfig-agent-20260615.01-160000.1.1.ppc64le",
"openSUSE Leap 16.0:google-osconfig-agent-20260615.01-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-07-02T09:47:31Z",
"details": "important"
}
],
"title": "CVE-2026-46595"
},
{
"cve": "CVE-2026-46597",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-46597"
}
],
"notes": [
{
"category": "general",
"text": "An incorrectly placed cast from bytes to int allowed for server-side panic in the AES-GCM packet decoder for well-crafted inputs.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:google-osconfig-agent-20260615.01-160000.1.1.aarch64",
"openSUSE Leap 16.0:google-osconfig-agent-20260615.01-160000.1.1.ppc64le",
"openSUSE Leap 16.0:google-osconfig-agent-20260615.01-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-46597",
"url": "https://www.suse.com/security/cve/CVE-2026-46597"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-46597",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:google-osconfig-agent-20260615.01-160000.1.1.aarch64",
"openSUSE Leap 16.0:google-osconfig-agent-20260615.01-160000.1.1.ppc64le",
"openSUSE Leap 16.0:google-osconfig-agent-20260615.01-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:google-osconfig-agent-20260615.01-160000.1.1.aarch64",
"openSUSE Leap 16.0:google-osconfig-agent-20260615.01-160000.1.1.ppc64le",
"openSUSE Leap 16.0:google-osconfig-agent-20260615.01-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-07-02T09:47:31Z",
"details": "important"
}
],
"title": "CVE-2026-46597"
},
{
"cve": "CVE-2026-46598",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-46598"
}
],
"notes": [
{
"category": "general",
"text": "For certain crafted inputs, a \u0027ed25519.PrivateKey\u0027 was created by casting malformed wire bytes, leading to a panic when used.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:google-osconfig-agent-20260615.01-160000.1.1.aarch64",
"openSUSE Leap 16.0:google-osconfig-agent-20260615.01-160000.1.1.ppc64le",
"openSUSE Leap 16.0:google-osconfig-agent-20260615.01-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-46598",
"url": "https://www.suse.com/security/cve/CVE-2026-46598"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-46598",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:google-osconfig-agent-20260615.01-160000.1.1.aarch64",
"openSUSE Leap 16.0:google-osconfig-agent-20260615.01-160000.1.1.ppc64le",
"openSUSE Leap 16.0:google-osconfig-agent-20260615.01-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:google-osconfig-agent-20260615.01-160000.1.1.aarch64",
"openSUSE Leap 16.0:google-osconfig-agent-20260615.01-160000.1.1.ppc64le",
"openSUSE Leap 16.0:google-osconfig-agent-20260615.01-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-07-02T09:47:31Z",
"details": "important"
}
],
"title": "CVE-2026-46598"
}
]
}
OPENSUSE-SU-2026:21213-1
Vulnerability from csaf_opensuse - Published: 2026-07-02 09:47 - Updated: 2026-07-02 09:47| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:containerd-1.7.33-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:containerd-1.7.33-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:containerd-1.7.33-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:containerd-1.7.33-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:containerd-ctr-1.7.33-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:containerd-ctr-1.7.33-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:containerd-ctr-1.7.33-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:containerd-ctr-1.7.33-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:containerd-devel-1.7.33-160000.1.1.noarch | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:containerd-1.7.33-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:containerd-1.7.33-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:containerd-1.7.33-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:containerd-1.7.33-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:containerd-ctr-1.7.33-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:containerd-ctr-1.7.33-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:containerd-ctr-1.7.33-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:containerd-ctr-1.7.33-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:containerd-devel-1.7.33-160000.1.1.noarch | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:containerd-1.7.33-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:containerd-1.7.33-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:containerd-1.7.33-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:containerd-1.7.33-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:containerd-ctr-1.7.33-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:containerd-ctr-1.7.33-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:containerd-ctr-1.7.33-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:containerd-ctr-1.7.33-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:containerd-devel-1.7.33-160000.1.1.noarch | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:containerd-1.7.33-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:containerd-1.7.33-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:containerd-1.7.33-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:containerd-1.7.33-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:containerd-ctr-1.7.33-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:containerd-ctr-1.7.33-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:containerd-ctr-1.7.33-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:containerd-ctr-1.7.33-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:containerd-devel-1.7.33-160000.1.1.noarch | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:containerd-1.7.33-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:containerd-1.7.33-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:containerd-1.7.33-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:containerd-1.7.33-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:containerd-ctr-1.7.33-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:containerd-ctr-1.7.33-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:containerd-ctr-1.7.33-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:containerd-ctr-1.7.33-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:containerd-devel-1.7.33-160000.1.1.noarch | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:containerd-1.7.33-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:containerd-1.7.33-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:containerd-1.7.33-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:containerd-1.7.33-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:containerd-ctr-1.7.33-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:containerd-ctr-1.7.33-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:containerd-ctr-1.7.33-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:containerd-ctr-1.7.33-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:containerd-devel-1.7.33-160000.1.1.noarch | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:containerd-1.7.33-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:containerd-1.7.33-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:containerd-1.7.33-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:containerd-1.7.33-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:containerd-ctr-1.7.33-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:containerd-ctr-1.7.33-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:containerd-ctr-1.7.33-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:containerd-ctr-1.7.33-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:containerd-devel-1.7.33-160000.1.1.noarch | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:containerd-1.7.33-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:containerd-1.7.33-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:containerd-1.7.33-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:containerd-1.7.33-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:containerd-ctr-1.7.33-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:containerd-ctr-1.7.33-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:containerd-ctr-1.7.33-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:containerd-ctr-1.7.33-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:containerd-devel-1.7.33-160000.1.1.noarch | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:containerd-1.7.33-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:containerd-1.7.33-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:containerd-1.7.33-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:containerd-1.7.33-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:containerd-ctr-1.7.33-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:containerd-ctr-1.7.33-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:containerd-ctr-1.7.33-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:containerd-ctr-1.7.33-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:containerd-devel-1.7.33-160000.1.1.noarch | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:containerd-1.7.33-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:containerd-1.7.33-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:containerd-1.7.33-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:containerd-1.7.33-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:containerd-ctr-1.7.33-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:containerd-ctr-1.7.33-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:containerd-ctr-1.7.33-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:containerd-ctr-1.7.33-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:containerd-devel-1.7.33-160000.1.1.noarch | — |
Vendor Fix
|
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for containerd",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for containerd fixes the following issues\n\nUpdate to 1.7.33:\n\n- CVE-2024-25621: overly broad default permission vulnerability (bsc#1253126).\n- CVE-2025-64329: goroutine leaks can lead to memory exhaustion on the host (bsc#1253132).\n- CVE-2026-33186: google.golang.org/grpc: authorization bypass due to improper validation of the HTTP/2 :path pseudo-\n header (bsc#1260296).\n- CVE-2026-33814: golang.org/x/net/http2: infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE\n (bsc#1265794).\n- CVE-2026-34986: github.com/go-jose/go-jose/v4,github.com/go-jose/go-jose/v3: crafted JWE input with a missing\n encrypted key can lead to a denial of service (bsc#1262948).\n- CVE-2026-35469: github.com/moby/spdystream: memory amplification in SPDY frame parsing leads to denial of service\n (bsc#1262266).\n- CVE-2026-39821: golang.org/x/net/idna: failure to reject ASCII-only Punycode-encoded labels allows for validation\n bypass and privilege escalation (bsc#1266640).\n- CVE-2026-46680: containerd user ID handling bypass allows runAsNonRoot evasion (bsc#1268355).\n- CVE-2026-47262: Denial of Service (DoS) condition via a maliciously crafted image (bsc#1268441).\n- CVE-2026-53488: CRI plugin propagates labels from an image config to a container without validation (bsc#1268430).\n\nChanges for containerd:\n\n * https://github.com/containerd/containerd/releases/tag/v1.7.33\n * https://github.com/containerd/containerd/releases/tag/v1.7.32\n * https://github.com/containerd/containerd/releases/tag/v1.7.31\n * https://github.com/containerd/containerd/releases/tag/v1.7.30\n * https://github.com/containerd/containerd/releases/tag/v1.7.29\n * https://github.com/containerd/containerd/releases/tag/v1.7.28\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Leap-16.0-1139",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2026_21213-1.json"
},
{
"category": "self",
"summary": "SUSE Bug 1253126",
"url": "https://bugzilla.suse.com/1253126"
},
{
"category": "self",
"summary": "SUSE Bug 1253132",
"url": "https://bugzilla.suse.com/1253132"
},
{
"category": "self",
"summary": "SUSE Bug 1260296",
"url": "https://bugzilla.suse.com/1260296"
},
{
"category": "self",
"summary": "SUSE Bug 1262266",
"url": "https://bugzilla.suse.com/1262266"
},
{
"category": "self",
"summary": "SUSE Bug 1262948",
"url": "https://bugzilla.suse.com/1262948"
},
{
"category": "self",
"summary": "SUSE Bug 1265794",
"url": "https://bugzilla.suse.com/1265794"
},
{
"category": "self",
"summary": "SUSE Bug 1266640",
"url": "https://bugzilla.suse.com/1266640"
},
{
"category": "self",
"summary": "SUSE Bug 1268355",
"url": "https://bugzilla.suse.com/1268355"
},
{
"category": "self",
"summary": "SUSE Bug 1268430",
"url": "https://bugzilla.suse.com/1268430"
},
{
"category": "self",
"summary": "SUSE Bug 1268441",
"url": "https://bugzilla.suse.com/1268441"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-25621 page",
"url": "https://www.suse.com/security/cve/CVE-2024-25621/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-64329 page",
"url": "https://www.suse.com/security/cve/CVE-2025-64329/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-33186 page",
"url": "https://www.suse.com/security/cve/CVE-2026-33186/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-33814 page",
"url": "https://www.suse.com/security/cve/CVE-2026-33814/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-34986 page",
"url": "https://www.suse.com/security/cve/CVE-2026-34986/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-35469 page",
"url": "https://www.suse.com/security/cve/CVE-2026-35469/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39821 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39821/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-46680 page",
"url": "https://www.suse.com/security/cve/CVE-2026-46680/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-47262 page",
"url": "https://www.suse.com/security/cve/CVE-2026-47262/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-53488 page",
"url": "https://www.suse.com/security/cve/CVE-2026-53488/"
}
],
"title": "Security update for containerd",
"tracking": {
"current_release_date": "2026-07-02T09:47:31Z",
"generator": {
"date": "2026-07-02T09:47:31Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2026:21213-1",
"initial_release_date": "2026-07-02T09:47:31Z",
"revision_history": [
{
"date": "2026-07-02T09:47:31Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "containerd-1.7.33-160000.1.1.aarch64",
"product": {
"name": "containerd-1.7.33-160000.1.1.aarch64",
"product_id": "containerd-1.7.33-160000.1.1.aarch64"
}
},
{
"category": "product_version",
"name": "containerd-ctr-1.7.33-160000.1.1.aarch64",
"product": {
"name": "containerd-ctr-1.7.33-160000.1.1.aarch64",
"product_id": "containerd-ctr-1.7.33-160000.1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "containerd-devel-1.7.33-160000.1.1.noarch",
"product": {
"name": "containerd-devel-1.7.33-160000.1.1.noarch",
"product_id": "containerd-devel-1.7.33-160000.1.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "containerd-1.7.33-160000.1.1.ppc64le",
"product": {
"name": "containerd-1.7.33-160000.1.1.ppc64le",
"product_id": "containerd-1.7.33-160000.1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "containerd-ctr-1.7.33-160000.1.1.ppc64le",
"product": {
"name": "containerd-ctr-1.7.33-160000.1.1.ppc64le",
"product_id": "containerd-ctr-1.7.33-160000.1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "containerd-1.7.33-160000.1.1.s390x",
"product": {
"name": "containerd-1.7.33-160000.1.1.s390x",
"product_id": "containerd-1.7.33-160000.1.1.s390x"
}
},
{
"category": "product_version",
"name": "containerd-ctr-1.7.33-160000.1.1.s390x",
"product": {
"name": "containerd-ctr-1.7.33-160000.1.1.s390x",
"product_id": "containerd-ctr-1.7.33-160000.1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "containerd-1.7.33-160000.1.1.x86_64",
"product": {
"name": "containerd-1.7.33-160000.1.1.x86_64",
"product_id": "containerd-1.7.33-160000.1.1.x86_64"
}
},
{
"category": "product_version",
"name": "containerd-ctr-1.7.33-160000.1.1.x86_64",
"product": {
"name": "containerd-ctr-1.7.33-160000.1.1.x86_64",
"product_id": "containerd-ctr-1.7.33-160000.1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 16.0",
"product": {
"name": "openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0"
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "containerd-1.7.33-160000.1.1.aarch64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:containerd-1.7.33-160000.1.1.aarch64"
},
"product_reference": "containerd-1.7.33-160000.1.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "containerd-1.7.33-160000.1.1.ppc64le as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:containerd-1.7.33-160000.1.1.ppc64le"
},
"product_reference": "containerd-1.7.33-160000.1.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "containerd-1.7.33-160000.1.1.s390x as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:containerd-1.7.33-160000.1.1.s390x"
},
"product_reference": "containerd-1.7.33-160000.1.1.s390x",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "containerd-1.7.33-160000.1.1.x86_64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:containerd-1.7.33-160000.1.1.x86_64"
},
"product_reference": "containerd-1.7.33-160000.1.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "containerd-ctr-1.7.33-160000.1.1.aarch64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:containerd-ctr-1.7.33-160000.1.1.aarch64"
},
"product_reference": "containerd-ctr-1.7.33-160000.1.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "containerd-ctr-1.7.33-160000.1.1.ppc64le as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:containerd-ctr-1.7.33-160000.1.1.ppc64le"
},
"product_reference": "containerd-ctr-1.7.33-160000.1.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "containerd-ctr-1.7.33-160000.1.1.s390x as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:containerd-ctr-1.7.33-160000.1.1.s390x"
},
"product_reference": "containerd-ctr-1.7.33-160000.1.1.s390x",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "containerd-ctr-1.7.33-160000.1.1.x86_64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:containerd-ctr-1.7.33-160000.1.1.x86_64"
},
"product_reference": "containerd-ctr-1.7.33-160000.1.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "containerd-devel-1.7.33-160000.1.1.noarch as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:containerd-devel-1.7.33-160000.1.1.noarch"
},
"product_reference": "containerd-devel-1.7.33-160000.1.1.noarch",
"relates_to_product_reference": "openSUSE Leap 16.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-25621",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-25621"
}
],
"notes": [
{
"category": "general",
"text": "containerd is an open-source container runtime. Versions 0.1.0 through 1.7.28, 2.0.0-beta.0 through 2.0.6, 2.1.0-beta.0 through 2.1.4 and 2.2.0-beta.0 through 2.2.0-rc.1 have an overly broad default permission vulnerability. Directory paths `/var/lib/containerd`, `/run/containerd/io.containerd.grpc.v1.cri` and `/run/containerd/io.containerd.sandbox.controller.v1.shim` were all created with incorrect permissions. This issue is fixed in versions 1.7.29, 2.0.7, 2.1.5 and 2.2.0. Workarounds include updating system administrator permissions so the host can manually chmod the directories to not have group or world accessible permissions, or to run containerd in rootless mode.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:containerd-1.7.33-160000.1.1.aarch64",
"openSUSE Leap 16.0:containerd-1.7.33-160000.1.1.ppc64le",
"openSUSE Leap 16.0:containerd-1.7.33-160000.1.1.s390x",
"openSUSE Leap 16.0:containerd-1.7.33-160000.1.1.x86_64",
"openSUSE Leap 16.0:containerd-ctr-1.7.33-160000.1.1.aarch64",
"openSUSE Leap 16.0:containerd-ctr-1.7.33-160000.1.1.ppc64le",
"openSUSE Leap 16.0:containerd-ctr-1.7.33-160000.1.1.s390x",
"openSUSE Leap 16.0:containerd-ctr-1.7.33-160000.1.1.x86_64",
"openSUSE Leap 16.0:containerd-devel-1.7.33-160000.1.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-25621",
"url": "https://www.suse.com/security/cve/CVE-2024-25621"
},
{
"category": "external",
"summary": "SUSE Bug 1253126 for CVE-2024-25621",
"url": "https://bugzilla.suse.com/1253126"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:containerd-1.7.33-160000.1.1.aarch64",
"openSUSE Leap 16.0:containerd-1.7.33-160000.1.1.ppc64le",
"openSUSE Leap 16.0:containerd-1.7.33-160000.1.1.s390x",
"openSUSE Leap 16.0:containerd-1.7.33-160000.1.1.x86_64",
"openSUSE Leap 16.0:containerd-ctr-1.7.33-160000.1.1.aarch64",
"openSUSE Leap 16.0:containerd-ctr-1.7.33-160000.1.1.ppc64le",
"openSUSE Leap 16.0:containerd-ctr-1.7.33-160000.1.1.s390x",
"openSUSE Leap 16.0:containerd-ctr-1.7.33-160000.1.1.x86_64",
"openSUSE Leap 16.0:containerd-devel-1.7.33-160000.1.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:containerd-1.7.33-160000.1.1.aarch64",
"openSUSE Leap 16.0:containerd-1.7.33-160000.1.1.ppc64le",
"openSUSE Leap 16.0:containerd-1.7.33-160000.1.1.s390x",
"openSUSE Leap 16.0:containerd-1.7.33-160000.1.1.x86_64",
"openSUSE Leap 16.0:containerd-ctr-1.7.33-160000.1.1.aarch64",
"openSUSE Leap 16.0:containerd-ctr-1.7.33-160000.1.1.ppc64le",
"openSUSE Leap 16.0:containerd-ctr-1.7.33-160000.1.1.s390x",
"openSUSE Leap 16.0:containerd-ctr-1.7.33-160000.1.1.x86_64",
"openSUSE Leap 16.0:containerd-devel-1.7.33-160000.1.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-07-02T09:47:31Z",
"details": "important"
}
],
"title": "CVE-2024-25621"
},
{
"cve": "CVE-2025-64329",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-64329"
}
],
"notes": [
{
"category": "general",
"text": "containerd is an open-source container runtime. Versions 1.7.28 and below, 2.0.0-beta.0 through 2.0.6, 2.1.0-beta.0 through 2.1.4, and 2.2.0-beta.0 through 2.2.0-rc.1 contain a bug in the CRI Attach implementation where a user can exhaust memory on the host due to goroutine leaks. This issue is fixed in versions 1.7.29, 2.0.7, 2.1.5 and 2.2.0. To workaround this vulnerability, users can set up an admission controller to control accesses to pods/attach resources.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:containerd-1.7.33-160000.1.1.aarch64",
"openSUSE Leap 16.0:containerd-1.7.33-160000.1.1.ppc64le",
"openSUSE Leap 16.0:containerd-1.7.33-160000.1.1.s390x",
"openSUSE Leap 16.0:containerd-1.7.33-160000.1.1.x86_64",
"openSUSE Leap 16.0:containerd-ctr-1.7.33-160000.1.1.aarch64",
"openSUSE Leap 16.0:containerd-ctr-1.7.33-160000.1.1.ppc64le",
"openSUSE Leap 16.0:containerd-ctr-1.7.33-160000.1.1.s390x",
"openSUSE Leap 16.0:containerd-ctr-1.7.33-160000.1.1.x86_64",
"openSUSE Leap 16.0:containerd-devel-1.7.33-160000.1.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-64329",
"url": "https://www.suse.com/security/cve/CVE-2025-64329"
},
{
"category": "external",
"summary": "SUSE Bug 1253132 for CVE-2025-64329",
"url": "https://bugzilla.suse.com/1253132"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:containerd-1.7.33-160000.1.1.aarch64",
"openSUSE Leap 16.0:containerd-1.7.33-160000.1.1.ppc64le",
"openSUSE Leap 16.0:containerd-1.7.33-160000.1.1.s390x",
"openSUSE Leap 16.0:containerd-1.7.33-160000.1.1.x86_64",
"openSUSE Leap 16.0:containerd-ctr-1.7.33-160000.1.1.aarch64",
"openSUSE Leap 16.0:containerd-ctr-1.7.33-160000.1.1.ppc64le",
"openSUSE Leap 16.0:containerd-ctr-1.7.33-160000.1.1.s390x",
"openSUSE Leap 16.0:containerd-ctr-1.7.33-160000.1.1.x86_64",
"openSUSE Leap 16.0:containerd-devel-1.7.33-160000.1.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:containerd-1.7.33-160000.1.1.aarch64",
"openSUSE Leap 16.0:containerd-1.7.33-160000.1.1.ppc64le",
"openSUSE Leap 16.0:containerd-1.7.33-160000.1.1.s390x",
"openSUSE Leap 16.0:containerd-1.7.33-160000.1.1.x86_64",
"openSUSE Leap 16.0:containerd-ctr-1.7.33-160000.1.1.aarch64",
"openSUSE Leap 16.0:containerd-ctr-1.7.33-160000.1.1.ppc64le",
"openSUSE Leap 16.0:containerd-ctr-1.7.33-160000.1.1.s390x",
"openSUSE Leap 16.0:containerd-ctr-1.7.33-160000.1.1.x86_64",
"openSUSE Leap 16.0:containerd-devel-1.7.33-160000.1.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-07-02T09:47:31Z",
"details": "moderate"
}
],
"title": "CVE-2025-64329"
},
{
"cve": "CVE-2026-33186",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-33186"
}
],
"notes": [
{
"category": "general",
"text": "gRPC-Go is the Go language implementation of gRPC. Versions prior to 1.79.3 have an authorization bypass resulting from improper input validation of the HTTP/2 `:path` pseudo-header. The gRPC-Go server was too lenient in its routing logic, accepting requests where the `:path` omitted the mandatory leading slash (e.g., `Service/Method` instead of `/Service/Method`). While the server successfully routed these requests to the correct handler, authorization interceptors (including the official `grpc/authz` package) evaluated the raw, non-canonical path string. Consequently, \"deny\" rules defined using canonical paths (starting with `/`) failed to match the incoming request, allowing it to bypass the policy if a fallback \"allow\" rule was present. This affects gRPC-Go servers that use path-based authorization interceptors, such as the official RBAC implementation in `google.golang.org/grpc/authz` or custom interceptors relying on `info.FullMethod` or `grpc.Method(ctx)`; AND that have a security policy contains specific \"deny\" rules for canonical paths but allows other requests by default (a fallback \"allow\" rule). The vulnerability is exploitable by an attacker who can send raw HTTP/2 frames with malformed `:path` headers directly to the gRPC server. The fix in version 1.79.3 ensures that any request with a `:path` that does not start with a leading slash is immediately rejected with a `codes.Unimplemented` error, preventing it from reaching authorization interceptors or handlers with a non-canonical path string. While upgrading is the most secure and recommended path, users can mitigate the vulnerability using one of the following methods: Use a validating interceptor (recommended mitigation); infrastructure-level normalization; and/or policy hardening.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:containerd-1.7.33-160000.1.1.aarch64",
"openSUSE Leap 16.0:containerd-1.7.33-160000.1.1.ppc64le",
"openSUSE Leap 16.0:containerd-1.7.33-160000.1.1.s390x",
"openSUSE Leap 16.0:containerd-1.7.33-160000.1.1.x86_64",
"openSUSE Leap 16.0:containerd-ctr-1.7.33-160000.1.1.aarch64",
"openSUSE Leap 16.0:containerd-ctr-1.7.33-160000.1.1.ppc64le",
"openSUSE Leap 16.0:containerd-ctr-1.7.33-160000.1.1.s390x",
"openSUSE Leap 16.0:containerd-ctr-1.7.33-160000.1.1.x86_64",
"openSUSE Leap 16.0:containerd-devel-1.7.33-160000.1.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-33186",
"url": "https://www.suse.com/security/cve/CVE-2026-33186"
},
{
"category": "external",
"summary": "SUSE Bug 1260085 for CVE-2026-33186",
"url": "https://bugzilla.suse.com/1260085"
},
{
"category": "external",
"summary": "SUSE Bug 1268676 for CVE-2026-33186",
"url": "https://bugzilla.suse.com/1268676"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:containerd-1.7.33-160000.1.1.aarch64",
"openSUSE Leap 16.0:containerd-1.7.33-160000.1.1.ppc64le",
"openSUSE Leap 16.0:containerd-1.7.33-160000.1.1.s390x",
"openSUSE Leap 16.0:containerd-1.7.33-160000.1.1.x86_64",
"openSUSE Leap 16.0:containerd-ctr-1.7.33-160000.1.1.aarch64",
"openSUSE Leap 16.0:containerd-ctr-1.7.33-160000.1.1.ppc64le",
"openSUSE Leap 16.0:containerd-ctr-1.7.33-160000.1.1.s390x",
"openSUSE Leap 16.0:containerd-ctr-1.7.33-160000.1.1.x86_64",
"openSUSE Leap 16.0:containerd-devel-1.7.33-160000.1.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:containerd-1.7.33-160000.1.1.aarch64",
"openSUSE Leap 16.0:containerd-1.7.33-160000.1.1.ppc64le",
"openSUSE Leap 16.0:containerd-1.7.33-160000.1.1.s390x",
"openSUSE Leap 16.0:containerd-1.7.33-160000.1.1.x86_64",
"openSUSE Leap 16.0:containerd-ctr-1.7.33-160000.1.1.aarch64",
"openSUSE Leap 16.0:containerd-ctr-1.7.33-160000.1.1.ppc64le",
"openSUSE Leap 16.0:containerd-ctr-1.7.33-160000.1.1.s390x",
"openSUSE Leap 16.0:containerd-ctr-1.7.33-160000.1.1.x86_64",
"openSUSE Leap 16.0:containerd-devel-1.7.33-160000.1.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-07-02T09:47:31Z",
"details": "important"
}
],
"title": "CVE-2026-33186"
},
{
"cve": "CVE-2026-33814",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-33814"
}
],
"notes": [
{
"category": "general",
"text": "When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a SETTINGS_MAX_FRAME_SIZE with a value of 0.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:containerd-1.7.33-160000.1.1.aarch64",
"openSUSE Leap 16.0:containerd-1.7.33-160000.1.1.ppc64le",
"openSUSE Leap 16.0:containerd-1.7.33-160000.1.1.s390x",
"openSUSE Leap 16.0:containerd-1.7.33-160000.1.1.x86_64",
"openSUSE Leap 16.0:containerd-ctr-1.7.33-160000.1.1.aarch64",
"openSUSE Leap 16.0:containerd-ctr-1.7.33-160000.1.1.ppc64le",
"openSUSE Leap 16.0:containerd-ctr-1.7.33-160000.1.1.s390x",
"openSUSE Leap 16.0:containerd-ctr-1.7.33-160000.1.1.x86_64",
"openSUSE Leap 16.0:containerd-devel-1.7.33-160000.1.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-33814",
"url": "https://www.suse.com/security/cve/CVE-2026-33814"
},
{
"category": "external",
"summary": "SUSE Bug 1264506 for CVE-2026-33814",
"url": "https://bugzilla.suse.com/1264506"
},
{
"category": "external",
"summary": "SUSE Bug 1268758 for CVE-2026-33814",
"url": "https://bugzilla.suse.com/1268758"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:containerd-1.7.33-160000.1.1.aarch64",
"openSUSE Leap 16.0:containerd-1.7.33-160000.1.1.ppc64le",
"openSUSE Leap 16.0:containerd-1.7.33-160000.1.1.s390x",
"openSUSE Leap 16.0:containerd-1.7.33-160000.1.1.x86_64",
"openSUSE Leap 16.0:containerd-ctr-1.7.33-160000.1.1.aarch64",
"openSUSE Leap 16.0:containerd-ctr-1.7.33-160000.1.1.ppc64le",
"openSUSE Leap 16.0:containerd-ctr-1.7.33-160000.1.1.s390x",
"openSUSE Leap 16.0:containerd-ctr-1.7.33-160000.1.1.x86_64",
"openSUSE Leap 16.0:containerd-devel-1.7.33-160000.1.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:containerd-1.7.33-160000.1.1.aarch64",
"openSUSE Leap 16.0:containerd-1.7.33-160000.1.1.ppc64le",
"openSUSE Leap 16.0:containerd-1.7.33-160000.1.1.s390x",
"openSUSE Leap 16.0:containerd-1.7.33-160000.1.1.x86_64",
"openSUSE Leap 16.0:containerd-ctr-1.7.33-160000.1.1.aarch64",
"openSUSE Leap 16.0:containerd-ctr-1.7.33-160000.1.1.ppc64le",
"openSUSE Leap 16.0:containerd-ctr-1.7.33-160000.1.1.s390x",
"openSUSE Leap 16.0:containerd-ctr-1.7.33-160000.1.1.x86_64",
"openSUSE Leap 16.0:containerd-devel-1.7.33-160000.1.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-07-02T09:47:31Z",
"details": "important"
}
],
"title": "CVE-2026-33814"
},
{
"cve": "CVE-2026-34986",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-34986"
}
],
"notes": [
{
"category": "general",
"text": "Go JOSE provides an implementation of the Javascript Object Signing and Encryption set of standards in Go, including support for JSON Web Encryption (JWE), JSON Web Signature (JWS), and JSON Web Token (JWT) standards. Prior to 4.1.4 and 3.0.5, decrypting a JSON Web Encryption (JWE) object will panic if the alg field indicates a key wrapping algorithm (one ending in KW, with the exception of A128GCMKW, A192GCMKW, and A256GCMKW) and the encrypted_key field is empty. The panic happens when cipher.KeyUnwrap() in key_wrap.go attempts to allocate a slice with a zero or negative length based on the length of the encrypted_key. This code path is reachable from ParseEncrypted() / ParseEncryptedJSON() / ParseEncryptedCompact() followed by Decrypt() on the resulting object. Note that the parse functions take a list of accepted key algorithms. If the accepted key algorithms do not include any key wrapping algorithms, parsing will fail and the application will be unaffected. This panic is also reachable by calling cipher.KeyUnwrap() directly with any ciphertext parameter less than 16 bytes long, but calling this function directly is less common. Panics can lead to denial of service. This vulnerability is fixed in 4.1.4 and 3.0.5.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:containerd-1.7.33-160000.1.1.aarch64",
"openSUSE Leap 16.0:containerd-1.7.33-160000.1.1.ppc64le",
"openSUSE Leap 16.0:containerd-1.7.33-160000.1.1.s390x",
"openSUSE Leap 16.0:containerd-1.7.33-160000.1.1.x86_64",
"openSUSE Leap 16.0:containerd-ctr-1.7.33-160000.1.1.aarch64",
"openSUSE Leap 16.0:containerd-ctr-1.7.33-160000.1.1.ppc64le",
"openSUSE Leap 16.0:containerd-ctr-1.7.33-160000.1.1.s390x",
"openSUSE Leap 16.0:containerd-ctr-1.7.33-160000.1.1.x86_64",
"openSUSE Leap 16.0:containerd-devel-1.7.33-160000.1.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-34986",
"url": "https://www.suse.com/security/cve/CVE-2026-34986"
},
{
"category": "external",
"summary": "SUSE Bug 1262805 for CVE-2026-34986",
"url": "https://bugzilla.suse.com/1262805"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:containerd-1.7.33-160000.1.1.aarch64",
"openSUSE Leap 16.0:containerd-1.7.33-160000.1.1.ppc64le",
"openSUSE Leap 16.0:containerd-1.7.33-160000.1.1.s390x",
"openSUSE Leap 16.0:containerd-1.7.33-160000.1.1.x86_64",
"openSUSE Leap 16.0:containerd-ctr-1.7.33-160000.1.1.aarch64",
"openSUSE Leap 16.0:containerd-ctr-1.7.33-160000.1.1.ppc64le",
"openSUSE Leap 16.0:containerd-ctr-1.7.33-160000.1.1.s390x",
"openSUSE Leap 16.0:containerd-ctr-1.7.33-160000.1.1.x86_64",
"openSUSE Leap 16.0:containerd-devel-1.7.33-160000.1.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:containerd-1.7.33-160000.1.1.aarch64",
"openSUSE Leap 16.0:containerd-1.7.33-160000.1.1.ppc64le",
"openSUSE Leap 16.0:containerd-1.7.33-160000.1.1.s390x",
"openSUSE Leap 16.0:containerd-1.7.33-160000.1.1.x86_64",
"openSUSE Leap 16.0:containerd-ctr-1.7.33-160000.1.1.aarch64",
"openSUSE Leap 16.0:containerd-ctr-1.7.33-160000.1.1.ppc64le",
"openSUSE Leap 16.0:containerd-ctr-1.7.33-160000.1.1.s390x",
"openSUSE Leap 16.0:containerd-ctr-1.7.33-160000.1.1.x86_64",
"openSUSE Leap 16.0:containerd-devel-1.7.33-160000.1.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-07-02T09:47:31Z",
"details": "important"
}
],
"title": "CVE-2026-34986"
},
{
"cve": "CVE-2026-35469",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-35469"
}
],
"notes": [
{
"category": "general",
"text": "spdystream is a Go library for multiplexing streams over SPDY connections. In versions 0.5.0 and below, the SPDY/3 frame parser does not validate attacker-controlled counts and lengths before allocating memory. Three allocation paths are affected: the SETTINGS frame entry count, the header count in parseHeaderValueBlock, and individual header field sizes - all read as 32-bit integers and used directly as allocation sizes with no bounds checking. Because SPDY header blocks are zlib-compressed, a small on-the-wire payload can decompress into large attacker-controlled values. A remote peer that can send SPDY frames to a service using spdystream can exhaust process memory and cause an out-of-memory crash with a single crafted control frame. This issue has been fixed in version 0.5.1.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:containerd-1.7.33-160000.1.1.aarch64",
"openSUSE Leap 16.0:containerd-1.7.33-160000.1.1.ppc64le",
"openSUSE Leap 16.0:containerd-1.7.33-160000.1.1.s390x",
"openSUSE Leap 16.0:containerd-1.7.33-160000.1.1.x86_64",
"openSUSE Leap 16.0:containerd-ctr-1.7.33-160000.1.1.aarch64",
"openSUSE Leap 16.0:containerd-ctr-1.7.33-160000.1.1.ppc64le",
"openSUSE Leap 16.0:containerd-ctr-1.7.33-160000.1.1.s390x",
"openSUSE Leap 16.0:containerd-ctr-1.7.33-160000.1.1.x86_64",
"openSUSE Leap 16.0:containerd-devel-1.7.33-160000.1.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-35469",
"url": "https://www.suse.com/security/cve/CVE-2026-35469"
},
{
"category": "external",
"summary": "SUSE Bug 1262264 for CVE-2026-35469",
"url": "https://bugzilla.suse.com/1262264"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:containerd-1.7.33-160000.1.1.aarch64",
"openSUSE Leap 16.0:containerd-1.7.33-160000.1.1.ppc64le",
"openSUSE Leap 16.0:containerd-1.7.33-160000.1.1.s390x",
"openSUSE Leap 16.0:containerd-1.7.33-160000.1.1.x86_64",
"openSUSE Leap 16.0:containerd-ctr-1.7.33-160000.1.1.aarch64",
"openSUSE Leap 16.0:containerd-ctr-1.7.33-160000.1.1.ppc64le",
"openSUSE Leap 16.0:containerd-ctr-1.7.33-160000.1.1.s390x",
"openSUSE Leap 16.0:containerd-ctr-1.7.33-160000.1.1.x86_64",
"openSUSE Leap 16.0:containerd-devel-1.7.33-160000.1.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:containerd-1.7.33-160000.1.1.aarch64",
"openSUSE Leap 16.0:containerd-1.7.33-160000.1.1.ppc64le",
"openSUSE Leap 16.0:containerd-1.7.33-160000.1.1.s390x",
"openSUSE Leap 16.0:containerd-1.7.33-160000.1.1.x86_64",
"openSUSE Leap 16.0:containerd-ctr-1.7.33-160000.1.1.aarch64",
"openSUSE Leap 16.0:containerd-ctr-1.7.33-160000.1.1.ppc64le",
"openSUSE Leap 16.0:containerd-ctr-1.7.33-160000.1.1.s390x",
"openSUSE Leap 16.0:containerd-ctr-1.7.33-160000.1.1.x86_64",
"openSUSE Leap 16.0:containerd-devel-1.7.33-160000.1.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-07-02T09:47:31Z",
"details": "moderate"
}
],
"title": "CVE-2026-35469"
},
{
"cve": "CVE-2026-39821",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39821"
}
],
"notes": [
{
"category": "general",
"text": "The ToASCII and ToUnicode functions incorrectly accept Punycode-encoded labels that decode to an ASCII-only label. For example, ToUnicode(\"xn--example-.com\") incorrectly returns the name \"example.com\" rather than an error. This behavior can lead to privilege escalation in programs using the idna package. For example, a program which performs privilege checks on the ASCII hostname may reject \"example.com\" but permit \"xn--example-.com\". If that program subsequently converts the ASCII hostname to Unicode, it will inadvertently permits access to the Unicode name \"example.com\".",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:containerd-1.7.33-160000.1.1.aarch64",
"openSUSE Leap 16.0:containerd-1.7.33-160000.1.1.ppc64le",
"openSUSE Leap 16.0:containerd-1.7.33-160000.1.1.s390x",
"openSUSE Leap 16.0:containerd-1.7.33-160000.1.1.x86_64",
"openSUSE Leap 16.0:containerd-ctr-1.7.33-160000.1.1.aarch64",
"openSUSE Leap 16.0:containerd-ctr-1.7.33-160000.1.1.ppc64le",
"openSUSE Leap 16.0:containerd-ctr-1.7.33-160000.1.1.s390x",
"openSUSE Leap 16.0:containerd-ctr-1.7.33-160000.1.1.x86_64",
"openSUSE Leap 16.0:containerd-devel-1.7.33-160000.1.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39821",
"url": "https://www.suse.com/security/cve/CVE-2026-39821"
},
{
"category": "external",
"summary": "SUSE Bug 1266474 for CVE-2026-39821",
"url": "https://bugzilla.suse.com/1266474"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:containerd-1.7.33-160000.1.1.aarch64",
"openSUSE Leap 16.0:containerd-1.7.33-160000.1.1.ppc64le",
"openSUSE Leap 16.0:containerd-1.7.33-160000.1.1.s390x",
"openSUSE Leap 16.0:containerd-1.7.33-160000.1.1.x86_64",
"openSUSE Leap 16.0:containerd-ctr-1.7.33-160000.1.1.aarch64",
"openSUSE Leap 16.0:containerd-ctr-1.7.33-160000.1.1.ppc64le",
"openSUSE Leap 16.0:containerd-ctr-1.7.33-160000.1.1.s390x",
"openSUSE Leap 16.0:containerd-ctr-1.7.33-160000.1.1.x86_64",
"openSUSE Leap 16.0:containerd-devel-1.7.33-160000.1.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:containerd-1.7.33-160000.1.1.aarch64",
"openSUSE Leap 16.0:containerd-1.7.33-160000.1.1.ppc64le",
"openSUSE Leap 16.0:containerd-1.7.33-160000.1.1.s390x",
"openSUSE Leap 16.0:containerd-1.7.33-160000.1.1.x86_64",
"openSUSE Leap 16.0:containerd-ctr-1.7.33-160000.1.1.aarch64",
"openSUSE Leap 16.0:containerd-ctr-1.7.33-160000.1.1.ppc64le",
"openSUSE Leap 16.0:containerd-ctr-1.7.33-160000.1.1.s390x",
"openSUSE Leap 16.0:containerd-ctr-1.7.33-160000.1.1.x86_64",
"openSUSE Leap 16.0:containerd-devel-1.7.33-160000.1.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-07-02T09:47:31Z",
"details": "important"
}
],
"title": "CVE-2026-39821"
},
{
"cve": "CVE-2026-46680",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-46680"
}
],
"notes": [
{
"category": "general",
"text": "containerd is an open-source container runtime. In versions prior to 1.7.32, 2.0.9, 2.2.4 and 2.3.1, containers launched with a numeric User directive that cannot be parsed as a 32-bit integer are incorrectly treated as a username, leading to runAsNonRoot evasion. If a crafted image provides an /etc/passwd file mapping this large numeric string to root, the container ultimately runs as root (UID 0). This allows the Kubernetes runAsNonRoot restriction to be bypassed, causing unexpected behavior for environments that require containers to run as a non-root user. This issue has been fixed in versions 1.7.32, 2.0.9, 2.2.4 and 2.3.1.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:containerd-1.7.33-160000.1.1.aarch64",
"openSUSE Leap 16.0:containerd-1.7.33-160000.1.1.ppc64le",
"openSUSE Leap 16.0:containerd-1.7.33-160000.1.1.s390x",
"openSUSE Leap 16.0:containerd-1.7.33-160000.1.1.x86_64",
"openSUSE Leap 16.0:containerd-ctr-1.7.33-160000.1.1.aarch64",
"openSUSE Leap 16.0:containerd-ctr-1.7.33-160000.1.1.ppc64le",
"openSUSE Leap 16.0:containerd-ctr-1.7.33-160000.1.1.s390x",
"openSUSE Leap 16.0:containerd-ctr-1.7.33-160000.1.1.x86_64",
"openSUSE Leap 16.0:containerd-devel-1.7.33-160000.1.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-46680",
"url": "https://www.suse.com/security/cve/CVE-2026-46680"
},
{
"category": "external",
"summary": "SUSE Bug 1268355 for CVE-2026-46680",
"url": "https://bugzilla.suse.com/1268355"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:containerd-1.7.33-160000.1.1.aarch64",
"openSUSE Leap 16.0:containerd-1.7.33-160000.1.1.ppc64le",
"openSUSE Leap 16.0:containerd-1.7.33-160000.1.1.s390x",
"openSUSE Leap 16.0:containerd-1.7.33-160000.1.1.x86_64",
"openSUSE Leap 16.0:containerd-ctr-1.7.33-160000.1.1.aarch64",
"openSUSE Leap 16.0:containerd-ctr-1.7.33-160000.1.1.ppc64le",
"openSUSE Leap 16.0:containerd-ctr-1.7.33-160000.1.1.s390x",
"openSUSE Leap 16.0:containerd-ctr-1.7.33-160000.1.1.x86_64",
"openSUSE Leap 16.0:containerd-devel-1.7.33-160000.1.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:containerd-1.7.33-160000.1.1.aarch64",
"openSUSE Leap 16.0:containerd-1.7.33-160000.1.1.ppc64le",
"openSUSE Leap 16.0:containerd-1.7.33-160000.1.1.s390x",
"openSUSE Leap 16.0:containerd-1.7.33-160000.1.1.x86_64",
"openSUSE Leap 16.0:containerd-ctr-1.7.33-160000.1.1.aarch64",
"openSUSE Leap 16.0:containerd-ctr-1.7.33-160000.1.1.ppc64le",
"openSUSE Leap 16.0:containerd-ctr-1.7.33-160000.1.1.s390x",
"openSUSE Leap 16.0:containerd-ctr-1.7.33-160000.1.1.x86_64",
"openSUSE Leap 16.0:containerd-devel-1.7.33-160000.1.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-07-02T09:47:31Z",
"details": "important"
}
],
"title": "CVE-2026-46680"
},
{
"cve": "CVE-2026-47262",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-47262"
}
],
"notes": [
{
"category": "general",
"text": "containerd is an open-source container runtime. Versions prior to 1.7.33, 2.0.10, 2.1.9, 2.2.5 and 2.3.2, contain a vulnerability that allows a maliciously crafted image to cause a Denial of Service (DoS) condition. When creating a container from this image, memory exhaustion occurs, leading to an Out Of Memory (OOM) kill of the containerd process. This renders the container runtime API unavailable and can disrupt clients such as the Docker Engine or Kubernetes control-plane components. This issue has been fixed in versions 1.7.33, 2.0.10, 2.1.9, 2.2.5 and 2.3.2.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:containerd-1.7.33-160000.1.1.aarch64",
"openSUSE Leap 16.0:containerd-1.7.33-160000.1.1.ppc64le",
"openSUSE Leap 16.0:containerd-1.7.33-160000.1.1.s390x",
"openSUSE Leap 16.0:containerd-1.7.33-160000.1.1.x86_64",
"openSUSE Leap 16.0:containerd-ctr-1.7.33-160000.1.1.aarch64",
"openSUSE Leap 16.0:containerd-ctr-1.7.33-160000.1.1.ppc64le",
"openSUSE Leap 16.0:containerd-ctr-1.7.33-160000.1.1.s390x",
"openSUSE Leap 16.0:containerd-ctr-1.7.33-160000.1.1.x86_64",
"openSUSE Leap 16.0:containerd-devel-1.7.33-160000.1.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-47262",
"url": "https://www.suse.com/security/cve/CVE-2026-47262"
},
{
"category": "external",
"summary": "SUSE Bug 1268405 for CVE-2026-47262",
"url": "https://bugzilla.suse.com/1268405"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:containerd-1.7.33-160000.1.1.aarch64",
"openSUSE Leap 16.0:containerd-1.7.33-160000.1.1.ppc64le",
"openSUSE Leap 16.0:containerd-1.7.33-160000.1.1.s390x",
"openSUSE Leap 16.0:containerd-1.7.33-160000.1.1.x86_64",
"openSUSE Leap 16.0:containerd-ctr-1.7.33-160000.1.1.aarch64",
"openSUSE Leap 16.0:containerd-ctr-1.7.33-160000.1.1.ppc64le",
"openSUSE Leap 16.0:containerd-ctr-1.7.33-160000.1.1.s390x",
"openSUSE Leap 16.0:containerd-ctr-1.7.33-160000.1.1.x86_64",
"openSUSE Leap 16.0:containerd-devel-1.7.33-160000.1.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:containerd-1.7.33-160000.1.1.aarch64",
"openSUSE Leap 16.0:containerd-1.7.33-160000.1.1.ppc64le",
"openSUSE Leap 16.0:containerd-1.7.33-160000.1.1.s390x",
"openSUSE Leap 16.0:containerd-1.7.33-160000.1.1.x86_64",
"openSUSE Leap 16.0:containerd-ctr-1.7.33-160000.1.1.aarch64",
"openSUSE Leap 16.0:containerd-ctr-1.7.33-160000.1.1.ppc64le",
"openSUSE Leap 16.0:containerd-ctr-1.7.33-160000.1.1.s390x",
"openSUSE Leap 16.0:containerd-ctr-1.7.33-160000.1.1.x86_64",
"openSUSE Leap 16.0:containerd-devel-1.7.33-160000.1.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-07-02T09:47:31Z",
"details": "moderate"
}
],
"title": "CVE-2026-47262"
},
{
"cve": "CVE-2026-53488",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-53488"
}
],
"notes": [
{
"category": "general",
"text": "containerd is an open-source container runtime. In versions prior to 1.7.33, 2.3.2, 2.2.5, 2.1.9, and 2.0.10 the CRI plugin propagates labels from an image config (LABEL instruction in Dockerfile) to a container without validation. This may result in executing an arbitrary command on the host, via a plugin that consumes container labels for some operations. This issue has been fixed in versions 1.7.33, 2.3.2, 2.2.5, 2.1.9, and 2.0.10.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:containerd-1.7.33-160000.1.1.aarch64",
"openSUSE Leap 16.0:containerd-1.7.33-160000.1.1.ppc64le",
"openSUSE Leap 16.0:containerd-1.7.33-160000.1.1.s390x",
"openSUSE Leap 16.0:containerd-1.7.33-160000.1.1.x86_64",
"openSUSE Leap 16.0:containerd-ctr-1.7.33-160000.1.1.aarch64",
"openSUSE Leap 16.0:containerd-ctr-1.7.33-160000.1.1.ppc64le",
"openSUSE Leap 16.0:containerd-ctr-1.7.33-160000.1.1.s390x",
"openSUSE Leap 16.0:containerd-ctr-1.7.33-160000.1.1.x86_64",
"openSUSE Leap 16.0:containerd-devel-1.7.33-160000.1.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-53488",
"url": "https://www.suse.com/security/cve/CVE-2026-53488"
},
{
"category": "external",
"summary": "SUSE Bug 1268400 for CVE-2026-53488",
"url": "https://bugzilla.suse.com/1268400"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:containerd-1.7.33-160000.1.1.aarch64",
"openSUSE Leap 16.0:containerd-1.7.33-160000.1.1.ppc64le",
"openSUSE Leap 16.0:containerd-1.7.33-160000.1.1.s390x",
"openSUSE Leap 16.0:containerd-1.7.33-160000.1.1.x86_64",
"openSUSE Leap 16.0:containerd-ctr-1.7.33-160000.1.1.aarch64",
"openSUSE Leap 16.0:containerd-ctr-1.7.33-160000.1.1.ppc64le",
"openSUSE Leap 16.0:containerd-ctr-1.7.33-160000.1.1.s390x",
"openSUSE Leap 16.0:containerd-ctr-1.7.33-160000.1.1.x86_64",
"openSUSE Leap 16.0:containerd-devel-1.7.33-160000.1.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:containerd-1.7.33-160000.1.1.aarch64",
"openSUSE Leap 16.0:containerd-1.7.33-160000.1.1.ppc64le",
"openSUSE Leap 16.0:containerd-1.7.33-160000.1.1.s390x",
"openSUSE Leap 16.0:containerd-1.7.33-160000.1.1.x86_64",
"openSUSE Leap 16.0:containerd-ctr-1.7.33-160000.1.1.aarch64",
"openSUSE Leap 16.0:containerd-ctr-1.7.33-160000.1.1.ppc64le",
"openSUSE Leap 16.0:containerd-ctr-1.7.33-160000.1.1.s390x",
"openSUSE Leap 16.0:containerd-ctr-1.7.33-160000.1.1.x86_64",
"openSUSE Leap 16.0:containerd-devel-1.7.33-160000.1.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-07-02T09:47:31Z",
"details": "important"
}
],
"title": "CVE-2026-53488"
}
]
}
OPENSUSE-SU-2026:21247-1
Vulnerability from csaf_opensuse - Published: 2026-07-07 12:35 - Updated: 2026-07-07 12:35| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:docker-compose-2.33.1-160000.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:docker-compose-2.33.1-160000.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:docker-compose-2.33.1-160000.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:docker-compose-2.33.1-160000.5.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:docker-compose-2.33.1-160000.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:docker-compose-2.33.1-160000.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:docker-compose-2.33.1-160000.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:docker-compose-2.33.1-160000.5.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:docker-compose-2.33.1-160000.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:docker-compose-2.33.1-160000.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:docker-compose-2.33.1-160000.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:docker-compose-2.33.1-160000.5.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:docker-compose-2.33.1-160000.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:docker-compose-2.33.1-160000.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:docker-compose-2.33.1-160000.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:docker-compose-2.33.1-160000.5.1.x86_64 | — |
Vendor Fix
|
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for docker-compose",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for docker-compose fixes the following issues\n\n- CVE-2025-0495: buildx: credential leakage to telemetry endpoints when credentials allowed to be set as attribute\n values in cache-to/cache-from configuration (bsc#1239766).\n- CVE-2025-22869: golang.org/x/crypto/ssh: Denial of Service in the Key Exchange of golang.org/x/crypto/ssh\n (bsc#1239340).\n- CVE-2026-33814: golang.org/x/net/http2: infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE\n (bsc#1265782).\n- CVE-2026-39821: golang.org/x/net/idna: failure to reject ASCII-only Punycode-encoded labels allows for validation\n bypass and privilege escalation (bsc#1266625).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Leap-16.0-1168",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2026_21247-1.json"
},
{
"category": "self",
"summary": "SUSE Bug 1239340",
"url": "https://bugzilla.suse.com/1239340"
},
{
"category": "self",
"summary": "SUSE Bug 1239766",
"url": "https://bugzilla.suse.com/1239766"
},
{
"category": "self",
"summary": "SUSE Bug 1265782",
"url": "https://bugzilla.suse.com/1265782"
},
{
"category": "self",
"summary": "SUSE Bug 1266625",
"url": "https://bugzilla.suse.com/1266625"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-0495 page",
"url": "https://www.suse.com/security/cve/CVE-2025-0495/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22869 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22869/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-33814 page",
"url": "https://www.suse.com/security/cve/CVE-2026-33814/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39821 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39821/"
}
],
"title": "Security update for docker-compose",
"tracking": {
"current_release_date": "2026-07-07T12:35:23Z",
"generator": {
"date": "2026-07-07T12:35:23Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2026:21247-1",
"initial_release_date": "2026-07-07T12:35:23Z",
"revision_history": [
{
"date": "2026-07-07T12:35:23Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "docker-compose-2.33.1-160000.5.1.aarch64",
"product": {
"name": "docker-compose-2.33.1-160000.5.1.aarch64",
"product_id": "docker-compose-2.33.1-160000.5.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "docker-compose-2.33.1-160000.5.1.ppc64le",
"product": {
"name": "docker-compose-2.33.1-160000.5.1.ppc64le",
"product_id": "docker-compose-2.33.1-160000.5.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "docker-compose-2.33.1-160000.5.1.s390x",
"product": {
"name": "docker-compose-2.33.1-160000.5.1.s390x",
"product_id": "docker-compose-2.33.1-160000.5.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "docker-compose-2.33.1-160000.5.1.x86_64",
"product": {
"name": "docker-compose-2.33.1-160000.5.1.x86_64",
"product_id": "docker-compose-2.33.1-160000.5.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 16.0",
"product": {
"name": "openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0"
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-compose-2.33.1-160000.5.1.aarch64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:docker-compose-2.33.1-160000.5.1.aarch64"
},
"product_reference": "docker-compose-2.33.1-160000.5.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-compose-2.33.1-160000.5.1.ppc64le as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:docker-compose-2.33.1-160000.5.1.ppc64le"
},
"product_reference": "docker-compose-2.33.1-160000.5.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-compose-2.33.1-160000.5.1.s390x as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:docker-compose-2.33.1-160000.5.1.s390x"
},
"product_reference": "docker-compose-2.33.1-160000.5.1.s390x",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-compose-2.33.1-160000.5.1.x86_64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:docker-compose-2.33.1-160000.5.1.x86_64"
},
"product_reference": "docker-compose-2.33.1-160000.5.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 16.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-0495",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-0495"
}
],
"notes": [
{
"category": "general",
"text": "Buildx is a Docker CLI plugin that extends build capabilities using BuildKit.\n\nCache backends support credentials by setting secrets directly as attribute values in cache-to/cache-from configuration. When supplied as user input, these secure values may be inadvertently captured in OpenTelemetry traces as part of the arguments and flags for the traced CLI command. OpenTelemetry traces are also saved in BuildKit daemon\u0027s history records.\n\n\nThis vulnerability does not impact secrets passed to the Github cache backend via environment variables or registry authentication.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:docker-compose-2.33.1-160000.5.1.aarch64",
"openSUSE Leap 16.0:docker-compose-2.33.1-160000.5.1.ppc64le",
"openSUSE Leap 16.0:docker-compose-2.33.1-160000.5.1.s390x",
"openSUSE Leap 16.0:docker-compose-2.33.1-160000.5.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-0495",
"url": "https://www.suse.com/security/cve/CVE-2025-0495"
},
{
"category": "external",
"summary": "SUSE Bug 1239765 for CVE-2025-0495",
"url": "https://bugzilla.suse.com/1239765"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:docker-compose-2.33.1-160000.5.1.aarch64",
"openSUSE Leap 16.0:docker-compose-2.33.1-160000.5.1.ppc64le",
"openSUSE Leap 16.0:docker-compose-2.33.1-160000.5.1.s390x",
"openSUSE Leap 16.0:docker-compose-2.33.1-160000.5.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:docker-compose-2.33.1-160000.5.1.aarch64",
"openSUSE Leap 16.0:docker-compose-2.33.1-160000.5.1.ppc64le",
"openSUSE Leap 16.0:docker-compose-2.33.1-160000.5.1.s390x",
"openSUSE Leap 16.0:docker-compose-2.33.1-160000.5.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-07-07T12:35:23Z",
"details": "moderate"
}
],
"title": "CVE-2025-0495"
},
{
"cve": "CVE-2025-22869",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22869"
}
],
"notes": [
{
"category": "general",
"text": "SSH servers which implement file transfer protocols are vulnerable to a denial of service attack from clients which complete the key exchange slowly, or not at all, causing pending content to be read into memory, but never transmitted.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:docker-compose-2.33.1-160000.5.1.aarch64",
"openSUSE Leap 16.0:docker-compose-2.33.1-160000.5.1.ppc64le",
"openSUSE Leap 16.0:docker-compose-2.33.1-160000.5.1.s390x",
"openSUSE Leap 16.0:docker-compose-2.33.1-160000.5.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22869",
"url": "https://www.suse.com/security/cve/CVE-2025-22869"
},
{
"category": "external",
"summary": "SUSE Bug 1239322 for CVE-2025-22869",
"url": "https://bugzilla.suse.com/1239322"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:docker-compose-2.33.1-160000.5.1.aarch64",
"openSUSE Leap 16.0:docker-compose-2.33.1-160000.5.1.ppc64le",
"openSUSE Leap 16.0:docker-compose-2.33.1-160000.5.1.s390x",
"openSUSE Leap 16.0:docker-compose-2.33.1-160000.5.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:docker-compose-2.33.1-160000.5.1.aarch64",
"openSUSE Leap 16.0:docker-compose-2.33.1-160000.5.1.ppc64le",
"openSUSE Leap 16.0:docker-compose-2.33.1-160000.5.1.s390x",
"openSUSE Leap 16.0:docker-compose-2.33.1-160000.5.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-07-07T12:35:23Z",
"details": "important"
}
],
"title": "CVE-2025-22869"
},
{
"cve": "CVE-2026-33814",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-33814"
}
],
"notes": [
{
"category": "general",
"text": "When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a SETTINGS_MAX_FRAME_SIZE with a value of 0.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:docker-compose-2.33.1-160000.5.1.aarch64",
"openSUSE Leap 16.0:docker-compose-2.33.1-160000.5.1.ppc64le",
"openSUSE Leap 16.0:docker-compose-2.33.1-160000.5.1.s390x",
"openSUSE Leap 16.0:docker-compose-2.33.1-160000.5.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-33814",
"url": "https://www.suse.com/security/cve/CVE-2026-33814"
},
{
"category": "external",
"summary": "SUSE Bug 1264506 for CVE-2026-33814",
"url": "https://bugzilla.suse.com/1264506"
},
{
"category": "external",
"summary": "SUSE Bug 1268758 for CVE-2026-33814",
"url": "https://bugzilla.suse.com/1268758"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:docker-compose-2.33.1-160000.5.1.aarch64",
"openSUSE Leap 16.0:docker-compose-2.33.1-160000.5.1.ppc64le",
"openSUSE Leap 16.0:docker-compose-2.33.1-160000.5.1.s390x",
"openSUSE Leap 16.0:docker-compose-2.33.1-160000.5.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:docker-compose-2.33.1-160000.5.1.aarch64",
"openSUSE Leap 16.0:docker-compose-2.33.1-160000.5.1.ppc64le",
"openSUSE Leap 16.0:docker-compose-2.33.1-160000.5.1.s390x",
"openSUSE Leap 16.0:docker-compose-2.33.1-160000.5.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-07-07T12:35:23Z",
"details": "important"
}
],
"title": "CVE-2026-33814"
},
{
"cve": "CVE-2026-39821",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39821"
}
],
"notes": [
{
"category": "general",
"text": "The ToASCII and ToUnicode functions incorrectly accept Punycode-encoded labels that decode to an ASCII-only label. For example, ToUnicode(\"xn--example-.com\") incorrectly returns the name \"example.com\" rather than an error. This behavior can lead to privilege escalation in programs using the idna package. For example, a program which performs privilege checks on the ASCII hostname may reject \"example.com\" but permit \"xn--example-.com\". If that program subsequently converts the ASCII hostname to Unicode, it will inadvertently permits access to the Unicode name \"example.com\".",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:docker-compose-2.33.1-160000.5.1.aarch64",
"openSUSE Leap 16.0:docker-compose-2.33.1-160000.5.1.ppc64le",
"openSUSE Leap 16.0:docker-compose-2.33.1-160000.5.1.s390x",
"openSUSE Leap 16.0:docker-compose-2.33.1-160000.5.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39821",
"url": "https://www.suse.com/security/cve/CVE-2026-39821"
},
{
"category": "external",
"summary": "SUSE Bug 1266474 for CVE-2026-39821",
"url": "https://bugzilla.suse.com/1266474"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:docker-compose-2.33.1-160000.5.1.aarch64",
"openSUSE Leap 16.0:docker-compose-2.33.1-160000.5.1.ppc64le",
"openSUSE Leap 16.0:docker-compose-2.33.1-160000.5.1.s390x",
"openSUSE Leap 16.0:docker-compose-2.33.1-160000.5.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:docker-compose-2.33.1-160000.5.1.aarch64",
"openSUSE Leap 16.0:docker-compose-2.33.1-160000.5.1.ppc64le",
"openSUSE Leap 16.0:docker-compose-2.33.1-160000.5.1.s390x",
"openSUSE Leap 16.0:docker-compose-2.33.1-160000.5.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-07-07T12:35:23Z",
"details": "important"
}
],
"title": "CVE-2026-39821"
}
]
}
OPENSUSE-SU-2026:21251-1
Vulnerability from csaf_opensuse - Published: 2026-07-07 17:00 - Updated: 2026-07-07 17:00| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.x86_64 | — |
Vendor Fix
|
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for alloy",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for alloy fixes the following issues:\n\nUpdate to version 1.17.0.\n\nSecurity issues fixed:\n\n- CVE-2026-25680: golang.org/x/net/html: parsing arbitrary HTML can consume excessive CPU time, possibly leading to\n denial of service (bsc#1267185).\n- CVE-2026-25681: golang.org/x/net/html: parsing arbitrary HTML which is then rendered using Render can result in an\n unexpected HTML tree and allows for XSS (bsc#1267185).\n- CVE-2026-27136: golang.org/x/net/html: parsing arbitrary HTML which is then rendered using Render can result in an\n unexpected HTML tree and allows for XSS (bsc#1267185).\n- CVE-2026-33532: yaml: parsing input with deeply nestes collections may throw a `RangeError` due to a stack overflow\n and cause to a denial of service (bsc#1260981).\n- CVE-2026-39821: golang.org/x/net/idna: failure to reject ASCII-only Punycode-encoded labels allows for validation\n bypass and privilege escalation (bsc#1266654).\n- CVE-2026-39827: golang.org/x/crypto/ssh: authenticated SSH clients that repeatedly open channels which were rejected\n by the server can cause unbounded memory growth and a crash (bsc#1266196).\n- CVE-2026-39828: golang.org/x/crypto/ssh: permissions discarded when an SSH server authentication callback returns\n `PartialSuccessError` with non-`nil` permissions (bsc#1266196).\n- CVE-2026-39829: golang.org/x/crypto/ssh: unenforced size limits on key parameters by the the RSA and DSA public key\n parsers can lead to excessive CPU consumption when processing a crafted public key (bsc#1266196).\n- CVE-2026-39830: golang.org/x/crypto/ssh: malicious SSH peers sending unsolicited global request responses can block a\n connection\u0027s read loop and cause a resource leak (bsc#1266196).\n- CVE-2026-39831: golang.org/x/crypto/ssh: missing `User Presence` flag checks in the `Verify()` method for FIDO/U2F\n security key types cause signatures generated without physical touch to be accepted (bsc#1266196).\n- CVE-2026-39832: golang.org/x/crypto/ssh: destination restrictions are silently stripped when forwarding keys and\n allow for unrestricted use of a key on a remote host (bsc#1266196).\n- CVE-2026-39833: golang.org/x/crypto/ssh: in-memory keyring returned by `NewKeyring()` silently accepts keys with the\n `ConfirmBeforeUse` constraint but never enforces it (bsc#1266196).\n- CVE-2026-39834: golang.org/x/crypto/ssh: writing data larger than 4GB in a single `Write` call on an SSH channel\n leads to an integer overflow and an infinite loop that sends empty packets (bsc#1266196).\n- CVE-2026-39835: golang.org/x/crypto/ssh: processing of certificates by SSH servers using `CertChecker` as a public\n key callback without setting `IsUserAuthority` or `IsHostAuthority` can lead to a panic (bsc#1266196).\n- CVE-2026-41889: github.com/jackc/pgx/v5/internal/sanitize: use placeholders in dollar-quoted string literals in an\n SQL query can lead to a SQL injection (bsc#1265440).\n- CVE-2026-42502: golang.org/x/net/html: parsing arbitrary HTML which is then rendered using Render can result in an\n unexpected HTML tree and allows for XSS (bsc#1267185).\n- CVE-2026-42506: golang.org/x/net/html: parsing arbitrary HTML which is then rendered using Render can result in an\n unexpected HTML tree and allows for XSS (bsc#1267185).\n- CVE-2026-42508: golang.org/x/crypto/ssh: revoked `SignatureKey`s belonging to a CA are not correctly checked for\n revocation (bsc#1266196).\n- CVE-2026-44740: github.com/go-git/go-billy/v5: improper input handling in many components can lead to DoS via\n infinite loops, panics or resource consumption (bsc#1267333).\n- CVE-2026-45678: go.opentelemetry.io/obi: Postgres BIND parsing can lead to a panic when malformed payloads are\n processed (bsc#1267481).\n- CVE-2026-45682: go.opentelemetry.io/obi: keys not deleted by `CappedConcurrentHashMap` after removals allows repeated\n connection churn to grow the queue without bound and exhaust heap memory (bsc#1267485).\n- CVE-2026-45685: go.opentelemetry.io/obi: MongoDB TCP parser panics on malformed wire messages and causes a DoS\n (bsc#1267488).\n- CVE-2026-45686: go.opentelemetry.io/obi: integer overflow in memcached text protocol parser can crash the OBI process\n and cause denial of service (bsc#1267489).\n- CVE-2026-46595: golang.org/x/crypto/ssh: source-address validation is skipped if any other type of callback is passed\n other than public key (bsc#1266196).\n- CVE-2026-46597: golang.org/x/crypto/ssh: incorrectly placed cast from bytes to int in the AES-GCM packet decoder when\n processing specially crafted input can lead to for server-side panic (bsc#1266196).\n- CVE-2026-46598: golang.org/x/crypto/ssh: `ed25519.PrivateKey` created by casting malformed wire bytes due to\n processing of certain crafted inputs can lead to panic when used (bsc#1266196).\n\nOther updates and bugfixes:\n\n- Version 1.17.0:\n * Features\n * Add GraphQL server and `gql` subcommand.\n * `otelcol`: Add Nginx receiver.\n * `otelcol.exporter.prometheus`: Convert classic histograms to NHCB.\n * `database_observability`: Various enhancements for MySQL and Postgres.\n * `faro.receiver`: Support gzip-compressed request bodies.\n * Update to Beyla 3.9.8.\n * Bug Fixes\n * security: Update `x/crypto`, `x/net`, `jackc/pgx/v5`, and `obi`.\n * cluster: Fix nodes failing to join the cluster with TLS enabled.\n * `loki.process`: Fix potential deadlocks and limit stage shutdown.\n * Update Go to v1.26.4.\n- Version 1.16.3:\n * cluster: Fix nodes failing to join the cluster when TLS is enabled.\n- Version 1.16.2:\n * `loki.process`: No longer mutate rules in `stage.truncate` causing every config update to reload pipeline when this\n stage is used.\n * `loki.process`: Potential deadlock on update with stage and receiver changes.\n * `otelcol.exporter.awss3`: Add missing `unique_key_func_name` attribute.\n- Remove dependency on vulnerable `yaml` library.\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Leap-16.0-1172",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2026_21251-1.json"
},
{
"category": "self",
"summary": "SUSE Bug 1260981",
"url": "https://bugzilla.suse.com/1260981"
},
{
"category": "self",
"summary": "SUSE Bug 1265440",
"url": "https://bugzilla.suse.com/1265440"
},
{
"category": "self",
"summary": "SUSE Bug 1266196",
"url": "https://bugzilla.suse.com/1266196"
},
{
"category": "self",
"summary": "SUSE Bug 1266654",
"url": "https://bugzilla.suse.com/1266654"
},
{
"category": "self",
"summary": "SUSE Bug 1267185",
"url": "https://bugzilla.suse.com/1267185"
},
{
"category": "self",
"summary": "SUSE Bug 1267333",
"url": "https://bugzilla.suse.com/1267333"
},
{
"category": "self",
"summary": "SUSE Bug 1267481",
"url": "https://bugzilla.suse.com/1267481"
},
{
"category": "self",
"summary": "SUSE Bug 1267485",
"url": "https://bugzilla.suse.com/1267485"
},
{
"category": "self",
"summary": "SUSE Bug 1267488",
"url": "https://bugzilla.suse.com/1267488"
},
{
"category": "self",
"summary": "SUSE Bug 1267489",
"url": "https://bugzilla.suse.com/1267489"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-25680 page",
"url": "https://www.suse.com/security/cve/CVE-2026-25680/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-25681 page",
"url": "https://www.suse.com/security/cve/CVE-2026-25681/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-27136 page",
"url": "https://www.suse.com/security/cve/CVE-2026-27136/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-33532 page",
"url": "https://www.suse.com/security/cve/CVE-2026-33532/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39821 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39821/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39827 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39827/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39828 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39828/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39829 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39829/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39830 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39830/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39831 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39831/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39832 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39832/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39833 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39833/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39834 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39834/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39835 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39835/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-41889 page",
"url": "https://www.suse.com/security/cve/CVE-2026-41889/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-42502 page",
"url": "https://www.suse.com/security/cve/CVE-2026-42502/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-42506 page",
"url": "https://www.suse.com/security/cve/CVE-2026-42506/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-42508 page",
"url": "https://www.suse.com/security/cve/CVE-2026-42508/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-44740 page",
"url": "https://www.suse.com/security/cve/CVE-2026-44740/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-45678 page",
"url": "https://www.suse.com/security/cve/CVE-2026-45678/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-45682 page",
"url": "https://www.suse.com/security/cve/CVE-2026-45682/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-45685 page",
"url": "https://www.suse.com/security/cve/CVE-2026-45685/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-45686 page",
"url": "https://www.suse.com/security/cve/CVE-2026-45686/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-46595 page",
"url": "https://www.suse.com/security/cve/CVE-2026-46595/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-46597 page",
"url": "https://www.suse.com/security/cve/CVE-2026-46597/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-46598 page",
"url": "https://www.suse.com/security/cve/CVE-2026-46598/"
}
],
"title": "Security update for alloy",
"tracking": {
"current_release_date": "2026-07-07T17:00:29Z",
"generator": {
"date": "2026-07-07T17:00:29Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2026:21251-1",
"initial_release_date": "2026-07-07T17:00:29Z",
"revision_history": [
{
"date": "2026-07-07T17:00:29Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "alloy-1.17.0-160000.1.1.aarch64",
"product": {
"name": "alloy-1.17.0-160000.1.1.aarch64",
"product_id": "alloy-1.17.0-160000.1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "alloy-1.17.0-160000.1.1.ppc64le",
"product": {
"name": "alloy-1.17.0-160000.1.1.ppc64le",
"product_id": "alloy-1.17.0-160000.1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "alloy-1.17.0-160000.1.1.s390x",
"product": {
"name": "alloy-1.17.0-160000.1.1.s390x",
"product_id": "alloy-1.17.0-160000.1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "alloy-1.17.0-160000.1.1.x86_64",
"product": {
"name": "alloy-1.17.0-160000.1.1.x86_64",
"product_id": "alloy-1.17.0-160000.1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 16.0",
"product": {
"name": "openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0"
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "alloy-1.17.0-160000.1.1.aarch64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.aarch64"
},
"product_reference": "alloy-1.17.0-160000.1.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "alloy-1.17.0-160000.1.1.ppc64le as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.ppc64le"
},
"product_reference": "alloy-1.17.0-160000.1.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "alloy-1.17.0-160000.1.1.s390x as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.s390x"
},
"product_reference": "alloy-1.17.0-160000.1.1.s390x",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "alloy-1.17.0-160000.1.1.x86_64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.x86_64"
},
"product_reference": "alloy-1.17.0-160000.1.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 16.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-25680",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-25680"
}
],
"notes": [
{
"category": "general",
"text": "Parsing arbitrary HTML can consume excessive CPU time, possibly leading to denial of service.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.s390x",
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-25680",
"url": "https://www.suse.com/security/cve/CVE-2026-25680"
},
{
"category": "external",
"summary": "SUSE Bug 1267044 for CVE-2026-25680",
"url": "https://bugzilla.suse.com/1267044"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.s390x",
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.s390x",
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-07-07T17:00:29Z",
"details": "important"
}
],
"title": "CVE-2026-25680"
},
{
"cve": "CVE-2026-25681",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-25681"
}
],
"notes": [
{
"category": "general",
"text": "Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt to sanitize input HTML before rendering.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.s390x",
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-25681",
"url": "https://www.suse.com/security/cve/CVE-2026-25681"
},
{
"category": "external",
"summary": "SUSE Bug 1267044 for CVE-2026-25681",
"url": "https://bugzilla.suse.com/1267044"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.s390x",
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.s390x",
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-07-07T17:00:29Z",
"details": "important"
}
],
"title": "CVE-2026-25681"
},
{
"cve": "CVE-2026-27136",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-27136"
}
],
"notes": [
{
"category": "general",
"text": "Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt to sanitize input HTML before rendering.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.s390x",
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-27136",
"url": "https://www.suse.com/security/cve/CVE-2026-27136"
},
{
"category": "external",
"summary": "SUSE Bug 1267044 for CVE-2026-27136",
"url": "https://bugzilla.suse.com/1267044"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.s390x",
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.s390x",
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-07-07T17:00:29Z",
"details": "important"
}
],
"title": "CVE-2026-27136"
},
{
"cve": "CVE-2026-33532",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-33532"
}
],
"notes": [
{
"category": "general",
"text": "`yaml` is a YAML parser and serialiser for JavaScript. Parsing a YAML document with a version of `yaml` on the 1.x branch prior to 1.10.3 or on the 2.x branch prior to 2.8.3 may throw a RangeError due to a stack overflow. The node resolution/composition phase uses recursive function calls without a depth bound. An attacker who can supply YAML for parsing can trigger a `RangeError: Maximum call stack size exceeded` with a small payload (~2-10 KB). The `RangeError` is not a `YAMLParseError`, so applications that only catch YAML-specific errors will encounter an unexpected exception type. Depending on the host application\u0027s exception handling, this can fail requests or terminate the Node.js process. Flow sequences allow deep nesting with minimal bytes (2 bytes per level: one `[` and one `]`). On the default Node.js stack, approximately 1,000-5,000 levels of nesting (2-10 KB input) exhaust the call stack. The exact threshold is environment-dependent (Node.js version, stack size, call stack depth at invocation). Note: the library\u0027s `Parser` (CST phase) uses a stack-based iterative approach and is not affected. Only the compose/resolve phase uses actual call-stack recursion. All three public parsing APIs are affected: `YAML.parse()`, `YAML.parseDocument()`, and `YAML.parseAllDocuments()`. Versions 1.10.3 and 2.8.3 contain a patch.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.s390x",
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-33532",
"url": "https://www.suse.com/security/cve/CVE-2026-33532"
},
{
"category": "external",
"summary": "SUSE Bug 1260978 for CVE-2026-33532",
"url": "https://bugzilla.suse.com/1260978"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.s390x",
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.s390x",
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-07-07T17:00:29Z",
"details": "moderate"
}
],
"title": "CVE-2026-33532"
},
{
"cve": "CVE-2026-39821",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39821"
}
],
"notes": [
{
"category": "general",
"text": "The ToASCII and ToUnicode functions incorrectly accept Punycode-encoded labels that decode to an ASCII-only label. For example, ToUnicode(\"xn--example-.com\") incorrectly returns the name \"example.com\" rather than an error. This behavior can lead to privilege escalation in programs using the idna package. For example, a program which performs privilege checks on the ASCII hostname may reject \"example.com\" but permit \"xn--example-.com\". If that program subsequently converts the ASCII hostname to Unicode, it will inadvertently permits access to the Unicode name \"example.com\".",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.s390x",
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39821",
"url": "https://www.suse.com/security/cve/CVE-2026-39821"
},
{
"category": "external",
"summary": "SUSE Bug 1266474 for CVE-2026-39821",
"url": "https://bugzilla.suse.com/1266474"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.s390x",
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.s390x",
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-07-07T17:00:29Z",
"details": "important"
}
],
"title": "CVE-2026-39821"
},
{
"cve": "CVE-2026-39827",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39827"
}
],
"notes": [
{
"category": "general",
"text": "An authenticated SSH client that repeatedly opened channels which were rejected by the server caused unbounded memory growth, eventually crashing the server process and affecting all connected users. Rejected channels are now properly removed from the connection\u0027s internal state and released for garbage collection.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.s390x",
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39827",
"url": "https://www.suse.com/security/cve/CVE-2026-39827"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-39827",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.s390x",
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.s390x",
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-07-07T17:00:29Z",
"details": "important"
}
],
"title": "CVE-2026-39827"
},
{
"cve": "CVE-2026-39828",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39828"
}
],
"notes": [
{
"category": "general",
"text": "When an SSH server authentication callback returned PartialSuccessError with non-nil Permissions, those permissions were silently discarded, potentially dropping certificate restrictions such as force-command after a second factor succeeded. Returning non-nil Permissions with PartialSuccessError now results in a connection error.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.s390x",
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39828",
"url": "https://www.suse.com/security/cve/CVE-2026-39828"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-39828",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.s390x",
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.s390x",
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-07-07T17:00:29Z",
"details": "important"
}
],
"title": "CVE-2026-39828"
},
{
"cve": "CVE-2026-39829",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39829"
}
],
"notes": [
{
"category": "general",
"text": "The RSA and DSA public key parsers did not enforce size limits on key parameters. A crafted public key with an excessively large modulus or DSA parameter could cause several minutes of CPU consumption during signature verification. This could be triggered by unauthenticated clients during public key authentication. RSA moduli are now limited to 8192 bits, and DSA parameters are validated per FIPS 186-2.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.s390x",
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39829",
"url": "https://www.suse.com/security/cve/CVE-2026-39829"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-39829",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.s390x",
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.s390x",
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-07-07T17:00:29Z",
"details": "important"
}
],
"title": "CVE-2026-39829"
},
{
"cve": "CVE-2026-39830",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39830"
}
],
"notes": [
{
"category": "general",
"text": "A malicious SSH peer could send unsolicited global request responses to fill an internal buffer, blocking the connection\u0027s read loop. The blocked goroutine could not be released by calling Close(), resulting in a resource leak per connection. Unsolicited global responses are now discarded.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.s390x",
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39830",
"url": "https://www.suse.com/security/cve/CVE-2026-39830"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-39830",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.s390x",
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.s390x",
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-07-07T17:00:29Z",
"details": "important"
}
],
"title": "CVE-2026-39830"
},
{
"cve": "CVE-2026-39831",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39831"
}
],
"notes": [
{
"category": "general",
"text": "The Verify() method for FIDO/U2F security key types (sk-ecdsa-sha2-nistp256@openssh.com, sk-ssh-ed25519@openssh.com) did not check the User Presence flag. Signatures generated without physical touch were accepted, allowing unattended use of a hardware security key. To restore the previous behavior, return a \"no-touch-required\" extension in Permissions.Extensions from PublicKeyCallback.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.s390x",
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39831",
"url": "https://www.suse.com/security/cve/CVE-2026-39831"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-39831",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.s390x",
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.s390x",
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-07-07T17:00:29Z",
"details": "important"
}
],
"title": "CVE-2026-39831"
},
{
"cve": "CVE-2026-39832",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39832"
}
],
"notes": [
{
"category": "general",
"text": "When adding a key to a remote agent constraint extensions such as restrict-destination-v00@openssh.com were not serialized in the request. Destination restrictions were silently stripped when forwarding keys, allowing unrestricted use of the key on the remote host. The client now serializes all constraint extensions. Additionally, the in-memory keyring returned by NewKeyring() now rejects keys with unsupported constraint extensions instead of silently ignoring them.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.s390x",
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39832",
"url": "https://www.suse.com/security/cve/CVE-2026-39832"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-39832",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.s390x",
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.s390x",
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-07-07T17:00:29Z",
"details": "important"
}
],
"title": "CVE-2026-39832"
},
{
"cve": "CVE-2026-39833",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39833"
}
],
"notes": [
{
"category": "general",
"text": "The in-memory keyring returned by NewKeyring() silently accepted keys with the ConfirmBeforeUse constraint but never enforced it. The key would sign without any confirmation prompt, with no indication to the caller that the constraint was not in effect. NewKeyring() now returns an error when unsupported constraints are requested.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.s390x",
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39833",
"url": "https://www.suse.com/security/cve/CVE-2026-39833"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-39833",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.s390x",
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.s390x",
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-07-07T17:00:29Z",
"details": "important"
}
],
"title": "CVE-2026-39833"
},
{
"cve": "CVE-2026-39834",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39834"
}
],
"notes": [
{
"category": "general",
"text": "When writing data larger than 4GB in a single Write call on an SSH channel, an integer overflow in the internal payload size calculation caused the write loop to spin indefinitely, sending empty packets without making progress. The size comparison now uses int64 to prevent truncation.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.s390x",
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39834",
"url": "https://www.suse.com/security/cve/CVE-2026-39834"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-39834",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.s390x",
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.s390x",
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-07-07T17:00:29Z",
"details": "important"
}
],
"title": "CVE-2026-39834"
},
{
"cve": "CVE-2026-39835",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39835"
}
],
"notes": [
{
"category": "general",
"text": "SSH servers which use CertChecker as a public key callback without setting IsUserAuthority or IsHostAuthority could be caused to panic by a client presenting a certificate. CertChecker now returns an error instead of panicking when these callbacks are nil.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.s390x",
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39835",
"url": "https://www.suse.com/security/cve/CVE-2026-39835"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-39835",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.s390x",
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.s390x",
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-07-07T17:00:29Z",
"details": "important"
}
],
"title": "CVE-2026-39835"
},
{
"cve": "CVE-2026-41889",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-41889"
}
],
"notes": [
{
"category": "general",
"text": "pgx is a PostgreSQL driver and toolkit for Go. Prior to version 5.9.2, SQL injection can occur when the non-default simple protocol is used, a dollar quoted string literal is used in the SQL query, that string literal contains text that would be would be interpreted as a placeholder outside of a string literal, and the value of that placeholder is controllable by the attacker. This issue has been patched in version 5.9.2.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.s390x",
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-41889",
"url": "https://www.suse.com/security/cve/CVE-2026-41889"
},
{
"category": "external",
"summary": "SUSE Bug 1265433 for CVE-2026-41889",
"url": "https://bugzilla.suse.com/1265433"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.s390x",
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.s390x",
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-07-07T17:00:29Z",
"details": "important"
}
],
"title": "CVE-2026-41889"
},
{
"cve": "CVE-2026-42502",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-42502"
}
],
"notes": [
{
"category": "general",
"text": "Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt to sanitize input HTML before rendering.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.s390x",
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-42502",
"url": "https://www.suse.com/security/cve/CVE-2026-42502"
},
{
"category": "external",
"summary": "SUSE Bug 1267044 for CVE-2026-42502",
"url": "https://bugzilla.suse.com/1267044"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.s390x",
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.s390x",
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-07-07T17:00:29Z",
"details": "important"
}
],
"title": "CVE-2026-42502"
},
{
"cve": "CVE-2026-42506",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-42506"
}
],
"notes": [
{
"category": "general",
"text": "Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt to sanitize input HTML before rendering.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.s390x",
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-42506",
"url": "https://www.suse.com/security/cve/CVE-2026-42506"
},
{
"category": "external",
"summary": "SUSE Bug 1267044 for CVE-2026-42506",
"url": "https://bugzilla.suse.com/1267044"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.s390x",
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.s390x",
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-07-07T17:00:29Z",
"details": "important"
}
],
"title": "CVE-2026-42506"
},
{
"cve": "CVE-2026-42508",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-42508"
}
],
"notes": [
{
"category": "general",
"text": "Previously, a revoked \u0027SignatureKey\u0027 belonging to a CA was not correctly checked for revocation. Now, both the \u0027key\u0027 and \u0027key.SignatureKey\u0027 are checked for @revoked.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.s390x",
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-42508",
"url": "https://www.suse.com/security/cve/CVE-2026-42508"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-42508",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.s390x",
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.s390x",
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-07-07T17:00:29Z",
"details": "important"
}
],
"title": "CVE-2026-42508"
},
{
"cve": "CVE-2026-44740",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-44740"
}
],
"notes": [
{
"category": "general",
"text": "Billy is an interface filesystem abstraction for Go. Prior to versions 5.9.0 and 6.0.0-alpha.1, multiple components may improperly handle crafted or malformed input, resulting in panics, infinite loops, uncontrolled recursion, or excessive resource consumption. These issues arise from insufficient validation and missing safety mechanisms such as cycle detection, recursion limits, or defensive handling of unexpected states when processing untrusted repository data and filesystem structures. This issue has been patched in versions 5.9.0 and 6.0.0-alpha.1.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.s390x",
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-44740",
"url": "https://www.suse.com/security/cve/CVE-2026-44740"
},
{
"category": "external",
"summary": "SUSE Bug 1267264 for CVE-2026-44740",
"url": "https://bugzilla.suse.com/1267264"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.s390x",
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.s390x",
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-07-07T17:00:29Z",
"details": "important"
}
],
"title": "CVE-2026-44740"
},
{
"cve": "CVE-2026-45678",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-45678"
}
],
"notes": [
{
"category": "general",
"text": "OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. Prior to version 0.9.0, the Postgres protocol parser assumes BIND message payloads contain a valid NUL-terminated portal name. A crafted empty or unterminated payload can make OBI slice beyond the end of the captured buffer and panic. This issue has been patched in version 0.9.0.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.s390x",
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-45678",
"url": "https://www.suse.com/security/cve/CVE-2026-45678"
},
{
"category": "external",
"summary": "SUSE Bug 1267481 for CVE-2026-45678",
"url": "https://bugzilla.suse.com/1267481"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.s390x",
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.s390x",
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-07-07T17:00:29Z",
"details": "important"
}
],
"title": "CVE-2026-45678"
},
{
"cve": "CVE-2026-45682",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-45682"
}
],
"notes": [
{
"category": "general",
"text": "OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. Prior to version 0.9.0, the custom CappedConcurrentHashMap introduced for Java TLS state tracking never removes keys from its insertion-order queue when entries are deleted. In long-running instrumented JVMs, repeated connection churn can therefore grow the queue without bound and exhaust heap memory. This issue has been patched in version 0.9.0.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.s390x",
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-45682",
"url": "https://www.suse.com/security/cve/CVE-2026-45682"
},
{
"category": "external",
"summary": "SUSE Bug 1267485 for CVE-2026-45682",
"url": "https://bugzilla.suse.com/1267485"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.s390x",
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.s390x",
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-07-07T17:00:29Z",
"details": "important"
}
],
"title": "CVE-2026-45682"
},
{
"cve": "CVE-2026-45685",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-45685"
}
],
"notes": [
{
"category": "general",
"text": "OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. From version 0.1.0 to before version 0.9.0, malformed MongoDB wire messages can trigger uncaught panics in the MongoDB TCP parser, allowing a remote unauthenticated attacker to crash the telemetry agent and cause a denial of service. The parser operates on raw attacker-controlled network payloads before the input is fully validated, so a single crafted message can terminate telemetry collection for the affected process or node. This issue has been patched in version 0.9.0.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.s390x",
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-45685",
"url": "https://www.suse.com/security/cve/CVE-2026-45685"
},
{
"category": "external",
"summary": "SUSE Bug 1267488 for CVE-2026-45685",
"url": "https://bugzilla.suse.com/1267488"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.s390x",
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.s390x",
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-07-07T17:00:29Z",
"details": "important"
}
],
"title": "CVE-2026-45685"
},
{
"cve": "CVE-2026-45686",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-45686"
}
],
"notes": [
{
"category": "general",
"text": "OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. From version 0.7.0 to before version 0.9.0, a remotely reachable integer overflow in OBI\u0027s memcached text protocol parser can crash the OBI process and cause denial of service. When parsing memcached storage commands such as set, add, replace, append, prepend, or cas, OBI accepts extremely large \u003cbytes\u003e values and adds the payload delimiter length without checking for overflow. A crafted request with \u003cbytes\u003e set to math.MaxInt or math.MaxInt-1 causes the computed payload length to wrap negative and triggers a runtime panic in LargeBufferReader.Peek. This issue has been patched in version 0.9.0.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.s390x",
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-45686",
"url": "https://www.suse.com/security/cve/CVE-2026-45686"
},
{
"category": "external",
"summary": "SUSE Bug 1267489 for CVE-2026-45686",
"url": "https://bugzilla.suse.com/1267489"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.s390x",
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.s390x",
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-07-07T17:00:29Z",
"details": "important"
}
],
"title": "CVE-2026-45686"
},
{
"cve": "CVE-2026-46595",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-46595"
}
],
"notes": [
{
"category": "general",
"text": "Previously, CVE-2024-45337 fixed an authorization bypass for misused ssh server configurations; if any other type of callback is passed other than public key, then the source-address validation would be skipped.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.s390x",
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-46595",
"url": "https://www.suse.com/security/cve/CVE-2026-46595"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-46595",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.s390x",
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.s390x",
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-07-07T17:00:29Z",
"details": "important"
}
],
"title": "CVE-2026-46595"
},
{
"cve": "CVE-2026-46597",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-46597"
}
],
"notes": [
{
"category": "general",
"text": "An incorrectly placed cast from bytes to int allowed for server-side panic in the AES-GCM packet decoder for well-crafted inputs.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.s390x",
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-46597",
"url": "https://www.suse.com/security/cve/CVE-2026-46597"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-46597",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.s390x",
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.s390x",
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-07-07T17:00:29Z",
"details": "important"
}
],
"title": "CVE-2026-46597"
},
{
"cve": "CVE-2026-46598",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-46598"
}
],
"notes": [
{
"category": "general",
"text": "For certain crafted inputs, a \u0027ed25519.PrivateKey\u0027 was created by casting malformed wire bytes, leading to a panic when used.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.s390x",
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-46598",
"url": "https://www.suse.com/security/cve/CVE-2026-46598"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-46598",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.s390x",
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.s390x",
"openSUSE Leap 16.0:alloy-1.17.0-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-07-07T17:00:29Z",
"details": "important"
}
],
"title": "CVE-2026-46598"
}
]
}
RHSA-2026:23262
Vulnerability from csaf_redhat - Published: 2026-06-04 12:39 - Updated: 2026-07-10 16:54A flaw was found in the `net` package of Go (golang), specifically when using the `LookupCNAME` function with the `cgo` DNS resolver. A remote attacker could exploit this by providing a very long Canonical Name (CNAME) response. This can trigger a double-free of C memory, leading to a crash and a Denial of Service (DoS) for the affected application.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in the HTTP/2 protocol implementation within the Go standard library (golang.org/x/net and net/http/internal/http2). A remote attacker can exploit this vulnerability by sending a specially crafted HTTP/2 SETTINGS frame with the SETTINGS_MAX_FRAME_SIZE parameter set to zero. This malicious frame causes the transport layer to enter an infinite loop of writing CONTINUATION frames, leading to resource exhaustion and a Denial of Service (DoS) condition.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in golang.org/x/net/idna. ToASCII and ToUnicode incorrectly accept Punycode-encoded labels that decode to an ASCII-only hostname (for example, xn--example-.com returns example.com instead of an error). Applications that validate the ASCII form then convert to Unicode may grant access to a restricted hostname the ASCII check would have rejected.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in the `html/template` package of Go. A remote attacker could exploit this vulnerability by inserting ASCII whitespaces around the equals sign (`=`) within a URL's content attribute inside a `<meta>` tag. This improper escaping could lead to Cross-Site Scripting (XSS), allowing the attacker to execute malicious scripts in the user's browser.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in the `net/http/httputil` package, specifically within the `ReverseProxy` component. This vulnerability allows the `ReverseProxy` to forward query parameters that are not visible to `Rewrite` functions. This occurs because the `ReverseProxy` does not correctly consider the `url.ParseQuery` limit on the total number of query parameters. A remote attacker could exploit this to send hidden query parameters, potentially bypassing security policies or controls implemented by `Rewrite` functions, leading to information disclosure or unexpected behavior.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in html/template. A trusted template author could craft a script tag with an empty or whitespace-only 'type' attribute. This vulnerability causes the template engine to incorrectly escape data passed into the script block, potentially leading to cross-site scripting (XSS). An attacker could leverage this to execute arbitrary client-side scripts in a user's browser.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in the net/textproto package in Golang. When functions in this package return errors, they include their input as part of the error message. An attacker could exploit this by injecting misleading content into these error messages, which are then printed or logged. This could lead to confusion or misinterpretation of critical system information.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in golang.org/x/crypto/ssh/knownhosts. This vulnerability occurs because the system did not correctly check for the revocation status of a SignatureKey belonging to a Certificate Authority (CA). A remote attacker could potentially exploit this by presenting a revoked key, leading to the system accepting it as valid. This could allow an attacker to bypass security checks and potentially gain unauthorized access or spoof legitimate entities.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@src | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@x86_64 | — |
Vendor Fix
fix
|
A flaw was found in golang.org/x/crypto/ssh. Source-address validation can be skipped when an SSH server configuration uses an authentication callback type other than public key, allowing authorization bypass in misconfigured servers. This is a follow-on to incomplete coverage from the CVE-2024-45337 fix.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for Red Hat Hardened Images RPMs is now available.",
"title": "Topic"
},
{
"category": "general",
"text": "This update includes the following RPMs:\n\ngolang1.25:\n * golang1.25-1.25.11-2.hum1 (aarch64, x86_64)\n * golang1.25-bin-1.25.11-2.hum1 (aarch64, x86_64)\n * golang1.25-docs-1.25.11-2.hum1 (noarch)\n * golang1.25-misc-1.25.11-2.hum1 (noarch)\n * golang1.25-src-1.25.11-2.hum1 (noarch)\n * golang1.25-tests-1.25.11-2.hum1 (noarch)\n * golang1.25-1.25.11-2.hum1.src (src)",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:23262",
"url": "https://access.redhat.com/errata/RHSA-2026:23262"
},
{
"category": "external",
"summary": "https://images.redhat.com/",
"url": "https://images.redhat.com/"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-42504",
"url": "https://access.redhat.com/security/cve/CVE-2026-42504"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-27145",
"url": "https://access.redhat.com/security/cve/CVE-2026-27145"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-42507",
"url": "https://access.redhat.com/security/cve/CVE-2026-42507"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-39821",
"url": "https://access.redhat.com/security/cve/CVE-2026-39821"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-46595",
"url": "https://access.redhat.com/security/cve/CVE-2026-46595"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-39826",
"url": "https://access.redhat.com/security/cve/CVE-2026-39826"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-33811",
"url": "https://access.redhat.com/security/cve/CVE-2026-33811"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-39820",
"url": "https://access.redhat.com/security/cve/CVE-2026-39820"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-39836",
"url": "https://access.redhat.com/security/cve/CVE-2026-39836"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-39825",
"url": "https://access.redhat.com/security/cve/CVE-2026-39825"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-39823",
"url": "https://access.redhat.com/security/cve/CVE-2026-39823"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-33814",
"url": "https://access.redhat.com/security/cve/CVE-2026-33814"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-42508",
"url": "https://access.redhat.com/security/cve/CVE-2026-42508"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-42501",
"url": "https://access.redhat.com/security/cve/CVE-2026-42501"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_23262.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update",
"tracking": {
"current_release_date": "2026-07-10T16:54:08+00:00",
"generator": {
"date": "2026-07-10T16:54:08+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.2"
}
},
"id": "RHSA-2026:23262",
"initial_release_date": "2026-06-04T12:39:22+00:00",
"revision_history": [
{
"date": "2026-06-04T12:39:22+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-06-26T14:08:43+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-07-10T16:54:08+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Hardened Images",
"product": {
"name": "Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:hummingbird:1"
}
}
}
],
"category": "product_family",
"name": "Red Hat Hardened Images"
},
{
"branches": [
{
"category": "product_version",
"name": "golang1-25-main@aarch64",
"product": {
"name": "golang1-25-main@aarch64",
"product_id": "golang1-25-main@aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/golang1.25@1.25.11-2.hum1?arch=aarch64\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-aarch64-rpms"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "golang1-25-main@src",
"product": {
"name": "golang1-25-main@src",
"product_id": "golang1-25-main@src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/golang1.25@1.25.11-2.hum1?arch=src\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-source-rpms"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "golang1-25-main@x86_64",
"product": {
"name": "golang1-25-main@x86_64",
"product_id": "golang1-25-main@x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/golang1.25@1.25.11-2.hum1?arch=x86_64\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-x86_64-rpms"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "golang1-25-main@noarch",
"product": {
"name": "golang1-25-main@noarch",
"product_id": "golang1-25-main@noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/golang1.25-docs@1.25.11-2.hum1?arch=noarch\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-x86_64-rpms"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "golang1-25-main@aarch64 as a component of Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images:golang1-25-main@aarch64"
},
"product_reference": "golang1-25-main@aarch64",
"relates_to_product_reference": "Red Hat Hardened Images"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang1-25-main@noarch as a component of Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images:golang1-25-main@noarch"
},
"product_reference": "golang1-25-main@noarch",
"relates_to_product_reference": "Red Hat Hardened Images"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang1-25-main@src as a component of Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images:golang1-25-main@src"
},
"product_reference": "golang1-25-main@src",
"relates_to_product_reference": "Red Hat Hardened Images"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang1-25-main@x86_64 as a component of Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images:golang1-25-main@x86_64"
},
"product_reference": "golang1-25-main@x86_64",
"relates_to_product_reference": "Red Hat Hardened Images"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-33811",
"cwe": {
"id": "CWE-1341",
"name": "Multiple Releases of Same Resource or Handle"
},
"discovery_date": "2026-05-07T20:01:34.913869+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2467822"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the `net` package of Go (golang), specifically when using the `LookupCNAME` function with the `cgo` DNS resolver. A remote attacker could exploit this by providing a very long Canonical Name (CNAME) response. This can trigger a double-free of C memory, leading to a crash and a Denial of Service (DoS) for the affected application.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "net: golang: Go net package: Denial of Service via long CNAME response in LookupCNAME",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an Important denial of service vulnerability in the Go `net` package, affecting applications configured to use the `cgo` DNS resolver. A remote attacker could trigger a double-free memory error by providing a very long CNAME response, leading to a crash of the vulnerable application and impacting service availability.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-33811"
},
{
"category": "external",
"summary": "RHBZ#2467822",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467822"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-33811",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33811"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-33811",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33811"
},
{
"category": "external",
"summary": "https://go.dev/cl/767860",
"url": "https://go.dev/cl/767860"
},
{
"category": "external",
"summary": "https://go.dev/issue/78803",
"url": "https://go.dev/issue/78803"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/qcCIEXso47M",
"url": "https://groups.google.com/g/golang-announce/c/qcCIEXso47M"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4981",
"url": "https://pkg.go.dev/vuln/GO-2026-4981"
}
],
"release_date": "2026-05-07T19:41:19.285000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-04T12:39:22+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:23262"
},
{
"category": "workaround",
"details": "To mitigate this issue, applications can be configured to use the pure Go DNS resolver instead of the `cgo` DNS resolver. This can be achieved by setting the `GODEBUG` environment variable to `netdns=go`. For example, to run a Go application with this mitigation: `GODEBUG=netdns=go /path/to/your/go/application`. This change may require restarting affected applications or services to take effect. Users should verify that this change does not negatively impact DNS resolution for their specific application environment.",
"product_ids": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "net: golang: Go net package: Denial of Service via long CNAME response in LookupCNAME"
},
{
"cve": "CVE-2026-33814",
"cwe": {
"id": "CWE-606",
"name": "Unchecked Input for Loop Condition"
},
"discovery_date": "2026-05-07T20:01:11.324941+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2467815"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the HTTP/2 protocol implementation within the Go standard library (golang.org/x/net and net/http/internal/http2). A remote attacker can exploit this vulnerability by sending a specially crafted HTTP/2 SETTINGS frame with the SETTINGS_MAX_FRAME_SIZE parameter set to zero. This malicious frame causes the transport layer to enter an infinite loop of writing CONTINUATION frames, leading to resource exhaustion and a Denial of Service (DoS) condition.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "net/http/internal/http2: golang: golang.org/x/net: Go HTTP/2: Denial of Service via malformed SETTINGS_MAX_FRAME_SIZE frame",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This Important denial of service flaw in the Go HTTP/2 protocol implementation allows a remote, unauthenticated attacker to exhaust system resources. By sending a specially crafted HTTP/2 SETTINGS frame with a zero-value SETTINGS_MAX_FRAME_SIZE, the vulnerable Go library enters an infinite loop, impacting the availability of services utilizing HTTP/2.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-33814"
},
{
"category": "external",
"summary": "RHBZ#2467815",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467815"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-33814",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33814"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-33814",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33814"
},
{
"category": "external",
"summary": "https://go.dev/cl/761581",
"url": "https://go.dev/cl/761581"
},
{
"category": "external",
"summary": "https://go.dev/cl/761640",
"url": "https://go.dev/cl/761640"
},
{
"category": "external",
"summary": "https://go.dev/issue/78476",
"url": "https://go.dev/issue/78476"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/qcCIEXso47M",
"url": "https://groups.google.com/g/golang-announce/c/qcCIEXso47M"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4918",
"url": "https://pkg.go.dev/vuln/GO-2026-4918"
}
],
"release_date": "2026-05-07T19:41:17.631000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-04T12:39:22+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:23262"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "net/http/internal/http2: golang: golang.org/x/net: Go HTTP/2: Denial of Service via malformed SETTINGS_MAX_FRAME_SIZE frame"
},
{
"cve": "CVE-2026-39821",
"cwe": {
"id": "CWE-1289",
"name": "Improper Validation of Unsafe Equivalence in Input"
},
"discovery_date": "2026-05-22T16:00:52.844126+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2480756"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang.org/x/net/idna. ToASCII and ToUnicode incorrectly accept Punycode-encoded labels that decode to an ASCII-only hostname (for example, xn--example-.com returns example.com instead of an error). Applications that validate the ASCII form then convert to Unicode may grant access to a restricted hostname the ASCII check would have rejected.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/net/idna: golang: golang.org/x/net/idna: Privilege escalation via incorrect Punycode label processing",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "golang.org/x/net/idna is vulnerable to privilege escalation through incorrect Punycode label handling in ToASCII and ToUnicode. An attacker who can supply a Punycode hostname that passes an ASCII-only authorization check may have it normalized to a restricted ASCII name the application intended to block. Red Hat exposure is broad across products shipping the Go toolchain or bundling golang.org/x/net, including RHEL and RHEL-AI golang RPMs, hummingbird Go runtimes, OpenShift and ODF container builds, and Ceph/OpenShift components compiled against affected x/net versions.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-39821"
},
{
"category": "external",
"summary": "RHBZ#2480756",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2480756"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-39821",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-39821"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-39821",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39821"
},
{
"category": "external",
"summary": "https://go.dev/cl/767220",
"url": "https://go.dev/cl/767220"
},
{
"category": "external",
"summary": "https://go.dev/issue/78760",
"url": "https://go.dev/issue/78760"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/iI-mYSI0lu8",
"url": "https://groups.google.com/g/golang-announce/c/iI-mYSI0lu8"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-5026",
"url": "https://pkg.go.dev/vuln/GO-2026-5026"
}
],
"release_date": "2026-05-22T15:01:21.462000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-04T12:39:22+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:23262"
},
{
"category": "workaround",
"details": "Upgrade to a fixed golang.org/x/net release that includes the idna correction, via updated golang or dependent package rebuilds.",
"product_ids": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang.org/x/net/idna: golang: golang.org/x/net/idna: Privilege escalation via incorrect Punycode label processing"
},
{
"cve": "CVE-2026-39823",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2026-05-07T20:00:58.284024+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2467811"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the `html/template` package of Go. A remote attacker could exploit this vulnerability by inserting ASCII whitespaces around the equals sign (`=`) within a URL\u0027s content attribute inside a `\u003cmeta\u003e` tag. This improper escaping could lead to Cross-Site Scripting (XSS), allowing the attacker to execute malicious scripts in the user\u0027s browser.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "html/template: golang: Go html/template: Cross-Site Scripting via improper URL escaping in meta tag content",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat products ship the Go `html/template` package as a dependency of various Go-based components. The affected functionality involves URL escaping inside `\u003cmeta\u003e` tag content attributes, which requires an application to render user-controlled URLs in meta tags using `html/template`. While the vulnerable code is present, exploitation requires a specific usage pattern that is uncommon in Red Hat product code paths.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-39823"
},
{
"category": "external",
"summary": "RHBZ#2467811",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467811"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-39823",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-39823"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-39823",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39823"
},
{
"category": "external",
"summary": "https://go.dev/cl/769920",
"url": "https://go.dev/cl/769920"
},
{
"category": "external",
"summary": "https://go.dev/issue/78913",
"url": "https://go.dev/issue/78913"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/qcCIEXso47M",
"url": "https://groups.google.com/g/golang-announce/c/qcCIEXso47M"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4982",
"url": "https://pkg.go.dev/vuln/GO-2026-4982"
}
],
"release_date": "2026-05-07T19:41:19.524000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-04T12:39:22+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:23262"
},
{
"category": "workaround",
"details": "Ensure that user-supplied URLs are validated and sanitized before being passed to Go\u0027s `html/template` package for rendering in HTML meta tag content attributes. Avoid rendering untrusted URL data directly in meta tag content attributes.",
"product_ids": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "html/template: golang: Go html/template: Cross-Site Scripting via improper URL escaping in meta tag content"
},
{
"cve": "CVE-2026-39825",
"cwe": {
"id": "CWE-472",
"name": "External Control of Assumed-Immutable Web Parameter"
},
"discovery_date": "2026-05-07T20:01:37.714133+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2467823"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the `net/http/httputil` package, specifically within the `ReverseProxy` component. This vulnerability allows the `ReverseProxy` to forward query parameters that are not visible to `Rewrite` functions. This occurs because the `ReverseProxy` does not correctly consider the `url.ParseQuery` limit on the total number of query parameters. A remote attacker could exploit this to send hidden query parameters, potentially bypassing security policies or controls implemented by `Rewrite` functions, leading to information disclosure or unexpected behavior.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "net/http/httputil: golang: net/http/httputil: ReverseProxy forwards hidden query parameters, potentially bypassing security controls",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "A flaw was found in Go\u0027s net/http/httputil package where ReverseProxy can forward query parameters that are hidden from Rewrite or Director functions. This occurs when the number of query parameters exceeds the url.ParseQuery limit (controlled by the GODEBUG setting urlmaxqueryparams). While Red Hat ships Go-based components across many products, exploitation requires that an application use ReverseProxy with a Rewrite or Director function that relies on query parameter inspection for security enforcement, which limits the practical impact of this vulnerability.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-39825"
},
{
"category": "external",
"summary": "RHBZ#2467823",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467823"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-39825",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-39825"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-39825",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39825"
},
{
"category": "external",
"summary": "https://go.dev/cl/770541",
"url": "https://go.dev/cl/770541"
},
{
"category": "external",
"summary": "https://go.dev/issue/78948",
"url": "https://go.dev/issue/78948"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/qcCIEXso47M",
"url": "https://groups.google.com/g/golang-announce/c/qcCIEXso47M"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4976",
"url": "https://pkg.go.dev/vuln/GO-2026-4976"
}
],
"release_date": "2026-05-07T19:41:18.453000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-04T12:39:22+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:23262"
},
{
"category": "workaround",
"details": "Increase the maximum number of query parameters allowed by setting the GODEBUG environment variable `urlmaxqueryparams` to a higher value (e.g., `GODEBUG=urlmaxqueryparams=20000`), or validate and enforce security controls on query parameters at the backend service rather than relying solely on the ReverseProxy\u0027s Rewrite or Director function for security filtering.",
"product_ids": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "net/http/httputil: golang: net/http/httputil: ReverseProxy forwards hidden query parameters, potentially bypassing security controls"
},
{
"cve": "CVE-2026-39826",
"cwe": {
"id": "CWE-1289",
"name": "Improper Validation of Unsafe Equivalence in Input"
},
"discovery_date": "2026-05-07T20:01:46.305827+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2467826"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in html/template. A trusted template author could craft a script tag with an empty or whitespace-only \u0027type\u0027 attribute. This vulnerability causes the template engine to incorrectly escape data passed into the script block, potentially leading to cross-site scripting (XSS). An attacker could leverage this to execute arbitrary client-side scripts in a user\u0027s browser.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "html/template: golang: html/template: Cross-site scripting due to incorrect script tag escaping",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-39826"
},
{
"category": "external",
"summary": "RHBZ#2467826",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467826"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-39826",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-39826"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-39826",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39826"
},
{
"category": "external",
"summary": "https://go.dev/cl/771180",
"url": "https://go.dev/cl/771180"
},
{
"category": "external",
"summary": "https://go.dev/issue/78981",
"url": "https://go.dev/issue/78981"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/qcCIEXso47M",
"url": "https://groups.google.com/g/golang-announce/c/qcCIEXso47M"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4980",
"url": "https://pkg.go.dev/vuln/GO-2026-4980"
}
],
"release_date": "2026-05-07T19:41:19.138000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-04T12:39:22+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:23262"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "html/template: golang: html/template: Cross-site scripting due to incorrect script tag escaping"
},
{
"cve": "CVE-2026-42507",
"cwe": {
"id": "CWE-117",
"name": "Improper Output Neutralization for Logs"
},
"discovery_date": "2026-06-02T23:01:03.125126+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2484205"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the net/textproto package in Golang. When functions in this package return errors, they include their input as part of the error message. An attacker could exploit this by injecting misleading content into these error messages, which are then printed or logged. This could lead to confusion or misinterpretation of critical system information.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "net/textproto: golang: Golang net/textproto: Misleading error messages via input injection",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42507"
},
{
"category": "external",
"summary": "RHBZ#2484205",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2484205"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42507",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42507"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42507",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42507"
},
{
"category": "external",
"summary": "https://go.dev/cl/777060",
"url": "https://go.dev/cl/777060"
},
{
"category": "external",
"summary": "https://go.dev/issue/79346",
"url": "https://go.dev/issue/79346"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/tKs3rmcBcKw",
"url": "https://groups.google.com/g/golang-announce/c/tKs3rmcBcKw"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-5039",
"url": "https://pkg.go.dev/vuln/GO-2026-5039"
}
],
"release_date": "2026-06-02T22:01:37.307000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-04T12:39:22+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:23262"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "net/textproto: golang: Golang net/textproto: Misleading error messages via input injection"
},
{
"cve": "CVE-2026-42508",
"cwe": {
"id": "CWE-295",
"name": "Improper Certificate Validation"
},
"discovery_date": "2026-05-22T04:01:49.515058+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2480688"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang.org/x/crypto/ssh/knownhosts. This vulnerability occurs because the system did not correctly check for the revocation status of a SignatureKey belonging to a Certificate Authority (CA). A remote attacker could potentially exploit this by presenting a revoked key, leading to the system accepting it as valid. This could allow an attacker to bypass security checks and potentially gain unauthorized access or spoof legitimate entities.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/crypto/ssh/knownhosts: golang: golang.org/x/crypto/ssh/knownhosts: Revocation bypass via unchecked SignatureKey",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Important: A flaw in `golang.org/x/crypto/ssh/knownhosts` allows a remote attacker to bypass security checks. This vulnerability arises because the system fails to properly verify the revocation status of a Certificate Authority (CA) `SignatureKey`. In Red Hat environments, this could enable an attacker to present a revoked key, leading to its acceptance as valid and potentially granting unauthorized access or facilitating the spoofing of legitimate entities.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42508"
},
{
"category": "external",
"summary": "RHBZ#2480688",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2480688"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42508",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42508"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42508",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42508"
},
{
"category": "external",
"summary": "https://go.dev/cl/781220",
"url": "https://go.dev/cl/781220"
},
{
"category": "external",
"summary": "https://go.dev/issue/79568",
"url": "https://go.dev/issue/79568"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/a082jnz-LvI",
"url": "https://groups.google.com/g/golang-announce/c/a082jnz-LvI"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-5021",
"url": "https://pkg.go.dev/vuln/GO-2026-5021"
}
],
"release_date": "2026-05-22T02:31:27.644000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-04T12:39:22+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:23262"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang.org/x/crypto/ssh/knownhosts: golang: golang.org/x/crypto/ssh/knownhosts: Revocation bypass via unchecked SignatureKey"
},
{
"cve": "CVE-2026-46595",
"cwe": {
"id": "CWE-303",
"name": "Incorrect Implementation of Authentication Algorithm"
},
"discovery_date": "2026-05-22T04:01:52.215134+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2480689"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang.org/x/crypto/ssh. Source-address validation can be skipped when an SSH server configuration uses an authentication callback type other than public key, allowing authorization bypass in misconfigured servers. This is a follow-on to incomplete coverage from the CVE-2024-45337 fix.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Authorization bypass due to skipped source-address validation",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "golang.org/x/crypto/ssh is vulnerable to authorization bypass when SSH server configurations rely on source-address validation alongside non-public-key authentication callbacks. An attacker with low privileges who can authenticate through such a callback path may bypass intended source-address restrictions and gain unauthorized SSH access. Red Hat impact sits in services built with affected x/crypto/ssh, including RHEL golang streams, hummingbird Go toolchains, RHACM/MCE agents, and OpenShift or Ceph components that embed Go SSH servers with mixed callback types.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-46595"
},
{
"category": "external",
"summary": "RHBZ#2480689",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2480689"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-46595",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-46595"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-46595",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-46595"
},
{
"category": "external",
"summary": "https://go.dev/cl/781642",
"url": "https://go.dev/cl/781642"
},
{
"category": "external",
"summary": "https://go.dev/issue/79570",
"url": "https://go.dev/issue/79570"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/a082jnz-LvI",
"url": "https://groups.google.com/g/golang-announce/c/a082jnz-LvI"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-5023",
"url": "https://pkg.go.dev/vuln/GO-2026-5023"
}
],
"release_date": "2026-05-22T02:31:27.894000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-04T12:39:22+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:23262"
},
{
"category": "workaround",
"details": "Upgrade to a fixed golang.org/x/crypto/ssh release via updated golang or package rebuilds. Ensure SSH servers use supported public-key callback configurations with source-address validation as intended.",
"product_ids": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Authorization bypass due to skipped source-address validation"
}
]
}
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.