Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2026-39830 (GCVE-0-2026-39830)
Vulnerability from cvelistv5 – Published: 2026-05-22 02:31 – Updated: 2026-07-08 12:05| URL | Tags |
|---|---|
| https://go.dev/issue/79564 | |
| https://groups.google.com/g/golang-announce/c/a08… | |
| https://go.dev/cl/781640 | |
| https://go.dev/cl/781664 | |
| https://pkg.go.dev/vuln/GO-2026-5017 | |
| https://access.redhat.com/security/cve/CVE-2026-39830 | vdb-entryx_refsource_REDHAT |
| https://bugzilla.redhat.com/show_bug.cgi?id=2480684 | issue-trackingx_refsource_REDHAT |
| https://security.access.redhat.com/data/csaf/v2/v… | x_sadp-csaf-vex |
| https://access.redhat.com/errata/RHSA-2026:36199 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:35833 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:29455 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:36625 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:36207 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:36319 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:36648 | vendor-advisoryx_refsource_REDHAT |
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-39830",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-22T18:54:26.306252Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-22T18:54:54.686Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"affected": [
{
"cpes": [
"cpe:/o:redhat:enterprise_linux:10.2"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux AppStream (v. 10)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:enterprise_linux:8::appstream"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux AppStream (v. 8)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:enterprise_linux:9::appstream"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux AppStream (v. 9)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:advanced_cluster_security:4.10::el8"
],
"defaultStatus": "affected",
"product": "Red Hat Advanced Cluster Security for Kubernetes 4.10",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:advanced_cluster_security:4.11::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Advanced Cluster Security for Kubernetes 4.11",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:advanced_cluster_security:4.9::el8"
],
"defaultStatus": "affected",
"product": "Red Hat Advanced Cluster Security for Kubernetes 4.9",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_builds:1.7::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Builds 1.7.4",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:assisted_installer:2"
],
"defaultStatus": "affected",
"product": "Assisted Installer for Red Hat OpenShift Container Platform 2",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:cert_manager:1"
],
"defaultStatus": "affected",
"product": "cert-manager Operator for Red Hat OpenShift",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:confidential_compute_attestation:1"
],
"defaultStatus": "affected",
"product": "Confidential Compute Attestation",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:cryostat:4"
],
"defaultStatus": "affected",
"product": "Cryostat 4",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:external_secrets_operator:1"
],
"defaultStatus": "affected",
"product": "External Secrets Operator for Red Hat OpenShift",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:multicluster_engine"
],
"defaultStatus": "affected",
"product": "Multicluster Engine for Kubernetes",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_api_data_protection:1"
],
"defaultStatus": "affected",
"product": "OpenShift API for Data Protection",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_pipelines:1"
],
"defaultStatus": "affected",
"product": "OpenShift Pipelines",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:serverless:1"
],
"defaultStatus": "affected",
"product": "OpenShift Serverless",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:acm:2"
],
"defaultStatus": "affected",
"product": "Red Hat Advanced Cluster Management for Kubernetes 2",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:advanced_cluster_security:4"
],
"defaultStatus": "affected",
"product": "Red Hat Advanced Cluster Security 4",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:ceph_storage:9"
],
"defaultStatus": "affected",
"product": "Red Hat Ceph Storage 9",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:edge_manager:1"
],
"defaultStatus": "affected",
"product": "Red Hat Edge Manager 1",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux:10"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux 10",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_ai"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift AI (RHOAI)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift:4"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Container Platform 4",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_devspaces:3"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Dev Spaces",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:devworkspace"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Dev Workspaces Operator",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:windows_machine_config"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift for Windows Containers",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_gitops:1"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift GitOps",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_service_on_aws:1"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift on AWS",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:container_native_virtualization:4"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Virtualization 4",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openstack:16.2"
],
"defaultStatus": "affected",
"product": "Red Hat OpenStack Platform 16.2",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openstack:17.1"
],
"defaultStatus": "affected",
"product": "Red Hat OpenStack Platform 17.1",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:quay:3"
],
"defaultStatus": "affected",
"product": "Red Hat Quay 3",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:trusted_artifact_signer:1"
],
"defaultStatus": "affected",
"product": "Red Hat Trusted Artifact Signer",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_security_profiles_operator:1"
],
"defaultStatus": "affected",
"product": "Security Profiles Operator",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:zero_trust_workload_identity_manager:1"
],
"defaultStatus": "affected",
"product": "Zero Trust Workload Identity Manager",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:zero_trust_workload_identity_manager:0"
],
"defaultStatus": "affected",
"product": "Zero Trust Workload Identity Manager - Tech Preview",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_data_foundation:4"
],
"defaultStatus": "unaffected",
"product": "Red Hat Openshift Data Foundation 4",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openstack:18.0"
],
"defaultStatus": "unaffected",
"product": "Red Hat OpenStack Platform 18.0",
"vendor": "Red Hat"
}
],
"datePublic": "2026-05-22T02:31:27.208Z",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in golang.org/x/crypto/ssh. A remote malicious SSH peer can exploit this by sending unsolicited global request responses, which fills an internal buffer and blocks the connection\u0027s read loop. This prevents the associated resources from being released, leading to a resource leak per connection. The consequence is a Denial of Service (DoS) for the affected system."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Important"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-772",
"description": "Missing Release of Resource after Effective Lifetime",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-08T12:05:43.142Z",
"orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
"shortName": "redhat-SADP"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2026-39830"
},
{
"name": "RHBZ#2480684",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2480684"
},
{
"tags": [
"x_sadp-csaf-vex"
],
"url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-39830.json"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:36199"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:35833"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:29455"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:36625"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:36207"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:36319"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:36648"
}
],
"solutions": [
{
"lang": "en",
"value": "RHSA-2026:36199: Red Hat Enterprise Linux AppStream (v. 10)"
},
{
"lang": "en",
"value": "RHSA-2026:35833: Red Hat Enterprise Linux AppStream (v. 8)"
},
{
"lang": "en",
"value": "RHSA-2026:29455: Red Hat Enterprise Linux AppStream (v. 9)"
},
{
"lang": "en",
"value": "RHSA-2026:36625: Red Hat Advanced Cluster Security for Kubernetes 4.10"
},
{
"lang": "en",
"value": "RHSA-2026:36207: Red Hat Advanced Cluster Security for Kubernetes 4.11"
},
{
"lang": "en",
"value": "RHSA-2026:36319: Red Hat Advanced Cluster Security for Kubernetes 4.9"
},
{
"lang": "en",
"value": "RHSA-2026:36648: Red Hat OpenShift Builds 1.7.4"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-05-22T04:01:38.517Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2026-05-22T02:31:27.208Z",
"value": "Made public."
}
],
"title": "golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Service via resource leak from unsolicited SSH responses",
"workarounds": [
{
"lang": "en",
"value": "To mitigate this denial of service vulnerability, restrict network access to any service that utilizes the `golang.org/x/crypto/ssh` library and is exposed to untrusted networks. Implement firewall rules to allow connections only from trusted hosts or networks. This action limits the ability of malicious peers to send unsolicited global request responses. A restart of the affected service may be necessary for the new network rules to be applied effectively."
}
],
"x_adpType": "supplier",
"x_generator": {
"engine": "sadp-cli 1.0.0"
}
}
],
"cna": {
"affected": [
{
"collectionURL": "https://pkg.go.dev",
"defaultStatus": "unaffected",
"packageName": "golang.org/x/crypto/ssh",
"product": "golang.org/x/crypto/ssh",
"programRoutines": [
{
"name": "mux.SendRequest"
},
{
"name": "mux.handleGlobalPacket"
},
{
"name": "channel.handlePacket"
},
{
"name": "channel.SendRequest"
},
{
"name": "Client.Listen"
},
{
"name": "Client.ListenTCP"
},
{
"name": "Client.ListenUnix"
},
{
"name": "Dial"
},
{
"name": "NewClientConn"
},
{
"name": "NewServerConn"
},
{
"name": "Session.CombinedOutput"
},
{
"name": "Session.Output"
},
{
"name": "Session.RequestPty"
},
{
"name": "Session.RequestSubsystem"
},
{
"name": "Session.Run"
},
{
"name": "Session.SendRequest"
},
{
"name": "Session.Setenv"
},
{
"name": "Session.Shell"
},
{
"name": "Session.Signal"
},
{
"name": "Session.Start"
},
{
"name": "Session.WindowChange"
},
{
"name": "tcpListener.Close"
},
{
"name": "unixListener.Close"
}
],
"vendor": "golang.org/x/crypto",
"versions": [
{
"lessThan": "0.52.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "NCC Group Cryptography Services, sponsored by Teleport"
}
],
"descriptions": [
{
"lang": "en",
"value": "A malicious SSH peer could send unsolicited global request responses to fill an internal buffer, blocking the connection\u0027s read loop. The blocked goroutine could not be released by calling Close(), resulting in a resource leak per connection. Unsolicited global responses are now discarded."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-833: Deadlock",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-22T02:31:27.208Z",
"orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
"shortName": "Go"
},
"references": [
{
"url": "https://go.dev/issue/79564"
},
{
"url": "https://groups.google.com/g/golang-announce/c/a082jnz-LvI"
},
{
"url": "https://go.dev/cl/781640"
},
{
"url": "https://go.dev/cl/781664"
},
{
"url": "https://pkg.go.dev/vuln/GO-2026-5017"
}
],
"title": "Invoking client can cause server deadlock on unexpected responses in golang.org/x/crypto/ssh"
}
},
"cveMetadata": {
"assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
"assignerShortName": "Go",
"cveId": "CVE-2026-39830",
"datePublished": "2026-05-22T02:31:27.208Z",
"dateReserved": "2026-04-07T18:13:03.528Z",
"dateUpdated": "2026-07-08T12:05:43.142Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2026-39830",
"date": "2026-07-08",
"epss": "0.00513",
"percentile": "0.39989"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2026-39830\",\"sourceIdentifier\":\"security@golang.org\",\"published\":\"2026-05-22T04:16:22.440\",\"lastModified\":\"2026-07-08T13:16:40.620\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A malicious SSH peer could send unsolicited global request responses to fill an internal buffer, blocking the connection\u0027s read loop. The blocked goroutine could not be released by calling Close(), resulting in a resource leak per connection. Unsolicited global responses are now discarded.\"}],\"affected\":[{\"source\":\"security@golang.org\",\"affectedData\":[{\"vendor\":\"golang.org/x/crypto\",\"product\":\"golang.org/x/crypto/ssh\",\"defaultStatus\":\"unaffected\",\"collectionURL\":\"https://pkg.go.dev\",\"packageName\":\"golang.org/x/crypto/ssh\",\"programRoutines\":[{\"name\":\"mux.SendRequest\"},{\"name\":\"mux.handleGlobalPacket\"},{\"name\":\"channel.handlePacket\"},{\"name\":\"channel.SendRequest\"},{\"name\":\"Client.Listen\"},{\"name\":\"Client.ListenTCP\"},{\"name\":\"Client.ListenUnix\"},{\"name\":\"Dial\"},{\"name\":\"NewClientConn\"},{\"name\":\"NewServerConn\"},{\"name\":\"Session.CombinedOutput\"},{\"name\":\"Session.Output\"},{\"name\":\"Session.RequestPty\"},{\"name\":\"Session.RequestSubsystem\"},{\"name\":\"Session.Run\"},{\"name\":\"Session.SendRequest\"},{\"name\":\"Session.Setenv\"},{\"name\":\"Session.Shell\"},{\"name\":\"Session.Signal\"},{\"name\":\"Session.Start\"},{\"name\":\"Session.WindowChange\"},{\"name\":\"tcpListener.Close\"},{\"name\":\"unixListener.Close\"}],\"versions\":[{\"version\":\"0\",\"lessThan\":\"0.52.0\",\"versionType\":\"semver\",\"status\":\"affected\"}]}]},{\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\",\"affectedData\":[{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux AppStream (v. 10)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/o:redhat:enterprise_linux:10.2\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux AppStream (v. 8)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:enterprise_linux:8::appstream\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux AppStream (v. 9)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:enterprise_linux:9::appstream\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Advanced Cluster Security for Kubernetes 4.10\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:advanced_cluster_security:4.10::el8\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Advanced Cluster Security for Kubernetes 4.11\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:advanced_cluster_security:4.11::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Advanced Cluster Security for Kubernetes 4.9\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:advanced_cluster_security:4.9::el8\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift Builds 1.7.4\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openshift_builds:1.7::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Assisted Installer for Red Hat OpenShift Container Platform 2\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:assisted_installer:2\"]},{\"vendor\":\"Red Hat\",\"product\":\"cert-manager Operator for Red Hat OpenShift\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:cert_manager:1\"]},{\"vendor\":\"Red Hat\",\"product\":\"Confidential Compute Attestation\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:confidential_compute_attestation:1\"]},{\"vendor\":\"Red Hat\",\"product\":\"Cryostat 4\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:cryostat:4\"]},{\"vendor\":\"Red Hat\",\"product\":\"External Secrets Operator for Red Hat OpenShift\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:external_secrets_operator:1\"]},{\"vendor\":\"Red Hat\",\"product\":\"Multicluster Engine for Kubernetes\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:multicluster_engine\"]},{\"vendor\":\"Red Hat\",\"product\":\"OpenShift API for Data Protection\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openshift_api_data_protection:1\"]},{\"vendor\":\"Red Hat\",\"product\":\"OpenShift Pipelines\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openshift_pipelines:1\"]},{\"vendor\":\"Red Hat\",\"product\":\"OpenShift Serverless\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:serverless:1\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Advanced Cluster Management for Kubernetes 2\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:acm:2\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Advanced Cluster Security 4\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:advanced_cluster_security:4\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Ceph Storage 9\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:ceph_storage:9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Edge Manager 1\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:edge_manager:1\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux 10\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/o:redhat:enterprise_linux:10\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux 9\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/o:redhat:enterprise_linux:9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift AI (RHOAI)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openshift_ai\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift Container Platform 4\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openshift:4\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift Dev Spaces\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openshift_devspaces:3\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift Dev Workspaces Operator\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:devworkspace\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift for Windows Containers\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:windows_machine_config\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift GitOps\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openshift_gitops:1\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift on AWS\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openshift_service_on_aws:1\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift Virtualization 4\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:container_native_virtualization:4\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenStack Platform 16.2\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openstack:16.2\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenStack Platform 17.1\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openstack:17.1\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Quay 3\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:quay:3\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Trusted Artifact Signer\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:trusted_artifact_signer:1\"]},{\"vendor\":\"Red Hat\",\"product\":\"Security Profiles Operator\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openshift_security_profiles_operator:1\"]},{\"vendor\":\"Red Hat\",\"product\":\"Zero Trust Workload Identity Manager\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:zero_trust_workload_identity_manager:1\"]},{\"vendor\":\"Red Hat\",\"product\":\"Zero Trust Workload Identity Manager - Tech Preview\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:zero_trust_workload_identity_manager:0\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Openshift Data Foundation 4\",\"defaultStatus\":\"unaffected\",\"cpes\":[\"cpe:/a:redhat:openshift_data_foundation:4\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenStack Platform 18.0\",\"defaultStatus\":\"unaffected\",\"cpes\":[\"cpe:/a:redhat:openstack:18.0\"]}]}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H\",\"baseScore\":9.1,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.2},{\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"ssvcV203\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"ssvcData\":{\"timestamp\":\"2026-05-22T18:54:26.306252Z\",\"id\":\"CVE-2026-39830\",\"options\":[{\"exploitation\":\"none\"},{\"automatable\":\"yes\"},{\"technicalImpact\":\"partial\"}],\"role\":\"CISA Coordinator\",\"version\":\"2.0.3\"}}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-119\"}]},{\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-772\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:golang:crypto:*:*:*:*:*:go:*:*\",\"versionEndExcluding\":\"0.52.0\",\"matchCriteriaId\":\"D540395B-31B8-4B07-8F79-F5C631BBD5C8\"}]}]}],\"references\":[{\"url\":\"https://go.dev/cl/781640\",\"source\":\"security@golang.org\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://go.dev/cl/781664\",\"source\":\"security@golang.org\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://go.dev/issue/79564\",\"source\":\"security@golang.org\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://groups.google.com/g/golang-announce/c/a082jnz-LvI\",\"source\":\"security@golang.org\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://pkg.go.dev/vuln/GO-2026-5017\",\"source\":\"security@golang.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:29455\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:35833\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:36199\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:36207\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:36319\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:36625\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:36648\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/security/cve/CVE-2026-39830\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=2480684\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-39830.json\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Service via resource leak from unsolicited SSH responses\", \"metrics\": [{\"other\": {\"type\": \"Red Hat severity rating\", \"content\": {\"value\": \"Important\", \"namespace\": \"https://access.redhat.com/security/updates/classification/\"}}}, {\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}}], \"affected\": [{\"cpes\": [\"cpe:/a:redhat:enterprise_linux:8::appstream\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux AppStream (v. 8)\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:enterprise_linux:9::appstream\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux AppStream (v. 9)\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:assisted_installer:2\"], \"vendor\": \"Red Hat\", \"product\": \"Assisted Installer for Red Hat OpenShift Container Platform 2\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift_builds:1\"], \"vendor\": \"Red Hat\", \"product\": \"Builds for Red Hat OpenShift\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:cert_manager:1\"], \"vendor\": \"Red Hat\", \"product\": \"cert-manager Operator for Red Hat OpenShift\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:confidential_compute_attestation:1\"], \"vendor\": \"Red Hat\", \"product\": \"Confidential Compute Attestation\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:cryostat:4\"], \"vendor\": \"Red Hat\", \"product\": \"Cryostat 4\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:external_secrets_operator:1\"], \"vendor\": \"Red Hat\", \"product\": \"External Secrets Operator for Red Hat OpenShift\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:multicluster_engine\"], \"vendor\": \"Red Hat\", \"product\": \"Multicluster Engine for Kubernetes\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift_api_data_protection:1\"], \"vendor\": \"Red Hat\", \"product\": \"OpenShift API for Data Protection\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift_pipelines:1\"], \"vendor\": \"Red Hat\", \"product\": \"OpenShift Pipelines\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:serverless:1\"], \"vendor\": \"Red Hat\", \"product\": \"OpenShift Serverless\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:acm:2\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Advanced Cluster Management for Kubernetes 2\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:advanced_cluster_security:4\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Advanced Cluster Security 4\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:ceph_storage:9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Ceph Storage 9\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:edge_manager:1\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Edge Manager 1\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/o:redhat:enterprise_linux:10\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 10\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/o:redhat:enterprise_linux:9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 9\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift_ai\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift AI (RHOAI)\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift:4\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift Container Platform 4\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift_devspaces:3\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift Dev Spaces\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:devworkspace\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift Dev Workspaces Operator\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:windows_machine_config\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift for Windows Containers\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift_gitops:1\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift GitOps\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift_service_on_aws:1\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift on AWS\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:container_native_virtualization:4\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift Virtualization 4\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openstack:16.2\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenStack Platform 16.2\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openstack:17.1\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenStack Platform 17.1\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:quay:3\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Quay 3\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:trusted_artifact_signer:1\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Trusted Artifact Signer\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift_security_profiles_operator:1\"], \"vendor\": \"Red Hat\", \"product\": \"Security Profiles Operator\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:zero_trust_workload_identity_manager:1\"], \"vendor\": \"Red Hat\", \"product\": \"Zero Trust Workload Identity Manager\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:zero_trust_workload_identity_manager:0\"], \"vendor\": \"Red Hat\", \"product\": \"Zero Trust Workload Identity Manager - Tech Preview\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift_data_foundation:4\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Openshift Data Foundation 4\", \"defaultStatus\": \"unaffected\"}, {\"cpes\": [\"cpe:/a:redhat:openstack:18.0\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenStack Platform 18.0\", \"defaultStatus\": \"unaffected\"}], \"timeline\": [{\"lang\": \"en\", \"time\": \"2026-05-22T04:01:38.517Z\", \"value\": \"Reported to Red Hat.\"}, {\"lang\": \"en\", \"time\": \"2026-05-22T02:31:27.208Z\", \"value\": \"Made public.\"}], \"solutions\": [{\"lang\": \"en\", \"value\": \"RHSA-2026:35833: Red Hat Enterprise Linux AppStream (v. 8)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:29455: Red Hat Enterprise Linux AppStream (v. 9)\"}], \"x_adpType\": \"supplier\", \"datePublic\": \"2026-05-22T02:31:27.208Z\", \"references\": [{\"url\": \"https://access.redhat.com/security/cve/CVE-2026-39830\", \"tags\": [\"vdb-entry\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=2480684\", \"name\": \"RHBZ#2480684\", \"tags\": [\"issue-tracking\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-39830.json\", \"tags\": [\"x_sadp-csaf-vex\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:35833\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:29455\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}], \"workarounds\": [{\"lang\": \"en\", \"value\": \"To mitigate this denial of service vulnerability, restrict network access to any service that utilizes the `golang.org/x/crypto/ssh` library and is exposed to untrusted networks. Implement firewall rules to allow connections only from trusted hosts or networks. This action limits the ability of malicious peers to send unsolicited global request responses. A restart of the affected service may be necessary for the new network rules to be applied effectively.\"}], \"x_generator\": {\"engine\": \"sadp-cli 1.0.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"A flaw was found in golang.org/x/crypto/ssh. A remote malicious SSH peer can exploit this by sending unsolicited global request responses, which fills an internal buffer and blocks the connection\u0027s read loop. This prevents the associated resources from being released, leading to a resource leak per connection. The consequence is a Denial of Service (DoS) for the affected system.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-772\", \"description\": \"Missing Release of Resource after Effective Lifetime\"}]}], \"providerMetadata\": {\"orgId\": \"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\", \"shortName\": \"redhat-SADP\", \"dateUpdated\": \"2026-07-07T12:04:46.932Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 9.1, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"CRITICAL\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-39830\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-05-22T18:54:26.306252Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-05-22T18:54:49.174Z\"}}], \"cna\": {\"title\": \"Invoking client can cause server deadlock on unexpected responses in golang.org/x/crypto/ssh\", \"credits\": [{\"lang\": \"en\", \"value\": \"NCC Group Cryptography Services, sponsored by Teleport\"}], \"affected\": [{\"vendor\": \"golang.org/x/crypto\", \"product\": \"golang.org/x/crypto/ssh\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"0.52.0\", \"versionType\": \"semver\"}], \"packageName\": \"golang.org/x/crypto/ssh\", \"collectionURL\": \"https://pkg.go.dev\", \"defaultStatus\": \"unaffected\", \"programRoutines\": [{\"name\": \"mux.SendRequest\"}, {\"name\": \"mux.handleGlobalPacket\"}, {\"name\": \"channel.handlePacket\"}, {\"name\": \"channel.SendRequest\"}, {\"name\": \"Client.Listen\"}, {\"name\": \"Client.ListenTCP\"}, {\"name\": \"Client.ListenUnix\"}, {\"name\": \"Dial\"}, {\"name\": \"NewClientConn\"}, {\"name\": \"NewServerConn\"}, {\"name\": \"Session.CombinedOutput\"}, {\"name\": \"Session.Output\"}, {\"name\": \"Session.RequestPty\"}, {\"name\": \"Session.RequestSubsystem\"}, {\"name\": \"Session.Run\"}, {\"name\": \"Session.SendRequest\"}, {\"name\": \"Session.Setenv\"}, {\"name\": \"Session.Shell\"}, {\"name\": \"Session.Signal\"}, {\"name\": \"Session.Start\"}, {\"name\": \"Session.WindowChange\"}, {\"name\": \"tcpListener.Close\"}, {\"name\": \"unixListener.Close\"}]}], \"references\": [{\"url\": \"https://go.dev/issue/79564\"}, {\"url\": \"https://groups.google.com/g/golang-announce/c/a082jnz-LvI\"}, {\"url\": \"https://go.dev/cl/781640\"}, {\"url\": \"https://go.dev/cl/781664\"}, {\"url\": \"https://pkg.go.dev/vuln/GO-2026-5017\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"A malicious SSH peer could send unsolicited global request responses to fill an internal buffer, blocking the connection\u0027s read loop. The blocked goroutine could not be released by calling Close(), resulting in a resource leak per connection. Unsolicited global responses are now discarded.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"description\": \"CWE-833: Deadlock\"}]}], \"providerMetadata\": {\"orgId\": \"1bb62c36-49e3-4200-9d77-64a1400537cc\", \"shortName\": \"Go\", \"dateUpdated\": \"2026-05-22T02:31:27.208Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2026-39830\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-07-07T12:04:46.932Z\", \"dateReserved\": \"2026-04-07T18:13:03.528Z\", \"assignerOrgId\": \"1bb62c36-49e3-4200-9d77-64a1400537cc\", \"datePublished\": \"2026-05-22T02:31:27.208Z\", \"assignerShortName\": \"Go\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
RHSA-2026:36797
Vulnerability from csaf_redhat - Published: 2026-07-08 15:46 - Updated: 2026-07-08 23:34A flaw was found in the `crypto/x509` package of `golang`. This vulnerability allows a remote attacker to cause a Denial of Service (DoS) by presenting a specially crafted X.509 certificate with a large number of DNS Subject Alternative Name (SAN) entries. The certificate verification process, specifically the `VerifyHostname` function, incurs excessive computational overhead due to repeated string operations when processing these entries. This can lead to a significant performance degradation or unresponsiveness of systems validating such certificates.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@amd64_darwin | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@amd64_windows | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@arm64_darwin | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@s390x | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@amd64_darwin | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@amd64_windows | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@arm64_darwin | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@amd64_darwin | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@amd64_windows | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@arm64_darwin | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@amd64_darwin | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@amd64_windows | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@arm64_darwin | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@amd64_darwin | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@amd64_windows | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@arm64_darwin | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@amd64_darwin | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@amd64_windows | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@arm64_darwin | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@amd64_darwin | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@amd64_windows | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@arm64_darwin | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:tuftool-cli-stack-v1-4@amd64 | — |
Workaround
|
A flaw was found in the `net` package of Go (golang), specifically when using the `LookupCNAME` function with the `cgo` DNS resolver. A remote attacker could exploit this by providing a very long Canonical Name (CNAME) response. This can trigger a double-free of C memory, leading to a crash and a Denial of Service (DoS) for the affected application.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@amd64_darwin | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@amd64_windows | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@arm64_darwin | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@s390x | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@amd64_darwin | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@amd64_windows | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@arm64_darwin | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@amd64_darwin | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@amd64_windows | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@arm64_darwin | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@amd64_darwin | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@amd64_windows | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@arm64_darwin | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@amd64_darwin | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@amd64_windows | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@arm64_darwin | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@amd64_darwin | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@amd64_windows | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@arm64_darwin | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@amd64_darwin | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@amd64_windows | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@arm64_darwin | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:tuftool-cli-stack-v1-4@amd64 | — |
Workaround
|
A flaw was found in the `net/mail` package of the Go programming language. An attacker could provide specially crafted inputs to the `ParseAddress`, `ParseAddressList`, or `ParseDate` functions. This could lead to excessive consumption of CPU and memory resources, resulting in a Denial of Service (DoS) for applications processing these inputs.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@amd64_darwin | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@amd64_windows | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@arm64_darwin | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@s390x | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@amd64_darwin | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@amd64_windows | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@arm64_darwin | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@amd64_darwin | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@amd64_windows | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@arm64_darwin | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@amd64_darwin | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@amd64_windows | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@arm64_darwin | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@amd64_darwin | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@amd64_windows | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@arm64_darwin | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@amd64_darwin | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@amd64_windows | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@arm64_darwin | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@amd64_darwin | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@amd64_windows | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@arm64_darwin | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:tuftool-cli-stack-v1-4@amd64 | — |
Workaround
|
A flaw was found in golang.org/x/net/idna. ToASCII and ToUnicode incorrectly accept Punycode-encoded labels that decode to an ASCII-only hostname (for example, xn--example-.com returns example.com instead of an error). Applications that validate the ASCII form then convert to Unicode may grant access to a restricted hostname the ASCII check would have rejected.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@amd64_darwin | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@amd64_windows | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@arm64_darwin | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@s390x | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@amd64_darwin | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@amd64_windows | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@arm64_darwin | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@amd64_darwin | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@amd64_windows | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@arm64_darwin | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@amd64_darwin | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@amd64_windows | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@arm64_darwin | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@amd64_darwin | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@amd64_windows | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@arm64_darwin | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@amd64_darwin | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@amd64_windows | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@arm64_darwin | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@amd64_darwin | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@amd64_windows | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@arm64_darwin | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:tuftool-cli-stack-v1-4@amd64 | — |
Workaround
|
A flaw was found in golang.org/x/crypto/ssh. A remote attacker could exploit this vulnerability when an SSH server authentication callback returned a PartialSuccessError with non-nil permissions. This flaw caused these permissions to be silently discarded, potentially bypassing certificate restrictions, such as a force-command, after a second authentication factor succeeded. This could lead to unauthorized command execution or access.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@amd64_darwin | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@amd64_windows | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@arm64_darwin | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@s390x | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@amd64_darwin | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@amd64_windows | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@arm64_darwin | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@amd64_darwin | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@amd64_windows | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@arm64_darwin | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@amd64_darwin | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@amd64_windows | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@arm64_darwin | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@amd64_darwin | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@amd64_windows | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@arm64_darwin | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@amd64_darwin | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@amd64_windows | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@arm64_darwin | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@amd64_darwin | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@amd64_windows | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@arm64_darwin | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:tuftool-cli-stack-v1-4@amd64 | — |
Workaround
|
A flaw was found in golang.org/x/crypto/ssh. The RSA and DSA public key parsers in the affected component did not enforce size limits on key parameters. This vulnerability allows an unauthenticated client to provide a crafted public key with an excessively large modulus or DSA parameter during public key authentication. Successful exploitation could lead to a denial of service (DoS) due to prolonged CPU consumption during signature verification.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@amd64_darwin | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@amd64_windows | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@arm64_darwin | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@s390x | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@amd64_darwin | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@amd64_windows | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@arm64_darwin | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@amd64_darwin | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@amd64_windows | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@arm64_darwin | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@amd64_darwin | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@amd64_windows | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@arm64_darwin | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@amd64_darwin | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@amd64_windows | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@arm64_darwin | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@amd64_darwin | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@amd64_windows | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@arm64_darwin | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@amd64_darwin | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@amd64_windows | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@arm64_darwin | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:tuftool-cli-stack-v1-4@amd64 | — |
Workaround
|
A flaw was found in golang.org/x/crypto/ssh. A remote malicious SSH peer can exploit this by sending unsolicited global request responses, which fills an internal buffer and blocks the connection's read loop. This prevents the associated resources from being released, leading to a resource leak per connection. The consequence is a Denial of Service (DoS) for the affected system.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@amd64_darwin | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@amd64_windows | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@arm64_darwin | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@s390x | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@amd64_darwin | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@amd64_windows | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@arm64_darwin | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@amd64_darwin | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@amd64_windows | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@arm64_darwin | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@amd64_darwin | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@amd64_windows | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@arm64_darwin | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@amd64_darwin | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@amd64_windows | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@arm64_darwin | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@amd64_darwin | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@amd64_windows | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@arm64_darwin | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@amd64_darwin | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@amd64_windows | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@arm64_darwin | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:tuftool-cli-stack-v1-4@amd64 | — |
Workaround
|
A flaw was found in golang.org/x/crypto/ssh/agent. When a key was added to a remote agent, security restrictions, known as constraint extensions, were not properly processed during the request. This allowed these restrictions to be silently removed when keys were forwarded, leading to the unrestricted use of the key on the remote host. This vulnerability could enable an attacker to bypass intended security controls and perform unauthorized actions.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@amd64_darwin | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@amd64_windows | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@arm64_darwin | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@s390x | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@amd64_darwin | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@amd64_windows | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@arm64_darwin | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@amd64_darwin | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@amd64_windows | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@arm64_darwin | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@amd64_darwin | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@amd64_windows | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@arm64_darwin | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@amd64_darwin | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@amd64_windows | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@arm64_darwin | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@amd64_darwin | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@amd64_windows | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@arm64_darwin | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@amd64_darwin | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@amd64_windows | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@arm64_darwin | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:tuftool-cli-stack-v1-4@amd64 | — |
Workaround
|
A flaw was found in golang.org/x/crypto/ssh/agent. The NewKeyring() function, which creates an in-memory keyring, failed to enforce the ConfirmBeforeUse constraint on keys. This allowed keys configured to require user confirmation before use to perform signing operations without any prompt or indication to the user. Consequently, an attacker could potentially bypass intended security controls, leading to unauthorized cryptographic signing actions.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@amd64_darwin | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@amd64_windows | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@arm64_darwin | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@s390x | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@amd64_darwin | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@amd64_windows | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@arm64_darwin | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@amd64_darwin | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@amd64_windows | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@arm64_darwin | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@amd64_darwin | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@amd64_windows | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@arm64_darwin | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@amd64_darwin | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@amd64_windows | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@arm64_darwin | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@amd64_darwin | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@amd64_windows | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@arm64_darwin | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@amd64_darwin | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@amd64_windows | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@arm64_darwin | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:tuftool-cli-stack-v1-4@amd64 | — |
Workaround
|
A flaw was found in golang.org/x/crypto/ssh. SSH servers configured to use CertChecker as a public key callback, without explicitly setting IsUserAuthority or IsHostAuthority, are vulnerable. A remote attacker can exploit this by presenting a specially crafted certificate, causing the server to panic and resulting in a Denial of Service (DoS).
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@amd64_darwin | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@amd64_windows | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@arm64_darwin | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@s390x | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@amd64_darwin | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@amd64_windows | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@arm64_darwin | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@amd64_darwin | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@amd64_windows | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@arm64_darwin | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@amd64_darwin | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@amd64_windows | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@arm64_darwin | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@amd64_darwin | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@amd64_windows | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@arm64_darwin | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@amd64_darwin | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@amd64_windows | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@arm64_darwin | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@amd64_darwin | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@amd64_windows | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@arm64_darwin | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:tuftool-cli-stack-v1-4@amd64 | — |
Workaround
|
A flaw was found in Prometheus, an open-source monitoring system. The `client_secret` field within the Azure Active Directory (AD) remote write OAuth configuration was incorrectly handled as a plain string instead of a secure Secret type. This misconfiguration allowed any user or process with access to the `/-/config` HTTP API endpoint to view the Azure OAuth client secret in plaintext. This vulnerability leads to information disclosure, potentially compromising the security of integrated Azure AD services.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@amd64_darwin | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@amd64_windows | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@arm64_darwin | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@s390x | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@amd64 | — | ||
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@amd64_darwin | — | ||
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@amd64_windows | — | ||
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@arm64 | — | ||
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@arm64_darwin | — | ||
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@ppc64le | — | ||
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@s390x | — | ||
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@amd64 | — | ||
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@amd64_darwin | — | ||
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@amd64_windows | — | ||
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@arm64 | — | ||
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@arm64_darwin | — | ||
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@ppc64le | — | ||
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@s390x | — | ||
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@amd64 | — | ||
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@amd64_darwin | — | ||
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@amd64_windows | — | ||
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@arm64 | — | ||
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@arm64_darwin | — | ||
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@ppc64le | — | ||
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@s390x | — | ||
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@amd64 | — | ||
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@amd64_darwin | — | ||
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@amd64_windows | — | ||
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@arm64 | — | ||
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@arm64_darwin | — | ||
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@ppc64le | — | ||
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@s390x | — | ||
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@amd64 | — | ||
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@amd64_darwin | — | ||
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@amd64_windows | — | ||
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@arm64 | — | ||
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@arm64_darwin | — | ||
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@ppc64le | — | ||
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@s390x | — | ||
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@amd64 | — | ||
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@amd64_darwin | — | ||
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@amd64_windows | — | ||
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@arm64 | — | ||
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@arm64_darwin | — | ||
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@ppc64le | — | ||
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@s390x | — | ||
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:tuftool-cli-stack-v1-4@amd64 | — |
A flaw was found in the `net/mail` package within the Go standard library. A remote attacker could provide specially crafted, pathological email addresses. When these malformed email addresses are parsed by the `consumePhrase` function, it can lead to excessive resource consumption due to quadratic string concatenation, resulting in a Denial of Service (DoS) condition.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@amd64_darwin | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@amd64_windows | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@arm64_darwin | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@s390x | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@amd64_darwin | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@amd64_windows | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@arm64_darwin | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@amd64_darwin | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@amd64_windows | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@arm64_darwin | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@amd64_darwin | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@amd64_windows | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@arm64_darwin | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@amd64_darwin | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@amd64_windows | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@arm64_darwin | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@amd64_darwin | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@amd64_windows | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@arm64_darwin | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@amd64_darwin | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@amd64_windows | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@arm64_darwin | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:tuftool-cli-stack-v1-4@amd64 | — |
Workaround
|
A flaw was found in golang.org/x/crypto/ssh/knownhosts. This vulnerability occurs because the system did not correctly check for the revocation status of a SignatureKey belonging to a Certificate Authority (CA). A remote attacker could potentially exploit this by presenting a revoked key, leading to the system accepting it as valid. This could allow an attacker to bypass security checks and potentially gain unauthorized access or spoof legitimate entities.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@amd64_darwin | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@amd64_windows | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@arm64_darwin | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@s390x | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@amd64 | — | ||
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@amd64_darwin | — | ||
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@amd64_windows | — | ||
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@arm64 | — | ||
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@arm64_darwin | — | ||
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@ppc64le | — | ||
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@s390x | — | ||
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@amd64 | — | ||
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@amd64_darwin | — | ||
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@amd64_windows | — | ||
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@arm64 | — | ||
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@arm64_darwin | — | ||
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@ppc64le | — | ||
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@s390x | — | ||
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@amd64 | — | ||
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@amd64_darwin | — | ||
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@amd64_windows | — | ||
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@arm64 | — | ||
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@arm64_darwin | — | ||
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@ppc64le | — | ||
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@s390x | — | ||
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@amd64 | — | ||
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@amd64_darwin | — | ||
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@amd64_windows | — | ||
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@arm64 | — | ||
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@arm64_darwin | — | ||
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@ppc64le | — | ||
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@s390x | — | ||
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@amd64 | — | ||
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@amd64_darwin | — | ||
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@amd64_windows | — | ||
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@arm64 | — | ||
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@arm64_darwin | — | ||
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@ppc64le | — | ||
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@s390x | — | ||
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@amd64 | — | ||
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@amd64_darwin | — | ||
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@amd64_windows | — | ||
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@arm64 | — | ||
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@arm64_darwin | — | ||
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@ppc64le | — | ||
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@s390x | — | ||
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:tuftool-cli-stack-v1-4@amd64 | — |
A flaw was found in golang.org/x/crypto/ssh. Source-address validation can be skipped when an SSH server configuration uses an authentication callback type other than public key, allowing authorization bypass in misconfigured servers. This is a follow-on to incomplete coverage from the CVE-2024-45337 fix.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@amd64_darwin | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@amd64_windows | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@arm64_darwin | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@s390x | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@amd64_darwin | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@amd64_windows | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@arm64_darwin | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@amd64_darwin | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@amd64_windows | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@arm64_darwin | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@amd64_darwin | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@amd64_windows | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@arm64_darwin | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@amd64_darwin | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@amd64_windows | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@arm64_darwin | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@amd64_darwin | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@amd64_windows | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@arm64_darwin | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@amd64_darwin | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@amd64_windows | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@arm64_darwin | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:tuftool-cli-stack-v1-4@amd64 | — |
Workaround
|
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "The 1.4.2 release of the RHTAS CLIs.\nFor more details please visit the product documentation at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.4",
"title": "Topic"
},
{
"category": "general",
"text": "The RHTAS CLI Stack images for RHTAS 1.4.2",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:36797",
"url": "https://access.redhat.com/errata/RHSA-2026:36797"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.4",
"url": "https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.4"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.4/html-single/release_notes/index",
"url": "https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.4/html-single/release_notes/index"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-27145",
"url": "https://access.redhat.com/security/cve/CVE-2026-27145"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-33811",
"url": "https://access.redhat.com/security/cve/CVE-2026-33811"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-39820",
"url": "https://access.redhat.com/security/cve/CVE-2026-39820"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-39821",
"url": "https://access.redhat.com/security/cve/CVE-2026-39821"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-39828",
"url": "https://access.redhat.com/security/cve/CVE-2026-39828"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-39829",
"url": "https://access.redhat.com/security/cve/CVE-2026-39829"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-39830",
"url": "https://access.redhat.com/security/cve/CVE-2026-39830"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-39832",
"url": "https://access.redhat.com/security/cve/CVE-2026-39832"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-39833",
"url": "https://access.redhat.com/security/cve/CVE-2026-39833"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-39835",
"url": "https://access.redhat.com/security/cve/CVE-2026-39835"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-42151",
"url": "https://access.redhat.com/security/cve/CVE-2026-42151"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-42499",
"url": "https://access.redhat.com/security/cve/CVE-2026-42499"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-42508",
"url": "https://access.redhat.com/security/cve/CVE-2026-42508"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-46595",
"url": "https://access.redhat.com/security/cve/CVE-2026-46595"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_36797.json"
}
],
"title": "Red Hat Security Advisory: RHTAS 1.4.2 - CLI Stack Release",
"tracking": {
"current_release_date": "2026-07-08T23:34:09+00:00",
"generator": {
"date": "2026-07-08T23:34:09+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.1"
}
},
"id": "RHSA-2026:36797",
"initial_release_date": "2026-07-08T15:46:32+00:00",
"revision_history": [
{
"date": "2026-07-08T15:46:32+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-07-08T15:46:42+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-07-08T23:34:09+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Trusted Artifact Signer 1.4",
"product": {
"name": "Red Hat Trusted Artifact Signer 1.4",
"product_id": "Red Hat Trusted Artifact Signer 1.4",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:trusted_artifact_signer:1.4::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat Trusted Artifact Signer"
},
{
"branches": [
{
"category": "product_version",
"name": "conforma-cli-stack-v1-4@amd64_darwin",
"product": {
"name": "conforma-cli-stack-v1-4@amd64_darwin",
"product_id": "conforma-cli-stack-v1-4@amd64_darwin",
"product_identification_helper": {
"purl": "pkg:generic/conforma-cli-stack-v1-4@1.4.2?filename=ec_darwin_amd64.tar.gz\u0026checksum=sha256:0344b4e6a24947a5d5bb150114c457c99c7c1f4b987b7325c599103b2620f0b1\u0026download_url=https://developers.qa.redhat.com/products"
}
}
},
{
"category": "product_version",
"name": "cosign-cli-stack-v1-4@amd64_darwin",
"product": {
"name": "cosign-cli-stack-v1-4@amd64_darwin",
"product_id": "cosign-cli-stack-v1-4@amd64_darwin",
"product_identification_helper": {
"purl": "pkg:generic/cosign-cli-stack-v1-4@1.4.2?filename=cosign_darwin_amd64.tar.gz\u0026checksum=sha256:8eea0dd7273667cb6a00783550f90598569988533d1df3e9ead97062f52c3ad0\u0026download_url=https://developers.qa.redhat.com/products"
}
}
},
{
"category": "product_version",
"name": "fetch-tsa-certs-cli-stack-v1-4@amd64_darwin",
"product": {
"name": "fetch-tsa-certs-cli-stack-v1-4@amd64_darwin",
"product_id": "fetch-tsa-certs-cli-stack-v1-4@amd64_darwin",
"product_identification_helper": {
"purl": "pkg:generic/fetch-tsa-certs-cli-stack-v1-4@1.4.2?filename=fetch_tsa_certs_darwin_amd64.tar.gz\u0026checksum=sha256:cc3daa1b5f8a0154f2ede5fec3c9d9755f6f8bafd44aac6801f61d3788b0a852\u0026download_url=https://developers.qa.redhat.com/products"
}
}
},
{
"category": "product_version",
"name": "gitsign-cli-stack-v1-4@amd64_darwin",
"product": {
"name": "gitsign-cli-stack-v1-4@amd64_darwin",
"product_id": "gitsign-cli-stack-v1-4@amd64_darwin",
"product_identification_helper": {
"purl": "pkg:generic/gitsign-cli-stack-v1-4@1.4.2?filename=gitsign_cli_darwin_amd64.tar.gz\u0026checksum=sha256:40a44daf09563a272b303a57306fce013945da9e9267da5c0095ba30fe1ac954\u0026download_url=https://developers.qa.redhat.com/products"
}
}
},
{
"category": "product_version",
"name": "model-transparency-cli-stack-v1-4@amd64_darwin",
"product": {
"name": "model-transparency-cli-stack-v1-4@amd64_darwin",
"product_id": "model-transparency-cli-stack-v1-4@amd64_darwin",
"product_identification_helper": {
"purl": "pkg:generic/model-transparency-cli-stack-v1-4@1.4.2?filename=model_transparency_cli_darwin_amd64.tar.gz\u0026checksum=sha256:9d8083d8956c3a5b6af761879ae66699f09be16b5a2d46d0829f0369e722bbc3\u0026download_url=https://developers.qa.redhat.com/products"
}
}
},
{
"category": "product_version",
"name": "rekor-cli-stack-v1-4@amd64_darwin",
"product": {
"name": "rekor-cli-stack-v1-4@amd64_darwin",
"product_id": "rekor-cli-stack-v1-4@amd64_darwin",
"product_identification_helper": {
"purl": "pkg:generic/rekor-cli-stack-v1-4@1.4.2?filename=rekor_cli_darwin_amd64.tar.gz\u0026checksum=sha256:d026b169014317d85fc71bef3ca52fdf421b57248479413097853e47118de188\u0026download_url=https://developers.qa.redhat.com/products"
}
}
},
{
"category": "product_version",
"name": "trillian-cli-stack-v1-4@amd64_darwin",
"product": {
"name": "trillian-cli-stack-v1-4@amd64_darwin",
"product_id": "trillian-cli-stack-v1-4@amd64_darwin",
"product_identification_helper": {
"purl": "pkg:generic/trillian-cli-stack-v1-4@1.4.2?filename=updatetree_darwin_amd64.tar.gz\u0026checksum=sha256:d11811c053131069d6a7937f2ee81aacf29aa5e0dc0e4fc2c21fcf219b4c1384\u0026download_url=https://developers.qa.redhat.com/products"
}
}
}
],
"category": "architecture",
"name": "amd64_darwin"
},
{
"branches": [
{
"category": "product_version",
"name": "conforma-cli-stack-v1-4@arm64_darwin",
"product": {
"name": "conforma-cli-stack-v1-4@arm64_darwin",
"product_id": "conforma-cli-stack-v1-4@arm64_darwin",
"product_identification_helper": {
"purl": "pkg:generic/conforma-cli-stack-v1-4@1.4.2?filename=ec_darwin_arm64.tar.gz\u0026checksum=sha256:f15eb4c22d7a540a06aa2042fe689924606fa28c9c20a8d645619f4e3de5a449\u0026download_url=https://developers.qa.redhat.com/products"
}
}
},
{
"category": "product_version",
"name": "cosign-cli-stack-v1-4@arm64_darwin",
"product": {
"name": "cosign-cli-stack-v1-4@arm64_darwin",
"product_id": "cosign-cli-stack-v1-4@arm64_darwin",
"product_identification_helper": {
"purl": "pkg:generic/cosign-cli-stack-v1-4@1.4.2?filename=cosign_darwin_arm64.tar.gz\u0026checksum=sha256:32a80cab00f2e3b94dd7614e19ba09d5a94f22c10939ca4ca06fc461e6c4b4ec\u0026download_url=https://developers.qa.redhat.com/products"
}
}
},
{
"category": "product_version",
"name": "fetch-tsa-certs-cli-stack-v1-4@arm64_darwin",
"product": {
"name": "fetch-tsa-certs-cli-stack-v1-4@arm64_darwin",
"product_id": "fetch-tsa-certs-cli-stack-v1-4@arm64_darwin",
"product_identification_helper": {
"purl": "pkg:generic/fetch-tsa-certs-cli-stack-v1-4@1.4.2?filename=fetch_tsa_certs_darwin_arm64.tar.gz\u0026checksum=sha256:1e3c1789230f060f1225182f7f6caec445f7c04f6d9d29078151338654352f5b\u0026download_url=https://developers.qa.redhat.com/products"
}
}
},
{
"category": "product_version",
"name": "gitsign-cli-stack-v1-4@arm64_darwin",
"product": {
"name": "gitsign-cli-stack-v1-4@arm64_darwin",
"product_id": "gitsign-cli-stack-v1-4@arm64_darwin",
"product_identification_helper": {
"purl": "pkg:generic/gitsign-cli-stack-v1-4@1.4.2?filename=gitsign_cli_darwin_arm64.tar.gz\u0026checksum=sha256:024e50fa4e9349e0468680ac94e281daefbcda7acc4a14db61052a242ace37a7\u0026download_url=https://developers.qa.redhat.com/products"
}
}
},
{
"category": "product_version",
"name": "model-transparency-cli-stack-v1-4@arm64_darwin",
"product": {
"name": "model-transparency-cli-stack-v1-4@arm64_darwin",
"product_id": "model-transparency-cli-stack-v1-4@arm64_darwin",
"product_identification_helper": {
"purl": "pkg:generic/model-transparency-cli-stack-v1-4@1.4.2?filename=model_transparency_cli_darwin_arm64.tar.gz\u0026checksum=sha256:7b86c47c8564a533fb2a5194306857aa9c2b8fca16f8de9a8e242fa58ce3b700\u0026download_url=https://developers.qa.redhat.com/products"
}
}
},
{
"category": "product_version",
"name": "rekor-cli-stack-v1-4@arm64_darwin",
"product": {
"name": "rekor-cli-stack-v1-4@arm64_darwin",
"product_id": "rekor-cli-stack-v1-4@arm64_darwin",
"product_identification_helper": {
"purl": "pkg:generic/rekor-cli-stack-v1-4@1.4.2?filename=rekor_cli_darwin_arm64.tar.gz\u0026checksum=sha256:7fd467b7fe65bb4294db426efc9bf264bee8e7773341abac7a8503905464e029\u0026download_url=https://developers.qa.redhat.com/products"
}
}
},
{
"category": "product_version",
"name": "trillian-cli-stack-v1-4@arm64_darwin",
"product": {
"name": "trillian-cli-stack-v1-4@arm64_darwin",
"product_id": "trillian-cli-stack-v1-4@arm64_darwin",
"product_identification_helper": {
"purl": "pkg:generic/trillian-cli-stack-v1-4@1.4.2?filename=updatetree_darwin_arm64.tar.gz\u0026checksum=sha256:9a6e31af8de1aecbc209eb371c70cb8a40fa13ac076200c717ef32c52fdf1c32\u0026download_url=https://developers.qa.redhat.com/products"
}
}
}
],
"category": "architecture",
"name": "arm64_darwin"
},
{
"branches": [
{
"category": "product_version",
"name": "conforma-cli-stack-v1-4@amd64",
"product": {
"name": "conforma-cli-stack-v1-4@amd64",
"product_id": "conforma-cli-stack-v1-4@amd64",
"product_identification_helper": {
"purl": "pkg:generic/conforma-cli-stack-v1-4@1.4.2?filename=ec_linux_amd64.tar.gz\u0026checksum=sha256:1ff31ed89331b18828e430c5b8ab74f6af01ce6767796d630b5f3a9b17b28dc6\u0026download_url=https://developers.qa.redhat.com/products"
}
}
},
{
"category": "product_version",
"name": "cosign-cli-stack-v1-4@amd64",
"product": {
"name": "cosign-cli-stack-v1-4@amd64",
"product_id": "cosign-cli-stack-v1-4@amd64",
"product_identification_helper": {
"purl": "pkg:generic/cosign-cli-stack-v1-4@1.4.2?filename=cosign_linux_amd64.tar.gz\u0026checksum=sha256:6b31c7f26dc20a7903ee0ff5fddf9b28f445d25caa4d6cf789ceaa5ca70ce112\u0026download_url=https://developers.qa.redhat.com/products"
}
}
},
{
"category": "product_version",
"name": "fetch-tsa-certs-cli-stack-v1-4@amd64",
"product": {
"name": "fetch-tsa-certs-cli-stack-v1-4@amd64",
"product_id": "fetch-tsa-certs-cli-stack-v1-4@amd64",
"product_identification_helper": {
"purl": "pkg:generic/fetch-tsa-certs-cli-stack-v1-4@1.4.2?filename=fetch_tsa_certs_linux_amd64.tar.gz\u0026checksum=sha256:93720b9c3c48d7f94e885f9250bde724b9ea9f99e9b5c6263746c9d5b94be04e\u0026download_url=https://developers.qa.redhat.com/products"
}
}
},
{
"category": "product_version",
"name": "gitsign-cli-stack-v1-4@amd64",
"product": {
"name": "gitsign-cli-stack-v1-4@amd64",
"product_id": "gitsign-cli-stack-v1-4@amd64",
"product_identification_helper": {
"purl": "pkg:generic/gitsign-cli-stack-v1-4@1.4.2?filename=gitsign_cli_linux_amd64.tar.gz\u0026checksum=sha256:e51c54d5cf34895b8f7c3b391ba7070aac61a557f84f50fb223597412da03414\u0026download_url=https://developers.qa.redhat.com/products"
}
}
},
{
"category": "product_version",
"name": "model-transparency-cli-stack-v1-4@amd64",
"product": {
"name": "model-transparency-cli-stack-v1-4@amd64",
"product_id": "model-transparency-cli-stack-v1-4@amd64",
"product_identification_helper": {
"purl": "pkg:generic/model-transparency-cli-stack-v1-4@1.4.2?filename=model_transparency_cli_pkcs11_linux_amd64.tar.gz\u0026checksum=sha256:cd613b774b604748640e3b70519fbef26f47740e9e615f1806ff168c6be5d423\u0026download_url=https://developers.qa.redhat.com/products"
}
}
},
{
"category": "product_version",
"name": "rekor-cli-stack-v1-4@amd64",
"product": {
"name": "rekor-cli-stack-v1-4@amd64",
"product_id": "rekor-cli-stack-v1-4@amd64",
"product_identification_helper": {
"purl": "pkg:generic/rekor-cli-stack-v1-4@1.4.2?filename=rekor_cli_linux_amd64.tar.gz\u0026checksum=sha256:2b1bebaca059a78c9c6c15941f1a03960cd515bf76fe61dc325b5487c0bf5839\u0026download_url=https://developers.qa.redhat.com/products"
}
}
},
{
"category": "product_version",
"name": "trillian-cli-stack-v1-4@amd64",
"product": {
"name": "trillian-cli-stack-v1-4@amd64",
"product_id": "trillian-cli-stack-v1-4@amd64",
"product_identification_helper": {
"purl": "pkg:generic/trillian-cli-stack-v1-4@1.4.2?filename=updatetree_linux_amd64.tar.gz\u0026checksum=sha256:a9e25e8e3287e4c49d2d5c8d594fd8997c14e9d5f12c19ebe7d2a4be3a367186\u0026download_url=https://developers.qa.redhat.com/products"
}
}
},
{
"category": "product_version",
"name": "tuftool-cli-stack-v1-4@amd64",
"product": {
"name": "tuftool-cli-stack-v1-4@amd64",
"product_id": "tuftool-cli-stack-v1-4@amd64",
"product_identification_helper": {
"purl": "pkg:generic/tuftool-cli-stack-v1-4@1.4.2?filename=tuftool_linux_amd64.tar.gz\u0026checksum=sha256:3a83ac0e1ba4cf6827ff5b38f5f44c94427ef85beb860325e6ccd116a0b60dce\u0026download_url=https://developers.qa.redhat.com/products"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "conforma-cli-stack-v1-4@arm64",
"product": {
"name": "conforma-cli-stack-v1-4@arm64",
"product_id": "conforma-cli-stack-v1-4@arm64",
"product_identification_helper": {
"purl": "pkg:generic/conforma-cli-stack-v1-4@1.4.2?filename=ec_linux_arm64.tar.gz\u0026checksum=sha256:e37f9344035bed820ae772b9f94c1bbc9e3ae8c394f29ceea57e390fd286031d\u0026download_url=https://developers.qa.redhat.com/products"
}
}
},
{
"category": "product_version",
"name": "cosign-cli-stack-v1-4@arm64",
"product": {
"name": "cosign-cli-stack-v1-4@arm64",
"product_id": "cosign-cli-stack-v1-4@arm64",
"product_identification_helper": {
"purl": "pkg:generic/cosign-cli-stack-v1-4@1.4.2?filename=cosign_linux_arm64.tar.gz\u0026checksum=sha256:5038ef7ea154bd08e7625ec77014acbd7cdd1139bcd174242d39064a8b97320c\u0026download_url=https://developers.qa.redhat.com/products"
}
}
},
{
"category": "product_version",
"name": "fetch-tsa-certs-cli-stack-v1-4@arm64",
"product": {
"name": "fetch-tsa-certs-cli-stack-v1-4@arm64",
"product_id": "fetch-tsa-certs-cli-stack-v1-4@arm64",
"product_identification_helper": {
"purl": "pkg:generic/fetch-tsa-certs-cli-stack-v1-4@1.4.2?filename=fetch_tsa_certs_linux_arm64.tar.gz\u0026checksum=sha256:88f469ea1387b26654726e60b9a34cd078cabbc50b45fdbdc3197b83faec324e\u0026download_url=https://developers.qa.redhat.com/products"
}
}
},
{
"category": "product_version",
"name": "gitsign-cli-stack-v1-4@arm64",
"product": {
"name": "gitsign-cli-stack-v1-4@arm64",
"product_id": "gitsign-cli-stack-v1-4@arm64",
"product_identification_helper": {
"purl": "pkg:generic/gitsign-cli-stack-v1-4@1.4.2?filename=gitsign_cli_linux_arm64.tar.gz\u0026checksum=sha256:5bfe15a942a73fec6864df3a2acf02b34947b25aeb022094f9dbc6f32a173af2\u0026download_url=https://developers.qa.redhat.com/products"
}
}
},
{
"category": "product_version",
"name": "model-transparency-cli-stack-v1-4@arm64",
"product": {
"name": "model-transparency-cli-stack-v1-4@arm64",
"product_id": "model-transparency-cli-stack-v1-4@arm64",
"product_identification_helper": {
"purl": "pkg:generic/model-transparency-cli-stack-v1-4@1.4.2?filename=model_transparency_cli_pkcs11_linux_arm64.tar.gz\u0026checksum=sha256:4067226e5e8708b1304349d996d5d004d9f827f8baa64e32759bbb25e5d9e883\u0026download_url=https://developers.qa.redhat.com/products"
}
}
},
{
"category": "product_version",
"name": "rekor-cli-stack-v1-4@arm64",
"product": {
"name": "rekor-cli-stack-v1-4@arm64",
"product_id": "rekor-cli-stack-v1-4@arm64",
"product_identification_helper": {
"purl": "pkg:generic/rekor-cli-stack-v1-4@1.4.2?filename=rekor_cli_linux_arm64.tar.gz\u0026checksum=sha256:5129a9e3adeecb6e1d1ec0346e8bf38f5b19281009b92b45a157b211bc39b809\u0026download_url=https://developers.qa.redhat.com/products"
}
}
},
{
"category": "product_version",
"name": "trillian-cli-stack-v1-4@arm64",
"product": {
"name": "trillian-cli-stack-v1-4@arm64",
"product_id": "trillian-cli-stack-v1-4@arm64",
"product_identification_helper": {
"purl": "pkg:generic/trillian-cli-stack-v1-4@1.4.2?filename=updatetree_linux_arm64.tar.gz\u0026checksum=sha256:2b094f8dbb25de8d4484065c9f3ee819a97fb67fd4d72088256ca0478f8821a7\u0026download_url=https://developers.qa.redhat.com/products"
}
}
}
],
"category": "architecture",
"name": "arm64"
},
{
"branches": [
{
"category": "product_version",
"name": "conforma-cli-stack-v1-4@ppc64le",
"product": {
"name": "conforma-cli-stack-v1-4@ppc64le",
"product_id": "conforma-cli-stack-v1-4@ppc64le",
"product_identification_helper": {
"purl": "pkg:generic/conforma-cli-stack-v1-4@1.4.2?filename=ec_linux_ppc64le.tar.gz\u0026checksum=sha256:2f5cbaabac374a8b61295858bfe984191a881970ebe17be83c3ba35c329fe13a\u0026download_url=https://developers.qa.redhat.com/products"
}
}
},
{
"category": "product_version",
"name": "cosign-cli-stack-v1-4@ppc64le",
"product": {
"name": "cosign-cli-stack-v1-4@ppc64le",
"product_id": "cosign-cli-stack-v1-4@ppc64le",
"product_identification_helper": {
"purl": "pkg:generic/cosign-cli-stack-v1-4@1.4.2?filename=cosign_linux_ppc64le.tar.gz\u0026checksum=sha256:f3a5b8bd3928810ff4cd3469bd1b2c02c5310c0e9407477ac6ba38ce3b09fbb4\u0026download_url=https://developers.qa.redhat.com/products"
}
}
},
{
"category": "product_version",
"name": "fetch-tsa-certs-cli-stack-v1-4@ppc64le",
"product": {
"name": "fetch-tsa-certs-cli-stack-v1-4@ppc64le",
"product_id": "fetch-tsa-certs-cli-stack-v1-4@ppc64le",
"product_identification_helper": {
"purl": "pkg:generic/fetch-tsa-certs-cli-stack-v1-4@1.4.2?filename=fetch_tsa_certs_linux_ppc64le.tar.gz\u0026checksum=sha256:25f972648cb2323dba8f825580d6b2de1e88db333c6ed78ad9832a094ea5dcad\u0026download_url=https://developers.qa.redhat.com/products"
}
}
},
{
"category": "product_version",
"name": "gitsign-cli-stack-v1-4@ppc64le",
"product": {
"name": "gitsign-cli-stack-v1-4@ppc64le",
"product_id": "gitsign-cli-stack-v1-4@ppc64le",
"product_identification_helper": {
"purl": "pkg:generic/gitsign-cli-stack-v1-4@1.4.2?filename=gitsign_cli_linux_ppc64le.tar.gz\u0026checksum=sha256:99ed9ec270447d3b009e0ecf57e71620f39868e8b56d9c9be0bf239e5f07bf39\u0026download_url=https://developers.qa.redhat.com/products"
}
}
},
{
"category": "product_version",
"name": "model-transparency-cli-stack-v1-4@ppc64le",
"product": {
"name": "model-transparency-cli-stack-v1-4@ppc64le",
"product_id": "model-transparency-cli-stack-v1-4@ppc64le",
"product_identification_helper": {
"purl": "pkg:generic/model-transparency-cli-stack-v1-4@1.4.2?filename=model_transparency_cli_pkcs11_linux_ppc64le.tar.gz\u0026checksum=sha256:9157f1e0a3f483f544c5a8b5d72886f422d1e8111ec75131adf6ee5f6146f1f7\u0026download_url=https://developers.qa.redhat.com/products"
}
}
},
{
"category": "product_version",
"name": "rekor-cli-stack-v1-4@ppc64le",
"product": {
"name": "rekor-cli-stack-v1-4@ppc64le",
"product_id": "rekor-cli-stack-v1-4@ppc64le",
"product_identification_helper": {
"purl": "pkg:generic/rekor-cli-stack-v1-4@1.4.2?filename=rekor_cli_linux_ppc64le.tar.gz\u0026checksum=sha256:75d28c4e81f7496b0a927a44e0fce9a766e95a8e383126ac5feb432ec501cc54\u0026download_url=https://developers.qa.redhat.com/products"
}
}
},
{
"category": "product_version",
"name": "trillian-cli-stack-v1-4@ppc64le",
"product": {
"name": "trillian-cli-stack-v1-4@ppc64le",
"product_id": "trillian-cli-stack-v1-4@ppc64le",
"product_identification_helper": {
"purl": "pkg:generic/trillian-cli-stack-v1-4@1.4.2?filename=updatetree_linux_ppc64le.tar.gz\u0026checksum=sha256:d90e1c644c394300a3e8234a945ee1d70e09ae8c37eb7aee5a3683017c864cbc\u0026download_url=https://developers.qa.redhat.com/products"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "conforma-cli-stack-v1-4@s390x",
"product": {
"name": "conforma-cli-stack-v1-4@s390x",
"product_id": "conforma-cli-stack-v1-4@s390x",
"product_identification_helper": {
"purl": "pkg:generic/conforma-cli-stack-v1-4@1.4.2?filename=ec_linux_s390x.tar.gz\u0026checksum=sha256:ae497f4c2974c0022303a3e1815605ca5e3115d17707b9f75238e3b739fa301a\u0026download_url=https://developers.qa.redhat.com/products"
}
}
},
{
"category": "product_version",
"name": "cosign-cli-stack-v1-4@s390x",
"product": {
"name": "cosign-cli-stack-v1-4@s390x",
"product_id": "cosign-cli-stack-v1-4@s390x",
"product_identification_helper": {
"purl": "pkg:generic/cosign-cli-stack-v1-4@1.4.2?filename=cosign_linux_s390x.tar.gz\u0026checksum=sha256:ce8878b50b0c0d3a3828635e4b1045f0bb5f6deeafc1be8fb8ee9cfd2b65fc9d\u0026download_url=https://developers.qa.redhat.com/products"
}
}
},
{
"category": "product_version",
"name": "fetch-tsa-certs-cli-stack-v1-4@s390x",
"product": {
"name": "fetch-tsa-certs-cli-stack-v1-4@s390x",
"product_id": "fetch-tsa-certs-cli-stack-v1-4@s390x",
"product_identification_helper": {
"purl": "pkg:generic/fetch-tsa-certs-cli-stack-v1-4@1.4.2?filename=fetch_tsa_certs_linux_s390x.tar.gz\u0026checksum=sha256:f73ce30aa019d116998479b58b4cafc03b3fbca16cc47101ea3e78845146f917\u0026download_url=https://developers.qa.redhat.com/products"
}
}
},
{
"category": "product_version",
"name": "gitsign-cli-stack-v1-4@s390x",
"product": {
"name": "gitsign-cli-stack-v1-4@s390x",
"product_id": "gitsign-cli-stack-v1-4@s390x",
"product_identification_helper": {
"purl": "pkg:generic/gitsign-cli-stack-v1-4@1.4.2?filename=gitsign_cli_linux_s390x.tar.gz\u0026checksum=sha256:bac01104b8e4c112f0dd82af9d8a4f3ca78bbfefb4f88713eac5875bbff1b28a\u0026download_url=https://developers.qa.redhat.com/products"
}
}
},
{
"category": "product_version",
"name": "model-transparency-cli-stack-v1-4@s390x",
"product": {
"name": "model-transparency-cli-stack-v1-4@s390x",
"product_id": "model-transparency-cli-stack-v1-4@s390x",
"product_identification_helper": {
"purl": "pkg:generic/model-transparency-cli-stack-v1-4@1.4.2?filename=model_transparency_cli_pkcs11_linux_s390x.tar.gz\u0026checksum=sha256:1bd24d59d4cebf682f6780da1bbd21e53cebf5f1ac7acfcac360a37a3c06c10c\u0026download_url=https://developers.qa.redhat.com/products"
}
}
},
{
"category": "product_version",
"name": "rekor-cli-stack-v1-4@s390x",
"product": {
"name": "rekor-cli-stack-v1-4@s390x",
"product_id": "rekor-cli-stack-v1-4@s390x",
"product_identification_helper": {
"purl": "pkg:generic/rekor-cli-stack-v1-4@1.4.2?filename=rekor_cli_linux_s390x.tar.gz\u0026checksum=sha256:7e8de71d98a483e9fd07e1c79425bd7b3909bf1ebfa2ded9663c835819f280d2\u0026download_url=https://developers.qa.redhat.com/products"
}
}
},
{
"category": "product_version",
"name": "trillian-cli-stack-v1-4@s390x",
"product": {
"name": "trillian-cli-stack-v1-4@s390x",
"product_id": "trillian-cli-stack-v1-4@s390x",
"product_identification_helper": {
"purl": "pkg:generic/trillian-cli-stack-v1-4@1.4.2?filename=updatetree_linux_s390x.tar.gz\u0026checksum=sha256:994a0886ef2ce20919b9422a72a900e85e76817874076fb4981c00dacc73837f\u0026download_url=https://developers.qa.redhat.com/products"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "conforma-cli-stack-v1-4@amd64_windows",
"product": {
"name": "conforma-cli-stack-v1-4@amd64_windows",
"product_id": "conforma-cli-stack-v1-4@amd64_windows",
"product_identification_helper": {
"purl": "pkg:generic/conforma-cli-stack-v1-4@1.4.2?filename=ec_windows_amd64.zip\u0026checksum=sha256:08c6c5625f35891f5d902aa8e96e8081f7b8f6c331298faf124d657fe389afe1\u0026download_url=https://developers.qa.redhat.com/products"
}
}
},
{
"category": "product_version",
"name": "cosign-cli-stack-v1-4@amd64_windows",
"product": {
"name": "cosign-cli-stack-v1-4@amd64_windows",
"product_id": "cosign-cli-stack-v1-4@amd64_windows",
"product_identification_helper": {
"purl": "pkg:generic/cosign-cli-stack-v1-4@1.4.2?filename=cosign_windows_amd64.zip\u0026checksum=sha256:6238651a35a50a6c45014f03d744c593a4d81a7b2bfc124204cd13616ff8388c\u0026download_url=https://developers.qa.redhat.com/products"
}
}
},
{
"category": "product_version",
"name": "fetch-tsa-certs-cli-stack-v1-4@amd64_windows",
"product": {
"name": "fetch-tsa-certs-cli-stack-v1-4@amd64_windows",
"product_id": "fetch-tsa-certs-cli-stack-v1-4@amd64_windows",
"product_identification_helper": {
"purl": "pkg:generic/fetch-tsa-certs-cli-stack-v1-4@1.4.2?filename=fetch_tsa_certs_windows_amd64.zip\u0026checksum=sha256:56491ee25bb1a67b612246bf5d4c57021d8545a3031ca010f9ccc9fc6136d2ed\u0026download_url=https://developers.qa.redhat.com/products"
}
}
},
{
"category": "product_version",
"name": "gitsign-cli-stack-v1-4@amd64_windows",
"product": {
"name": "gitsign-cli-stack-v1-4@amd64_windows",
"product_id": "gitsign-cli-stack-v1-4@amd64_windows",
"product_identification_helper": {
"purl": "pkg:generic/gitsign-cli-stack-v1-4@1.4.2?filename=gitsign_cli_windows_amd64.zip\u0026checksum=sha256:a5760ac48ebeed01a3d3391eaa6cd91e7e2cb2854f317c07446b4599772997ff\u0026download_url=https://developers.qa.redhat.com/products"
}
}
},
{
"category": "product_version",
"name": "model-transparency-cli-stack-v1-4@amd64_windows",
"product": {
"name": "model-transparency-cli-stack-v1-4@amd64_windows",
"product_id": "model-transparency-cli-stack-v1-4@amd64_windows",
"product_identification_helper": {
"purl": "pkg:generic/model-transparency-cli-stack-v1-4@1.4.2?filename=model_transparency_cli_windows_amd64.exe.gz\u0026checksum=sha256:ea9d1ce76fb5c7a8b2d1b6c91157a3b2c9cf021c80bcff773342e7bd7b2bdc90\u0026download_url=https://developers.qa.redhat.com/products"
}
}
},
{
"category": "product_version",
"name": "rekor-cli-stack-v1-4@amd64_windows",
"product": {
"name": "rekor-cli-stack-v1-4@amd64_windows",
"product_id": "rekor-cli-stack-v1-4@amd64_windows",
"product_identification_helper": {
"purl": "pkg:generic/rekor-cli-stack-v1-4@1.4.2?filename=rekor_cli_windows_amd64.zip\u0026checksum=sha256:31f0e4ddf6b49ab3c8c6513a1b947ea850b8250287e0a60ac6f6abbbf0c622d9\u0026download_url=https://developers.qa.redhat.com/products"
}
}
},
{
"category": "product_version",
"name": "trillian-cli-stack-v1-4@amd64_windows",
"product": {
"name": "trillian-cli-stack-v1-4@amd64_windows",
"product_id": "trillian-cli-stack-v1-4@amd64_windows",
"product_identification_helper": {
"purl": "pkg:generic/trillian-cli-stack-v1-4@1.4.2?filename=updatetree_windows_amd64.zip\u0026checksum=sha256:98bbdfa1f5625480ecd4b2bb2e8d90e1314449b03dfd2f67feaad316cdb7a82e\u0026download_url=https://developers.qa.redhat.com/products"
}
}
}
],
"category": "architecture",
"name": "amd64_windows"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "conforma-cli-stack-v1-4@amd64 as a component of Red Hat Trusted Artifact Signer 1.4",
"product_id": "Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@amd64"
},
"product_reference": "conforma-cli-stack-v1-4@amd64",
"relates_to_product_reference": "Red Hat Trusted Artifact Signer 1.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "conforma-cli-stack-v1-4@amd64_darwin as a component of Red Hat Trusted Artifact Signer 1.4",
"product_id": "Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@amd64_darwin"
},
"product_reference": "conforma-cli-stack-v1-4@amd64_darwin",
"relates_to_product_reference": "Red Hat Trusted Artifact Signer 1.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "conforma-cli-stack-v1-4@amd64_windows as a component of Red Hat Trusted Artifact Signer 1.4",
"product_id": "Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@amd64_windows"
},
"product_reference": "conforma-cli-stack-v1-4@amd64_windows",
"relates_to_product_reference": "Red Hat Trusted Artifact Signer 1.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "conforma-cli-stack-v1-4@arm64 as a component of Red Hat Trusted Artifact Signer 1.4",
"product_id": "Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@arm64"
},
"product_reference": "conforma-cli-stack-v1-4@arm64",
"relates_to_product_reference": "Red Hat Trusted Artifact Signer 1.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "conforma-cli-stack-v1-4@arm64_darwin as a component of Red Hat Trusted Artifact Signer 1.4",
"product_id": "Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@arm64_darwin"
},
"product_reference": "conforma-cli-stack-v1-4@arm64_darwin",
"relates_to_product_reference": "Red Hat Trusted Artifact Signer 1.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "conforma-cli-stack-v1-4@ppc64le as a component of Red Hat Trusted Artifact Signer 1.4",
"product_id": "Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@ppc64le"
},
"product_reference": "conforma-cli-stack-v1-4@ppc64le",
"relates_to_product_reference": "Red Hat Trusted Artifact Signer 1.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "conforma-cli-stack-v1-4@s390x as a component of Red Hat Trusted Artifact Signer 1.4",
"product_id": "Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@s390x"
},
"product_reference": "conforma-cli-stack-v1-4@s390x",
"relates_to_product_reference": "Red Hat Trusted Artifact Signer 1.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cosign-cli-stack-v1-4@amd64 as a component of Red Hat Trusted Artifact Signer 1.4",
"product_id": "Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@amd64"
},
"product_reference": "cosign-cli-stack-v1-4@amd64",
"relates_to_product_reference": "Red Hat Trusted Artifact Signer 1.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cosign-cli-stack-v1-4@amd64_darwin as a component of Red Hat Trusted Artifact Signer 1.4",
"product_id": "Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@amd64_darwin"
},
"product_reference": "cosign-cli-stack-v1-4@amd64_darwin",
"relates_to_product_reference": "Red Hat Trusted Artifact Signer 1.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cosign-cli-stack-v1-4@amd64_windows as a component of Red Hat Trusted Artifact Signer 1.4",
"product_id": "Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@amd64_windows"
},
"product_reference": "cosign-cli-stack-v1-4@amd64_windows",
"relates_to_product_reference": "Red Hat Trusted Artifact Signer 1.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cosign-cli-stack-v1-4@arm64 as a component of Red Hat Trusted Artifact Signer 1.4",
"product_id": "Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@arm64"
},
"product_reference": "cosign-cli-stack-v1-4@arm64",
"relates_to_product_reference": "Red Hat Trusted Artifact Signer 1.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cosign-cli-stack-v1-4@arm64_darwin as a component of Red Hat Trusted Artifact Signer 1.4",
"product_id": "Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@arm64_darwin"
},
"product_reference": "cosign-cli-stack-v1-4@arm64_darwin",
"relates_to_product_reference": "Red Hat Trusted Artifact Signer 1.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cosign-cli-stack-v1-4@ppc64le as a component of Red Hat Trusted Artifact Signer 1.4",
"product_id": "Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@ppc64le"
},
"product_reference": "cosign-cli-stack-v1-4@ppc64le",
"relates_to_product_reference": "Red Hat Trusted Artifact Signer 1.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cosign-cli-stack-v1-4@s390x as a component of Red Hat Trusted Artifact Signer 1.4",
"product_id": "Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@s390x"
},
"product_reference": "cosign-cli-stack-v1-4@s390x",
"relates_to_product_reference": "Red Hat Trusted Artifact Signer 1.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "fetch-tsa-certs-cli-stack-v1-4@amd64 as a component of Red Hat Trusted Artifact Signer 1.4",
"product_id": "Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@amd64"
},
"product_reference": "fetch-tsa-certs-cli-stack-v1-4@amd64",
"relates_to_product_reference": "Red Hat Trusted Artifact Signer 1.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "fetch-tsa-certs-cli-stack-v1-4@amd64_darwin as a component of Red Hat Trusted Artifact Signer 1.4",
"product_id": "Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@amd64_darwin"
},
"product_reference": "fetch-tsa-certs-cli-stack-v1-4@amd64_darwin",
"relates_to_product_reference": "Red Hat Trusted Artifact Signer 1.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "fetch-tsa-certs-cli-stack-v1-4@amd64_windows as a component of Red Hat Trusted Artifact Signer 1.4",
"product_id": "Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@amd64_windows"
},
"product_reference": "fetch-tsa-certs-cli-stack-v1-4@amd64_windows",
"relates_to_product_reference": "Red Hat Trusted Artifact Signer 1.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "fetch-tsa-certs-cli-stack-v1-4@arm64 as a component of Red Hat Trusted Artifact Signer 1.4",
"product_id": "Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@arm64"
},
"product_reference": "fetch-tsa-certs-cli-stack-v1-4@arm64",
"relates_to_product_reference": "Red Hat Trusted Artifact Signer 1.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "fetch-tsa-certs-cli-stack-v1-4@arm64_darwin as a component of Red Hat Trusted Artifact Signer 1.4",
"product_id": "Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@arm64_darwin"
},
"product_reference": "fetch-tsa-certs-cli-stack-v1-4@arm64_darwin",
"relates_to_product_reference": "Red Hat Trusted Artifact Signer 1.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "fetch-tsa-certs-cli-stack-v1-4@ppc64le as a component of Red Hat Trusted Artifact Signer 1.4",
"product_id": "Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@ppc64le"
},
"product_reference": "fetch-tsa-certs-cli-stack-v1-4@ppc64le",
"relates_to_product_reference": "Red Hat Trusted Artifact Signer 1.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "fetch-tsa-certs-cli-stack-v1-4@s390x as a component of Red Hat Trusted Artifact Signer 1.4",
"product_id": "Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@s390x"
},
"product_reference": "fetch-tsa-certs-cli-stack-v1-4@s390x",
"relates_to_product_reference": "Red Hat Trusted Artifact Signer 1.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gitsign-cli-stack-v1-4@amd64 as a component of Red Hat Trusted Artifact Signer 1.4",
"product_id": "Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@amd64"
},
"product_reference": "gitsign-cli-stack-v1-4@amd64",
"relates_to_product_reference": "Red Hat Trusted Artifact Signer 1.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gitsign-cli-stack-v1-4@amd64_darwin as a component of Red Hat Trusted Artifact Signer 1.4",
"product_id": "Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@amd64_darwin"
},
"product_reference": "gitsign-cli-stack-v1-4@amd64_darwin",
"relates_to_product_reference": "Red Hat Trusted Artifact Signer 1.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gitsign-cli-stack-v1-4@amd64_windows as a component of Red Hat Trusted Artifact Signer 1.4",
"product_id": "Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@amd64_windows"
},
"product_reference": "gitsign-cli-stack-v1-4@amd64_windows",
"relates_to_product_reference": "Red Hat Trusted Artifact Signer 1.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gitsign-cli-stack-v1-4@arm64 as a component of Red Hat Trusted Artifact Signer 1.4",
"product_id": "Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@arm64"
},
"product_reference": "gitsign-cli-stack-v1-4@arm64",
"relates_to_product_reference": "Red Hat Trusted Artifact Signer 1.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gitsign-cli-stack-v1-4@arm64_darwin as a component of Red Hat Trusted Artifact Signer 1.4",
"product_id": "Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@arm64_darwin"
},
"product_reference": "gitsign-cli-stack-v1-4@arm64_darwin",
"relates_to_product_reference": "Red Hat Trusted Artifact Signer 1.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gitsign-cli-stack-v1-4@ppc64le as a component of Red Hat Trusted Artifact Signer 1.4",
"product_id": "Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@ppc64le"
},
"product_reference": "gitsign-cli-stack-v1-4@ppc64le",
"relates_to_product_reference": "Red Hat Trusted Artifact Signer 1.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gitsign-cli-stack-v1-4@s390x as a component of Red Hat Trusted Artifact Signer 1.4",
"product_id": "Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@s390x"
},
"product_reference": "gitsign-cli-stack-v1-4@s390x",
"relates_to_product_reference": "Red Hat Trusted Artifact Signer 1.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "model-transparency-cli-stack-v1-4@amd64 as a component of Red Hat Trusted Artifact Signer 1.4",
"product_id": "Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@amd64"
},
"product_reference": "model-transparency-cli-stack-v1-4@amd64",
"relates_to_product_reference": "Red Hat Trusted Artifact Signer 1.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "model-transparency-cli-stack-v1-4@amd64_darwin as a component of Red Hat Trusted Artifact Signer 1.4",
"product_id": "Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@amd64_darwin"
},
"product_reference": "model-transparency-cli-stack-v1-4@amd64_darwin",
"relates_to_product_reference": "Red Hat Trusted Artifact Signer 1.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "model-transparency-cli-stack-v1-4@amd64_windows as a component of Red Hat Trusted Artifact Signer 1.4",
"product_id": "Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@amd64_windows"
},
"product_reference": "model-transparency-cli-stack-v1-4@amd64_windows",
"relates_to_product_reference": "Red Hat Trusted Artifact Signer 1.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "model-transparency-cli-stack-v1-4@arm64 as a component of Red Hat Trusted Artifact Signer 1.4",
"product_id": "Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@arm64"
},
"product_reference": "model-transparency-cli-stack-v1-4@arm64",
"relates_to_product_reference": "Red Hat Trusted Artifact Signer 1.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "model-transparency-cli-stack-v1-4@arm64_darwin as a component of Red Hat Trusted Artifact Signer 1.4",
"product_id": "Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@arm64_darwin"
},
"product_reference": "model-transparency-cli-stack-v1-4@arm64_darwin",
"relates_to_product_reference": "Red Hat Trusted Artifact Signer 1.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "model-transparency-cli-stack-v1-4@ppc64le as a component of Red Hat Trusted Artifact Signer 1.4",
"product_id": "Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@ppc64le"
},
"product_reference": "model-transparency-cli-stack-v1-4@ppc64le",
"relates_to_product_reference": "Red Hat Trusted Artifact Signer 1.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "model-transparency-cli-stack-v1-4@s390x as a component of Red Hat Trusted Artifact Signer 1.4",
"product_id": "Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@s390x"
},
"product_reference": "model-transparency-cli-stack-v1-4@s390x",
"relates_to_product_reference": "Red Hat Trusted Artifact Signer 1.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rekor-cli-stack-v1-4@amd64 as a component of Red Hat Trusted Artifact Signer 1.4",
"product_id": "Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@amd64"
},
"product_reference": "rekor-cli-stack-v1-4@amd64",
"relates_to_product_reference": "Red Hat Trusted Artifact Signer 1.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rekor-cli-stack-v1-4@amd64_darwin as a component of Red Hat Trusted Artifact Signer 1.4",
"product_id": "Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@amd64_darwin"
},
"product_reference": "rekor-cli-stack-v1-4@amd64_darwin",
"relates_to_product_reference": "Red Hat Trusted Artifact Signer 1.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rekor-cli-stack-v1-4@amd64_windows as a component of Red Hat Trusted Artifact Signer 1.4",
"product_id": "Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@amd64_windows"
},
"product_reference": "rekor-cli-stack-v1-4@amd64_windows",
"relates_to_product_reference": "Red Hat Trusted Artifact Signer 1.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rekor-cli-stack-v1-4@arm64 as a component of Red Hat Trusted Artifact Signer 1.4",
"product_id": "Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@arm64"
},
"product_reference": "rekor-cli-stack-v1-4@arm64",
"relates_to_product_reference": "Red Hat Trusted Artifact Signer 1.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rekor-cli-stack-v1-4@arm64_darwin as a component of Red Hat Trusted Artifact Signer 1.4",
"product_id": "Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@arm64_darwin"
},
"product_reference": "rekor-cli-stack-v1-4@arm64_darwin",
"relates_to_product_reference": "Red Hat Trusted Artifact Signer 1.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rekor-cli-stack-v1-4@ppc64le as a component of Red Hat Trusted Artifact Signer 1.4",
"product_id": "Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@ppc64le"
},
"product_reference": "rekor-cli-stack-v1-4@ppc64le",
"relates_to_product_reference": "Red Hat Trusted Artifact Signer 1.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rekor-cli-stack-v1-4@s390x as a component of Red Hat Trusted Artifact Signer 1.4",
"product_id": "Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@s390x"
},
"product_reference": "rekor-cli-stack-v1-4@s390x",
"relates_to_product_reference": "Red Hat Trusted Artifact Signer 1.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "trillian-cli-stack-v1-4@amd64 as a component of Red Hat Trusted Artifact Signer 1.4",
"product_id": "Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@amd64"
},
"product_reference": "trillian-cli-stack-v1-4@amd64",
"relates_to_product_reference": "Red Hat Trusted Artifact Signer 1.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "trillian-cli-stack-v1-4@amd64_darwin as a component of Red Hat Trusted Artifact Signer 1.4",
"product_id": "Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@amd64_darwin"
},
"product_reference": "trillian-cli-stack-v1-4@amd64_darwin",
"relates_to_product_reference": "Red Hat Trusted Artifact Signer 1.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "trillian-cli-stack-v1-4@amd64_windows as a component of Red Hat Trusted Artifact Signer 1.4",
"product_id": "Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@amd64_windows"
},
"product_reference": "trillian-cli-stack-v1-4@amd64_windows",
"relates_to_product_reference": "Red Hat Trusted Artifact Signer 1.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "trillian-cli-stack-v1-4@arm64 as a component of Red Hat Trusted Artifact Signer 1.4",
"product_id": "Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@arm64"
},
"product_reference": "trillian-cli-stack-v1-4@arm64",
"relates_to_product_reference": "Red Hat Trusted Artifact Signer 1.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "trillian-cli-stack-v1-4@arm64_darwin as a component of Red Hat Trusted Artifact Signer 1.4",
"product_id": "Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@arm64_darwin"
},
"product_reference": "trillian-cli-stack-v1-4@arm64_darwin",
"relates_to_product_reference": "Red Hat Trusted Artifact Signer 1.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "trillian-cli-stack-v1-4@ppc64le as a component of Red Hat Trusted Artifact Signer 1.4",
"product_id": "Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@ppc64le"
},
"product_reference": "trillian-cli-stack-v1-4@ppc64le",
"relates_to_product_reference": "Red Hat Trusted Artifact Signer 1.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "trillian-cli-stack-v1-4@s390x as a component of Red Hat Trusted Artifact Signer 1.4",
"product_id": "Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@s390x"
},
"product_reference": "trillian-cli-stack-v1-4@s390x",
"relates_to_product_reference": "Red Hat Trusted Artifact Signer 1.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tuftool-cli-stack-v1-4@amd64 as a component of Red Hat Trusted Artifact Signer 1.4",
"product_id": "Red Hat Trusted Artifact Signer 1.4:tuftool-cli-stack-v1-4@amd64"
},
"product_reference": "tuftool-cli-stack-v1-4@amd64",
"relates_to_product_reference": "Red Hat Trusted Artifact Signer 1.4"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-27145",
"cwe": {
"id": "CWE-606",
"name": "Unchecked Input for Loop Condition"
},
"discovery_date": "2026-06-02T23:01:08.992540+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:tuftool-cli-stack-v1-4@amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2484207"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the `crypto/x509` package of `golang`. This vulnerability allows a remote attacker to cause a Denial of Service (DoS) by presenting a specially crafted X.509 certificate with a large number of DNS Subject Alternative Name (SAN) entries. The certificate verification process, specifically the `VerifyHostname` function, incurs excessive computational overhead due to repeated string operations when processing these entries. This can lead to a significant performance degradation or unresponsiveness of systems validating such certificates.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: golang: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "A flaw was found in the Go standard library crypto/x509 package. When verifying a TLS certificate hostname, VerifyHostname processed each DNS Subject Alternative Name (SAN) entry in a loop and repeatedly split the candidate hostname on \".\" characters. For certificates with a very large DNS SAN list, CPU use could grow quadratically with the number of SAN entries and hostname labels. Because hostname verification runs before the certificate chain is built, this overhead can occur even when the certificate is not trusted.\n\nRed Hat rates this issue as Important. It affects Red Hat products that include the Go standard library crypto/x509 code from an affected Go toolchain version (before Go 1.25.11, or from Go 1.26.0 through Go 1.26.3). Applications and container images built with a fixed Go release (1.25.11 or later, or 1.26.4 or later) are not affected. Community distributions such as Fedora are also affected.\n\nUpstream fix: Go 1.25.11 and Go 1.26.4 (GO-2026-5037).",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@s390x"
],
"known_not_affected": [
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:tuftool-cli-stack-v1-4@amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-27145"
},
{
"category": "external",
"summary": "RHBZ#2484207",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2484207"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-27145",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27145"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-27145",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27145"
},
{
"category": "external",
"summary": "https://go.dev/cl/783621",
"url": "https://go.dev/cl/783621"
},
{
"category": "external",
"summary": "https://go.dev/issue/79694",
"url": "https://go.dev/issue/79694"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/tKs3rmcBcKw",
"url": "https://groups.google.com/g/golang-announce/c/tKs3rmcBcKw"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-5037",
"url": "https://pkg.go.dev/vuln/GO-2026-5037"
}
],
"release_date": "2026-06-02T22:01:36.954000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-08T15:46:32+00:00",
"details": "The RHTAS CLI Stack images contain Red Hat Trusted Artifact Signer CLI binaries.\n\nFor details on using the CLI images, refer to the product documentation at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.4\n\nYou can find the release notes for this version of Red Hat Trusted Artifact Signer at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.4/html-single/release_notes/index",
"product_ids": [
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:36797"
},
{
"category": "workaround",
"details": "A flaw was found in the Go standard library crypto/x509 package. When verifying a TLS certificate hostname, VerifyHostname processed each DNS Subject Alternative Name (SAN) entry in a loop and repeatedly split the candidate hostname on \".\" characters. For certificates with a very large DNS SAN list, CPU use could grow quadratically with the number of SAN entries and hostname labels. Because hostname verification runs before the certificate chain is built, this overhead can occur even when the certificate is not trusted.\n\nRed Hat rates this issue as Important. It affects Red Hat products that include the Go standard library crypto/x509 code from an affected Go toolchain version (before Go 1.25.11, or from Go 1.26.0 through Go 1.26.3). Applications and container images built with a fixed Go release (1.25.11 or later, or 1.26.4 or later) are not affected. Community distributions such as Fedora are also affected.\n\nUpstream fix: Go 1.25.11 and Go 1.26.4 (GO-2026-5037).",
"product_ids": [
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:tuftool-cli-stack-v1-4@amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:tuftool-cli-stack-v1-4@amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crypto/x509: golang: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries"
},
{
"cve": "CVE-2026-33811",
"cwe": {
"id": "CWE-1341",
"name": "Multiple Releases of Same Resource or Handle"
},
"discovery_date": "2026-05-07T20:01:34.913869+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:tuftool-cli-stack-v1-4@amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2467822"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the `net` package of Go (golang), specifically when using the `LookupCNAME` function with the `cgo` DNS resolver. A remote attacker could exploit this by providing a very long Canonical Name (CNAME) response. This can trigger a double-free of C memory, leading to a crash and a Denial of Service (DoS) for the affected application.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "net: golang: Go net package: Denial of Service via long CNAME response in LookupCNAME",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an Important denial of service vulnerability in the Go `net` package, affecting applications configured to use the `cgo` DNS resolver. A remote attacker could trigger a double-free memory error by providing a very long CNAME response, leading to a crash of the vulnerable application and impacting service availability.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@s390x"
],
"known_not_affected": [
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:tuftool-cli-stack-v1-4@amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-33811"
},
{
"category": "external",
"summary": "RHBZ#2467822",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467822"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-33811",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33811"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-33811",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33811"
},
{
"category": "external",
"summary": "https://go.dev/cl/767860",
"url": "https://go.dev/cl/767860"
},
{
"category": "external",
"summary": "https://go.dev/issue/78803",
"url": "https://go.dev/issue/78803"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/qcCIEXso47M",
"url": "https://groups.google.com/g/golang-announce/c/qcCIEXso47M"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4981",
"url": "https://pkg.go.dev/vuln/GO-2026-4981"
}
],
"release_date": "2026-05-07T19:41:19.285000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-08T15:46:32+00:00",
"details": "The RHTAS CLI Stack images contain Red Hat Trusted Artifact Signer CLI binaries.\n\nFor details on using the CLI images, refer to the product documentation at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.4\n\nYou can find the release notes for this version of Red Hat Trusted Artifact Signer at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.4/html-single/release_notes/index",
"product_ids": [
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:36797"
},
{
"category": "workaround",
"details": "To mitigate this issue, applications can be configured to use the pure Go DNS resolver instead of the `cgo` DNS resolver. This can be achieved by setting the `GODEBUG` environment variable to `netdns=go`. For example, to run a Go application with this mitigation: `GODEBUG=netdns=go /path/to/your/go/application`. This change may require restarting affected applications or services to take effect. Users should verify that this change does not negatively impact DNS resolution for their specific application environment.",
"product_ids": [
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:tuftool-cli-stack-v1-4@amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:tuftool-cli-stack-v1-4@amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "net: golang: Go net package: Denial of Service via long CNAME response in LookupCNAME"
},
{
"cve": "CVE-2026-39820",
"cwe": {
"id": "CWE-606",
"name": "Unchecked Input for Loop Condition"
},
"discovery_date": "2026-05-07T20:01:27.800929+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:tuftool-cli-stack-v1-4@amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2467820"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the `net/mail` package of the Go programming language. An attacker could provide specially crafted inputs to the `ParseAddress`, `ParseAddressList`, or `ParseDate` functions. This could lead to excessive consumption of CPU and memory resources, resulting in a Denial of Service (DoS) for applications processing these inputs.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "net/mail: golang: Go net/mail: Denial of Service via crafted email inputs",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an Important denial of service vulnerability in the Go `net/mail` package. Applications processing untrusted email inputs via `ParseAddress`, `ParseAddressList`, or `ParseDate` functions are susceptible to excessive resource consumption, which can lead to service unavailability.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@s390x"
],
"known_not_affected": [
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:tuftool-cli-stack-v1-4@amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-39820"
},
{
"category": "external",
"summary": "RHBZ#2467820",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467820"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-39820",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-39820"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-39820",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39820"
},
{
"category": "external",
"summary": "https://go.dev/cl/759940",
"url": "https://go.dev/cl/759940"
},
{
"category": "external",
"summary": "https://go.dev/issue/78566",
"url": "https://go.dev/issue/78566"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/qcCIEXso47M",
"url": "https://groups.google.com/g/golang-announce/c/qcCIEXso47M"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4986",
"url": "https://pkg.go.dev/vuln/GO-2026-4986"
}
],
"release_date": "2026-05-07T19:41:19.854000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-08T15:46:32+00:00",
"details": "The RHTAS CLI Stack images contain Red Hat Trusted Artifact Signer CLI binaries.\n\nFor details on using the CLI images, refer to the product documentation at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.4\n\nYou can find the release notes for this version of Red Hat Trusted Artifact Signer at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.4/html-single/release_notes/index",
"product_ids": [
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:36797"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:tuftool-cli-stack-v1-4@amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:tuftool-cli-stack-v1-4@amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "net/mail: golang: Go net/mail: Denial of Service via crafted email inputs"
},
{
"cve": "CVE-2026-39821",
"cwe": {
"id": "CWE-1289",
"name": "Improper Validation of Unsafe Equivalence in Input"
},
"discovery_date": "2026-05-22T16:00:52.844126+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:tuftool-cli-stack-v1-4@amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2480756"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang.org/x/net/idna. ToASCII and ToUnicode incorrectly accept Punycode-encoded labels that decode to an ASCII-only hostname (for example, xn--example-.com returns example.com instead of an error). Applications that validate the ASCII form then convert to Unicode may grant access to a restricted hostname the ASCII check would have rejected.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/net/idna: golang: golang.org/x/net/idna: Privilege escalation via incorrect Punycode label processing",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "golang.org/x/net/idna is vulnerable to privilege escalation through incorrect Punycode label handling in ToASCII and ToUnicode. An attacker who can supply a Punycode hostname that passes an ASCII-only authorization check may have it normalized to a restricted ASCII name the application intended to block. Red Hat exposure is broad across products shipping the Go toolchain or bundling golang.org/x/net, including RHEL and RHEL-AI golang RPMs, hummingbird Go runtimes, OpenShift and ODF container builds, and Ceph/OpenShift components compiled against affected x/net versions.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@s390x"
],
"known_not_affected": [
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:tuftool-cli-stack-v1-4@amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-39821"
},
{
"category": "external",
"summary": "RHBZ#2480756",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2480756"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-39821",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-39821"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-39821",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39821"
},
{
"category": "external",
"summary": "https://go.dev/cl/767220",
"url": "https://go.dev/cl/767220"
},
{
"category": "external",
"summary": "https://go.dev/issue/78760",
"url": "https://go.dev/issue/78760"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/iI-mYSI0lu8",
"url": "https://groups.google.com/g/golang-announce/c/iI-mYSI0lu8"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-5026",
"url": "https://pkg.go.dev/vuln/GO-2026-5026"
}
],
"release_date": "2026-05-22T15:01:21.462000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-08T15:46:32+00:00",
"details": "The RHTAS CLI Stack images contain Red Hat Trusted Artifact Signer CLI binaries.\n\nFor details on using the CLI images, refer to the product documentation at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.4\n\nYou can find the release notes for this version of Red Hat Trusted Artifact Signer at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.4/html-single/release_notes/index",
"product_ids": [
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:36797"
},
{
"category": "workaround",
"details": "Upgrade to a fixed golang.org/x/net release that includes the idna correction, via updated golang or dependent package rebuilds.",
"product_ids": [
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:tuftool-cli-stack-v1-4@amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:tuftool-cli-stack-v1-4@amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang.org/x/net/idna: golang: golang.org/x/net/idna: Privilege escalation via incorrect Punycode label processing"
},
{
"cve": "CVE-2026-39828",
"cwe": {
"id": "CWE-281",
"name": "Improper Preservation of Permissions"
},
"discovery_date": "2026-05-22T04:01:46.775641+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:tuftool-cli-stack-v1-4@amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2480687"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang.org/x/crypto/ssh. A remote attacker could exploit this vulnerability when an SSH server authentication callback returned a PartialSuccessError with non-nil permissions. This flaw caused these permissions to be silently discarded, potentially bypassing certificate restrictions, such as a force-command, after a second authentication factor succeeded. This could lead to unauthorized command execution or access.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Unauthorized command execution via discarded SSH permissions",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an Important security flaw in the `golang.org/x/crypto/ssh` library. When an SSH server utilizing this library is configured with specific authentication callbacks that return a `PartialSuccessError` with non-nil permissions, an attacker could bypass intended certificate restrictions, such as `force-command`. This bypass could lead to unauthorized command execution or access on affected Red Hat systems configured with multi-factor authentication and certificate-based access controls.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@s390x"
],
"known_not_affected": [
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:tuftool-cli-stack-v1-4@amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-39828"
},
{
"category": "external",
"summary": "RHBZ#2480687",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2480687"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-39828",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-39828"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-39828",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39828"
},
{
"category": "external",
"summary": "https://go.dev/cl/781621",
"url": "https://go.dev/cl/781621"
},
{
"category": "external",
"summary": "https://go.dev/issue/79562",
"url": "https://go.dev/issue/79562"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/a082jnz-LvI",
"url": "https://groups.google.com/g/golang-announce/c/a082jnz-LvI"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-5014",
"url": "https://pkg.go.dev/vuln/GO-2026-5014"
}
],
"release_date": "2026-05-22T02:31:26.883000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-08T15:46:32+00:00",
"details": "The RHTAS CLI Stack images contain Red Hat Trusted Artifact Signer CLI binaries.\n\nFor details on using the CLI images, refer to the product documentation at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.4\n\nYou can find the release notes for this version of Red Hat Trusted Artifact Signer at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.4/html-single/release_notes/index",
"product_ids": [
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:36797"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:tuftool-cli-stack-v1-4@amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:tuftool-cli-stack-v1-4@amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Unauthorized command execution via discarded SSH permissions"
},
{
"cve": "CVE-2026-39829",
"cwe": {
"id": "CWE-1284",
"name": "Improper Validation of Specified Quantity in Input"
},
"discovery_date": "2026-05-22T04:01:30.092249+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:tuftool-cli-stack-v1-4@amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2480681"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang.org/x/crypto/ssh. The RSA and DSA public key parsers in the affected component did not enforce size limits on key parameters. This vulnerability allows an unauthenticated client to provide a crafted public key with an excessively large modulus or DSA parameter during public key authentication. Successful exploitation could lead to a denial of service (DoS) due to prolonged CPU consumption during signature verification.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Service via crafted public key with excessive parameters",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability in golang.org/x/crypto/ssh is rated as Important. An unauthenticated remote attacker could trigger a denial of service by providing a specially crafted public key with excessively large parameters during SSH public key authentication. This could lead to prolonged CPU consumption on the server, impacting service availability.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@s390x"
],
"known_not_affected": [
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:tuftool-cli-stack-v1-4@amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-39829"
},
{
"category": "external",
"summary": "RHBZ#2480681",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2480681"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-39829",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-39829"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-39829",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39829"
},
{
"category": "external",
"summary": "https://go.dev/cl/781641",
"url": "https://go.dev/cl/781641"
},
{
"category": "external",
"summary": "https://go.dev/cl/781661",
"url": "https://go.dev/cl/781661"
},
{
"category": "external",
"summary": "https://go.dev/issue/79565",
"url": "https://go.dev/issue/79565"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/a082jnz-LvI",
"url": "https://groups.google.com/g/golang-announce/c/a082jnz-LvI"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-5018",
"url": "https://pkg.go.dev/vuln/GO-2026-5018"
}
],
"release_date": "2026-05-22T02:31:27.324000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-08T15:46:32+00:00",
"details": "The RHTAS CLI Stack images contain Red Hat Trusted Artifact Signer CLI binaries.\n\nFor details on using the CLI images, refer to the product documentation at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.4\n\nYou can find the release notes for this version of Red Hat Trusted Artifact Signer at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.4/html-single/release_notes/index",
"product_ids": [
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:36797"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:tuftool-cli-stack-v1-4@amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:tuftool-cli-stack-v1-4@amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Service via crafted public key with excessive parameters"
},
{
"cve": "CVE-2026-39830",
"cwe": {
"id": "CWE-772",
"name": "Missing Release of Resource after Effective Lifetime"
},
"discovery_date": "2026-05-22T04:01:38.517202+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:tuftool-cli-stack-v1-4@amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2480684"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang.org/x/crypto/ssh. A remote malicious SSH peer can exploit this by sending unsolicited global request responses, which fills an internal buffer and blocks the connection\u0027s read loop. This prevents the associated resources from being released, leading to a resource leak per connection. The consequence is a Denial of Service (DoS) for the affected system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Service via resource leak from unsolicited SSH responses",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an Important denial of service flaw in `golang.org/x/crypto/ssh`. A remote, unauthenticated attacker can exploit this vulnerability by sending unsolicited global request responses to an affected SSH server, leading to resource exhaustion and a denial of service. The impact is considered Important due to the potential for unauthenticated remote disruption of services utilizing the vulnerable SSH library.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@s390x"
],
"known_not_affected": [
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:tuftool-cli-stack-v1-4@amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-39830"
},
{
"category": "external",
"summary": "RHBZ#2480684",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2480684"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-39830",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-39830"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-39830",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39830"
},
{
"category": "external",
"summary": "https://go.dev/cl/781640",
"url": "https://go.dev/cl/781640"
},
{
"category": "external",
"summary": "https://go.dev/cl/781664",
"url": "https://go.dev/cl/781664"
},
{
"category": "external",
"summary": "https://go.dev/issue/79564",
"url": "https://go.dev/issue/79564"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/a082jnz-LvI",
"url": "https://groups.google.com/g/golang-announce/c/a082jnz-LvI"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-5017",
"url": "https://pkg.go.dev/vuln/GO-2026-5017"
}
],
"release_date": "2026-05-22T02:31:27.208000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-08T15:46:32+00:00",
"details": "The RHTAS CLI Stack images contain Red Hat Trusted Artifact Signer CLI binaries.\n\nFor details on using the CLI images, refer to the product documentation at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.4\n\nYou can find the release notes for this version of Red Hat Trusted Artifact Signer at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.4/html-single/release_notes/index",
"product_ids": [
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:36797"
},
{
"category": "workaround",
"details": "To mitigate this denial of service vulnerability, restrict network access to any service that utilizes the `golang.org/x/crypto/ssh` library and is exposed to untrusted networks. Implement firewall rules to allow connections only from trusted hosts or networks. This action limits the ability of malicious peers to send unsolicited global request responses. A restart of the affected service may be necessary for the new network rules to be applied effectively.",
"product_ids": [
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:tuftool-cli-stack-v1-4@amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:tuftool-cli-stack-v1-4@amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Service via resource leak from unsolicited SSH responses"
},
{
"cve": "CVE-2026-39832",
"cwe": {
"id": "CWE-281",
"name": "Improper Preservation of Permissions"
},
"discovery_date": "2026-05-22T04:01:41.402561+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:tuftool-cli-stack-v1-4@amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2480685"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang.org/x/crypto/ssh/agent. When a key was added to a remote agent, security restrictions, known as constraint extensions, were not properly processed during the request. This allowed these restrictions to be silently removed when keys were forwarded, leading to the unrestricted use of the key on the remote host. This vulnerability could enable an attacker to bypass intended security controls and perform unauthorized actions.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/crypto/ssh/agent: golang.org/x/crypto/ssh/agent: Security bypass due to improper handling of key restrictions",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This Important vulnerability in `golang.org/x/crypto/ssh/agent` allows for a security bypass when SSH keys with destination restrictions are forwarded via an SSH agent. This flaw could lead to unintended exposure of SSH keys, enabling an attacker to use the forwarded key without the specified restrictions on remote hosts. Red Hat products utilizing `golang.org/x/crypto/ssh/agent` for key forwarding may be affected if users rely on constraint extensions for limiting key usage.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@s390x"
],
"known_not_affected": [
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:tuftool-cli-stack-v1-4@amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-39832"
},
{
"category": "external",
"summary": "RHBZ#2480685",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2480685"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-39832",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-39832"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-39832",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39832"
},
{
"category": "external",
"summary": "https://go.dev/cl/778642",
"url": "https://go.dev/cl/778642"
},
{
"category": "external",
"summary": "https://go.dev/issue/79435",
"url": "https://go.dev/issue/79435"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/a082jnz-LvI",
"url": "https://groups.google.com/g/golang-announce/c/a082jnz-LvI"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-5006",
"url": "https://pkg.go.dev/vuln/GO-2026-5006"
}
],
"release_date": "2026-05-22T02:31:26.660000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-08T15:46:32+00:00",
"details": "The RHTAS CLI Stack images contain Red Hat Trusted Artifact Signer CLI binaries.\n\nFor details on using the CLI images, refer to the product documentation at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.4\n\nYou can find the release notes for this version of Red Hat Trusted Artifact Signer at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.4/html-single/release_notes/index",
"product_ids": [
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:36797"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:tuftool-cli-stack-v1-4@amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:tuftool-cli-stack-v1-4@amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang.org/x/crypto/ssh/agent: golang.org/x/crypto/ssh/agent: Security bypass due to improper handling of key restrictions"
},
{
"cve": "CVE-2026-39833",
"cwe": {
"id": "CWE-358",
"name": "Improperly Implemented Security Check for Standard"
},
"discovery_date": "2026-05-22T04:01:35.714593+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:tuftool-cli-stack-v1-4@amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2480683"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang.org/x/crypto/ssh/agent. The NewKeyring() function, which creates an in-memory keyring, failed to enforce the ConfirmBeforeUse constraint on keys. This allowed keys configured to require user confirmation before use to perform signing operations without any prompt or indication to the user. Consequently, an attacker could potentially bypass intended security controls, leading to unauthorized cryptographic signing actions.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/crypto/ssh/agent: golang.org/x/crypto/ssh/agent: Security bypass due to unenforced key confirmation",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat rates this issue as Moderate with RH CVSS 5.5 (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N). A flaw was found in golang.org/x/crypto/ssh/agent where the in-memory keyring returned by NewKeyring() silently accepted SSH agent keys with the ConfirmBeforeUse constraint but did not enforce interactive confirmation before signing. Exploitation requires local access and low privileges on a system where an affected application uses NewKeyring() with ConfirmBeforeUse. Most Red Hat products that bundle golang.org/x/crypto do not use the ssh/agent ConfirmBeforeUse feature in their supported execution paths. The upstream CISA CVSS 9.1 assumes a broader network attack context that does not reflect Red Hat product deployment.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@s390x"
],
"known_not_affected": [
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:tuftool-cli-stack-v1-4@amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-39833"
},
{
"category": "external",
"summary": "RHBZ#2480683",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2480683"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-39833",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-39833"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-39833",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39833"
},
{
"category": "external",
"summary": "https://go.dev/cl/778640",
"url": "https://go.dev/cl/778640"
},
{
"category": "external",
"summary": "https://go.dev/cl/778641",
"url": "https://go.dev/cl/778641"
},
{
"category": "external",
"summary": "https://go.dev/issue/79436",
"url": "https://go.dev/issue/79436"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/a082jnz-LvI",
"url": "https://groups.google.com/g/golang-announce/c/a082jnz-LvI"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-5005",
"url": "https://pkg.go.dev/vuln/GO-2026-5005"
}
],
"release_date": "2026-05-22T02:31:26.294000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-08T15:46:32+00:00",
"details": "The RHTAS CLI Stack images contain Red Hat Trusted Artifact Signer CLI binaries.\n\nFor details on using the CLI images, refer to the product documentation at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.4\n\nYou can find the release notes for this version of Red Hat Trusted Artifact Signer at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.4/html-single/release_notes/index",
"product_ids": [
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:36797"
},
{
"category": "workaround",
"details": "Update affected Go applications to use golang.org/x/crypto version 0.52.0 or later, which rejects unsupported ConfirmBeforeUse keys instead of silently ignoring the constraint. As a workaround, do not add keys with ConfirmBeforeUse to the in-memory keyring from golang.org/x/crypto/ssh/agent, or use an SSH agent implementation that correctly enforces confirm-before-use.",
"product_ids": [
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:tuftool-cli-stack-v1-4@amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:tuftool-cli-stack-v1-4@amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang.org/x/crypto/ssh/agent: golang.org/x/crypto/ssh/agent: Security bypass due to unenforced key confirmation"
},
{
"cve": "CVE-2026-39835",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"discovery_date": "2026-05-22T04:01:27.279943+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:tuftool-cli-stack-v1-4@amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2480680"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang.org/x/crypto/ssh. SSH servers configured to use CertChecker as a public key callback, without explicitly setting IsUserAuthority or IsHostAuthority, are vulnerable. A remote attacker can exploit this by presenting a specially crafted certificate, causing the server to panic and resulting in a Denial of Service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/crypto/ssh: golang: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an Important denial of service flaw in `golang.org/x/crypto/ssh` affecting SSH servers that utilize `CertChecker` as a public key callback without explicitly configuring `IsUserAuthority` or `IsHostAuthority`. A remote, unauthenticated attacker can trigger a server panic by presenting a specially crafted certificate, leading to service disruption. Exploitation requires a specific, non-default configuration of the `CertChecker`.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@s390x"
],
"known_not_affected": [
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:tuftool-cli-stack-v1-4@amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-39835"
},
{
"category": "external",
"summary": "RHBZ#2480680",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2480680"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-39835",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-39835"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-39835",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39835"
},
{
"category": "external",
"summary": "https://go.dev/cl/781660",
"url": "https://go.dev/cl/781660"
},
{
"category": "external",
"summary": "https://go.dev/issue/79563",
"url": "https://go.dev/issue/79563"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/a082jnz-LvI",
"url": "https://groups.google.com/g/golang-announce/c/a082jnz-LvI"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-5015",
"url": "https://pkg.go.dev/vuln/GO-2026-5015"
}
],
"release_date": "2026-05-22T02:31:26.982000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-08T15:46:32+00:00",
"details": "The RHTAS CLI Stack images contain Red Hat Trusted Artifact Signer CLI binaries.\n\nFor details on using the CLI images, refer to the product documentation at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.4\n\nYou can find the release notes for this version of Red Hat Trusted Artifact Signer at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.4/html-single/release_notes/index",
"product_ids": [
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:36797"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:tuftool-cli-stack-v1-4@amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:tuftool-cli-stack-v1-4@amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang.org/x/crypto/ssh: golang: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate"
},
{
"cve": "CVE-2026-42151",
"cwe": {
"id": "CWE-256",
"name": "Plaintext Storage of a Password"
},
"discovery_date": "2026-05-04T19:02:26.983660+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:tuftool-cli-stack-v1-4@amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2466507"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Prometheus, an open-source monitoring system. The `client_secret` field within the Azure Active Directory (AD) remote write OAuth configuration was incorrectly handled as a plain string instead of a secure Secret type. This misconfiguration allowed any user or process with access to the `/-/config` HTTP API endpoint to view the Azure OAuth client secret in plaintext. This vulnerability leads to information disclosure, potentially compromising the security of integrated Azure AD services.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "github.com/prometheus/prometheus: Prometheus: Information disclosure of Azure OAuth client secret via config API",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This Important information disclosure flaw in Prometheus affects instances configured to use Azure AD remote write with OAuth authentication. The client secret, intended to be a secure credential, is exposed in plaintext through the `/-/config` HTTP API endpoint. This could allow an attacker with access to this endpoint to retrieve the secret, potentially compromising integrated Azure AD services.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@s390x"
],
"known_not_affected": [
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:tuftool-cli-stack-v1-4@amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42151"
},
{
"category": "external",
"summary": "RHBZ#2466507",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2466507"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42151",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42151"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42151",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42151"
},
{
"category": "external",
"summary": "https://github.com/prometheus/prometheus/pull/18587",
"url": "https://github.com/prometheus/prometheus/pull/18587"
},
{
"category": "external",
"summary": "https://github.com/prometheus/prometheus/pull/18590",
"url": "https://github.com/prometheus/prometheus/pull/18590"
},
{
"category": "external",
"summary": "https://github.com/prometheus/prometheus/releases/tag/v3.11.3",
"url": "https://github.com/prometheus/prometheus/releases/tag/v3.11.3"
},
{
"category": "external",
"summary": "https://github.com/prometheus/prometheus/releases/tag/v3.5.3",
"url": "https://github.com/prometheus/prometheus/releases/tag/v3.5.3"
},
{
"category": "external",
"summary": "https://github.com/prometheus/prometheus/security/advisories/GHSA-wg65-39gg-5wfj",
"url": "https://github.com/prometheus/prometheus/security/advisories/GHSA-wg65-39gg-5wfj"
}
],
"release_date": "2026-05-04T18:12:16.917000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-08T15:46:32+00:00",
"details": "The RHTAS CLI Stack images contain Red Hat Trusted Artifact Signer CLI binaries.\n\nFor details on using the CLI images, refer to the product documentation at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.4\n\nYou can find the release notes for this version of Red Hat Trusted Artifact Signer at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.4/html-single/release_notes/index",
"product_ids": [
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:36797"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:tuftool-cli-stack-v1-4@amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "github.com/prometheus/prometheus: Prometheus: Information disclosure of Azure OAuth client secret via config API"
},
{
"cve": "CVE-2026-42499",
"cwe": {
"id": "CWE-1046",
"name": "Creation of Immutable Text Using String Concatenation"
},
"discovery_date": "2026-05-07T20:00:51.685602+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:tuftool-cli-stack-v1-4@amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2467809"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the `net/mail` package within the Go standard library. A remote attacker could provide specially crafted, pathological email addresses. When these malformed email addresses are parsed by the `consumePhrase` function, it can lead to excessive resource consumption due to quadratic string concatenation, resulting in a Denial of Service (DoS) condition.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "net/mail: golang: net/mail: Denial of Service via pathological email address parsing",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an Important denial of service vulnerability in the `net/mail` package of the Go standard library. A remote attacker can exploit this flaw by sending specially crafted email addresses, leading to excessive resource consumption and a denial of service in Go applications that parse email addresses using the affected library.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@s390x"
],
"known_not_affected": [
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:tuftool-cli-stack-v1-4@amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42499"
},
{
"category": "external",
"summary": "RHBZ#2467809",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467809"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42499",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42499"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42499",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42499"
},
{
"category": "external",
"summary": "https://go.dev/cl/771520",
"url": "https://go.dev/cl/771520"
},
{
"category": "external",
"summary": "https://go.dev/issue/78987",
"url": "https://go.dev/issue/78987"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/qcCIEXso47M",
"url": "https://groups.google.com/g/golang-announce/c/qcCIEXso47M"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4977",
"url": "https://pkg.go.dev/vuln/GO-2026-4977"
}
],
"release_date": "2026-05-07T19:41:18.615000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-08T15:46:32+00:00",
"details": "The RHTAS CLI Stack images contain Red Hat Trusted Artifact Signer CLI binaries.\n\nFor details on using the CLI images, refer to the product documentation at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.4\n\nYou can find the release notes for this version of Red Hat Trusted Artifact Signer at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.4/html-single/release_notes/index",
"product_ids": [
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:36797"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:tuftool-cli-stack-v1-4@amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:tuftool-cli-stack-v1-4@amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "net/mail: golang: net/mail: Denial of Service via pathological email address parsing"
},
{
"cve": "CVE-2026-42508",
"cwe": {
"id": "CWE-295",
"name": "Improper Certificate Validation"
},
"discovery_date": "2026-05-22T04:01:49.515058+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:tuftool-cli-stack-v1-4@amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2480688"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang.org/x/crypto/ssh/knownhosts. This vulnerability occurs because the system did not correctly check for the revocation status of a SignatureKey belonging to a Certificate Authority (CA). A remote attacker could potentially exploit this by presenting a revoked key, leading to the system accepting it as valid. This could allow an attacker to bypass security checks and potentially gain unauthorized access or spoof legitimate entities.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/crypto/ssh/knownhosts: golang: golang.org/x/crypto/ssh/knownhosts: Revocation bypass via unchecked SignatureKey",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Important: A flaw in `golang.org/x/crypto/ssh/knownhosts` allows a remote attacker to bypass security checks. This vulnerability arises because the system fails to properly verify the revocation status of a Certificate Authority (CA) `SignatureKey`. In Red Hat environments, this could enable an attacker to present a revoked key, leading to its acceptance as valid and potentially granting unauthorized access or facilitating the spoofing of legitimate entities.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@s390x"
],
"known_not_affected": [
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:tuftool-cli-stack-v1-4@amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42508"
},
{
"category": "external",
"summary": "RHBZ#2480688",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2480688"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42508",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42508"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42508",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42508"
},
{
"category": "external",
"summary": "https://go.dev/cl/781220",
"url": "https://go.dev/cl/781220"
},
{
"category": "external",
"summary": "https://go.dev/issue/79568",
"url": "https://go.dev/issue/79568"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/a082jnz-LvI",
"url": "https://groups.google.com/g/golang-announce/c/a082jnz-LvI"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-5021",
"url": "https://pkg.go.dev/vuln/GO-2026-5021"
}
],
"release_date": "2026-05-22T02:31:27.644000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-08T15:46:32+00:00",
"details": "The RHTAS CLI Stack images contain Red Hat Trusted Artifact Signer CLI binaries.\n\nFor details on using the CLI images, refer to the product documentation at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.4\n\nYou can find the release notes for this version of Red Hat Trusted Artifact Signer at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.4/html-single/release_notes/index",
"product_ids": [
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:36797"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:tuftool-cli-stack-v1-4@amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang.org/x/crypto/ssh/knownhosts: golang: golang.org/x/crypto/ssh/knownhosts: Revocation bypass via unchecked SignatureKey"
},
{
"cve": "CVE-2026-46595",
"cwe": {
"id": "CWE-303",
"name": "Incorrect Implementation of Authentication Algorithm"
},
"discovery_date": "2026-05-22T04:01:52.215134+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:tuftool-cli-stack-v1-4@amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2480689"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang.org/x/crypto/ssh. Source-address validation can be skipped when an SSH server configuration uses an authentication callback type other than public key, allowing authorization bypass in misconfigured servers. This is a follow-on to incomplete coverage from the CVE-2024-45337 fix.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Authorization bypass due to skipped source-address validation",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "golang.org/x/crypto/ssh is vulnerable to authorization bypass when SSH server configurations rely on source-address validation alongside non-public-key authentication callbacks. An attacker with low privileges who can authenticate through such a callback path may bypass intended source-address restrictions and gain unauthorized SSH access. Red Hat impact sits in services built with affected x/crypto/ssh, including RHEL golang streams, hummingbird Go toolchains, RHACM/MCE agents, and OpenShift or Ceph components that embed Go SSH servers with mixed callback types.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@s390x"
],
"known_not_affected": [
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:tuftool-cli-stack-v1-4@amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-46595"
},
{
"category": "external",
"summary": "RHBZ#2480689",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2480689"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-46595",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-46595"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-46595",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-46595"
},
{
"category": "external",
"summary": "https://go.dev/cl/781642",
"url": "https://go.dev/cl/781642"
},
{
"category": "external",
"summary": "https://go.dev/issue/79570",
"url": "https://go.dev/issue/79570"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/a082jnz-LvI",
"url": "https://groups.google.com/g/golang-announce/c/a082jnz-LvI"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-5023",
"url": "https://pkg.go.dev/vuln/GO-2026-5023"
}
],
"release_date": "2026-05-22T02:31:27.894000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-08T15:46:32+00:00",
"details": "The RHTAS CLI Stack images contain Red Hat Trusted Artifact Signer CLI binaries.\n\nFor details on using the CLI images, refer to the product documentation at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.4\n\nYou can find the release notes for this version of Red Hat Trusted Artifact Signer at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.4/html-single/release_notes/index",
"product_ids": [
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:36797"
},
{
"category": "workaround",
"details": "Upgrade to a fixed golang.org/x/crypto/ssh release via updated golang or package rebuilds. Ensure SSH servers use supported public-key callback configurations with source-address validation as intended.",
"product_ids": [
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:tuftool-cli-stack-v1-4@amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"products": [
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:conforma-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:cosign-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:fetch-tsa-certs-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:gitsign-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:model-transparency-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:rekor-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@amd64",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@amd64_darwin",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@amd64_windows",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@arm64",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@arm64_darwin",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@ppc64le",
"Red Hat Trusted Artifact Signer 1.4:trillian-cli-stack-v1-4@s390x",
"Red Hat Trusted Artifact Signer 1.4:tuftool-cli-stack-v1-4@amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Authorization bypass due to skipped source-address validation"
}
]
}
RHSA-2026:36808
Vulnerability from csaf_redhat - Published: 2026-07-08 16:06 - Updated: 2026-07-08 23:34A flaw was found in Go's `crypto/x509` package. A remote attacker could exploit this by presenting a specially crafted certificate chain containing a large number of policy mappings. This inefficient validation process consumes excessive resources, which can lead to a denial of service (DoS) for applications or systems performing certificate validation.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:273e029b1618235c7c4ea103d09da99dac8d2803c9be4b5754f1f251563fce27_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:2f577d0458bb4af7eb00dc937cac08023c2de0fca74e31fc2c2725cc4cc26a44_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:71f0ecbb31045e41063e781e2cf03737e8878c49b27366103ff15b7a95e8e946_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:b74935a50eddbd0bfa65b9cd7546c73fadc9267f867adcdaa0cbf8c32b6b4e40_ppc64le | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-operator-bundle@sha256:2a263321d0db82af2c030c7035349d3b42378fb3b03c3e58c0553ce68217581b_amd64 | — |
Workaround
|
|
| Unresolved product id: DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:2a99aac71cd2c5ac53e26817eb8e1df65e417ebbc0fce30b05905f022df9dda3_arm64 | — |
Workaround
|
|
| Unresolved product id: DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:509841df7c98e3d55c85e44dce9d1b235ab9ad80fa0ec82fdfc9a3562e4effbf_s390x | — |
Workaround
|
|
| Unresolved product id: DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:77e0a72e35af25a60b202082ada3e61d80d0be7e24ea3b0c374541c93d25da44_ppc64le | — |
Workaround
|
|
| Unresolved product id: DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:f1d6822065c055040bf9017047ea4afd874c33ccbfa3c4e5854655419f58dd8e_amd64 | — |
Workaround
|
|
| Unresolved product id: DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:00c7568ee3e388839b7777dab379ac6ecf3c5bc7bdeec2562417f88f862b80b5_s390x | — |
Workaround
|
|
| Unresolved product id: DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:0ba88226a4c28d5caab277cbddac90e8782bd9b77a87c2253b5933730fda57f2_amd64 | — |
Workaround
|
|
| Unresolved product id: DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:3d0cf855d29d897af3f55066f0882b844402d43c29ede0401336e00d8e09806e_ppc64le | — |
Workaround
|
|
| Unresolved product id: DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:70d9351eb4156abab69dd5001020cf9a90731d25a2677069c85788c6f41d2130_arm64 | — |
Workaround
|
A flaw was found in golang.org/x/net/idna. ToASCII and ToUnicode incorrectly accept Punycode-encoded labels that decode to an ASCII-only hostname (for example, xn--example-.com returns example.com instead of an error). Applications that validate the ASCII form then convert to Unicode may grant access to a restricted hostname the ASCII check would have rejected.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:273e029b1618235c7c4ea103d09da99dac8d2803c9be4b5754f1f251563fce27_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:2f577d0458bb4af7eb00dc937cac08023c2de0fca74e31fc2c2725cc4cc26a44_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:71f0ecbb31045e41063e781e2cf03737e8878c49b27366103ff15b7a95e8e946_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:b74935a50eddbd0bfa65b9cd7546c73fadc9267f867adcdaa0cbf8c32b6b4e40_ppc64le | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-operator-bundle@sha256:2a263321d0db82af2c030c7035349d3b42378fb3b03c3e58c0553ce68217581b_amd64 | — |
Workaround
|
|
| Unresolved product id: DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:2a99aac71cd2c5ac53e26817eb8e1df65e417ebbc0fce30b05905f022df9dda3_arm64 | — |
Workaround
|
|
| Unresolved product id: DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:509841df7c98e3d55c85e44dce9d1b235ab9ad80fa0ec82fdfc9a3562e4effbf_s390x | — |
Workaround
|
|
| Unresolved product id: DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:77e0a72e35af25a60b202082ada3e61d80d0be7e24ea3b0c374541c93d25da44_ppc64le | — |
Workaround
|
|
| Unresolved product id: DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:f1d6822065c055040bf9017047ea4afd874c33ccbfa3c4e5854655419f58dd8e_amd64 | — |
Workaround
|
|
| Unresolved product id: DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:00c7568ee3e388839b7777dab379ac6ecf3c5bc7bdeec2562417f88f862b80b5_s390x | — |
Workaround
|
|
| Unresolved product id: DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:0ba88226a4c28d5caab277cbddac90e8782bd9b77a87c2253b5933730fda57f2_amd64 | — |
Workaround
|
|
| Unresolved product id: DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:3d0cf855d29d897af3f55066f0882b844402d43c29ede0401336e00d8e09806e_ppc64le | — |
Workaround
|
|
| Unresolved product id: DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:70d9351eb4156abab69dd5001020cf9a90731d25a2677069c85788c6f41d2130_arm64 | — |
Workaround
|
A flaw was found in golang.org/x/crypto/ssh. A remote attacker could exploit this vulnerability when an SSH server authentication callback returned a PartialSuccessError with non-nil permissions. This flaw caused these permissions to be silently discarded, potentially bypassing certificate restrictions, such as a force-command, after a second authentication factor succeeded. This could lead to unauthorized command execution or access.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:00c7568ee3e388839b7777dab379ac6ecf3c5bc7bdeec2562417f88f862b80b5_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:0ba88226a4c28d5caab277cbddac90e8782bd9b77a87c2253b5933730fda57f2_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:3d0cf855d29d897af3f55066f0882b844402d43c29ede0401336e00d8e09806e_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:70d9351eb4156abab69dd5001020cf9a90731d25a2677069c85788c6f41d2130_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:273e029b1618235c7c4ea103d09da99dac8d2803c9be4b5754f1f251563fce27_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:2f577d0458bb4af7eb00dc937cac08023c2de0fca74e31fc2c2725cc4cc26a44_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:71f0ecbb31045e41063e781e2cf03737e8878c49b27366103ff15b7a95e8e946_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:b74935a50eddbd0bfa65b9cd7546c73fadc9267f867adcdaa0cbf8c32b6b4e40_ppc64le | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-operator-bundle@sha256:2a263321d0db82af2c030c7035349d3b42378fb3b03c3e58c0553ce68217581b_amd64 | — |
Workaround
|
|
| Unresolved product id: DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:2a99aac71cd2c5ac53e26817eb8e1df65e417ebbc0fce30b05905f022df9dda3_arm64 | — |
Workaround
|
|
| Unresolved product id: DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:509841df7c98e3d55c85e44dce9d1b235ab9ad80fa0ec82fdfc9a3562e4effbf_s390x | — |
Workaround
|
|
| Unresolved product id: DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:77e0a72e35af25a60b202082ada3e61d80d0be7e24ea3b0c374541c93d25da44_ppc64le | — |
Workaround
|
|
| Unresolved product id: DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:f1d6822065c055040bf9017047ea4afd874c33ccbfa3c4e5854655419f58dd8e_amd64 | — |
Workaround
|
A flaw was found in golang.org/x/crypto/ssh. The RSA and DSA public key parsers in the affected component did not enforce size limits on key parameters. This vulnerability allows an unauthenticated client to provide a crafted public key with an excessively large modulus or DSA parameter during public key authentication. Successful exploitation could lead to a denial of service (DoS) due to prolonged CPU consumption during signature verification.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:00c7568ee3e388839b7777dab379ac6ecf3c5bc7bdeec2562417f88f862b80b5_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:0ba88226a4c28d5caab277cbddac90e8782bd9b77a87c2253b5933730fda57f2_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:3d0cf855d29d897af3f55066f0882b844402d43c29ede0401336e00d8e09806e_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:70d9351eb4156abab69dd5001020cf9a90731d25a2677069c85788c6f41d2130_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:273e029b1618235c7c4ea103d09da99dac8d2803c9be4b5754f1f251563fce27_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:2f577d0458bb4af7eb00dc937cac08023c2de0fca74e31fc2c2725cc4cc26a44_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:71f0ecbb31045e41063e781e2cf03737e8878c49b27366103ff15b7a95e8e946_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:b74935a50eddbd0bfa65b9cd7546c73fadc9267f867adcdaa0cbf8c32b6b4e40_ppc64le | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-operator-bundle@sha256:2a263321d0db82af2c030c7035349d3b42378fb3b03c3e58c0553ce68217581b_amd64 | — |
Workaround
|
|
| Unresolved product id: DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:2a99aac71cd2c5ac53e26817eb8e1df65e417ebbc0fce30b05905f022df9dda3_arm64 | — |
Workaround
|
|
| Unresolved product id: DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:509841df7c98e3d55c85e44dce9d1b235ab9ad80fa0ec82fdfc9a3562e4effbf_s390x | — |
Workaround
|
|
| Unresolved product id: DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:77e0a72e35af25a60b202082ada3e61d80d0be7e24ea3b0c374541c93d25da44_ppc64le | — |
Workaround
|
|
| Unresolved product id: DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:f1d6822065c055040bf9017047ea4afd874c33ccbfa3c4e5854655419f58dd8e_amd64 | — |
Workaround
|
A flaw was found in golang.org/x/crypto/ssh. A remote malicious SSH peer can exploit this by sending unsolicited global request responses, which fills an internal buffer and blocks the connection's read loop. This prevents the associated resources from being released, leading to a resource leak per connection. The consequence is a Denial of Service (DoS) for the affected system.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:00c7568ee3e388839b7777dab379ac6ecf3c5bc7bdeec2562417f88f862b80b5_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:0ba88226a4c28d5caab277cbddac90e8782bd9b77a87c2253b5933730fda57f2_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:3d0cf855d29d897af3f55066f0882b844402d43c29ede0401336e00d8e09806e_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:70d9351eb4156abab69dd5001020cf9a90731d25a2677069c85788c6f41d2130_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:273e029b1618235c7c4ea103d09da99dac8d2803c9be4b5754f1f251563fce27_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:2f577d0458bb4af7eb00dc937cac08023c2de0fca74e31fc2c2725cc4cc26a44_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:71f0ecbb31045e41063e781e2cf03737e8878c49b27366103ff15b7a95e8e946_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:b74935a50eddbd0bfa65b9cd7546c73fadc9267f867adcdaa0cbf8c32b6b4e40_ppc64le | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-operator-bundle@sha256:2a263321d0db82af2c030c7035349d3b42378fb3b03c3e58c0553ce68217581b_amd64 | — |
Workaround
|
|
| Unresolved product id: DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:2a99aac71cd2c5ac53e26817eb8e1df65e417ebbc0fce30b05905f022df9dda3_arm64 | — |
Workaround
|
|
| Unresolved product id: DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:509841df7c98e3d55c85e44dce9d1b235ab9ad80fa0ec82fdfc9a3562e4effbf_s390x | — |
Workaround
|
|
| Unresolved product id: DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:77e0a72e35af25a60b202082ada3e61d80d0be7e24ea3b0c374541c93d25da44_ppc64le | — |
Workaround
|
|
| Unresolved product id: DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:f1d6822065c055040bf9017047ea4afd874c33ccbfa3c4e5854655419f58dd8e_amd64 | — |
Workaround
|
A flaw was found in golang.org/x/crypto/ssh/knownhosts. This vulnerability occurs because the system did not correctly check for the revocation status of a SignatureKey belonging to a Certificate Authority (CA). A remote attacker could potentially exploit this by presenting a revoked key, leading to the system accepting it as valid. This could allow an attacker to bypass security checks and potentially gain unauthorized access or spoof legitimate entities.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:273e029b1618235c7c4ea103d09da99dac8d2803c9be4b5754f1f251563fce27_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:2f577d0458bb4af7eb00dc937cac08023c2de0fca74e31fc2c2725cc4cc26a44_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:71f0ecbb31045e41063e781e2cf03737e8878c49b27366103ff15b7a95e8e946_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:b74935a50eddbd0bfa65b9cd7546c73fadc9267f867adcdaa0cbf8c32b6b4e40_ppc64le | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-operator-bundle@sha256:2a263321d0db82af2c030c7035349d3b42378fb3b03c3e58c0553ce68217581b_amd64 | — | ||
| Unresolved product id: DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:2a99aac71cd2c5ac53e26817eb8e1df65e417ebbc0fce30b05905f022df9dda3_arm64 | — | ||
| Unresolved product id: DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:509841df7c98e3d55c85e44dce9d1b235ab9ad80fa0ec82fdfc9a3562e4effbf_s390x | — | ||
| Unresolved product id: DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:77e0a72e35af25a60b202082ada3e61d80d0be7e24ea3b0c374541c93d25da44_ppc64le | — | ||
| Unresolved product id: DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:f1d6822065c055040bf9017047ea4afd874c33ccbfa3c4e5854655419f58dd8e_amd64 | — | ||
| Unresolved product id: DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:00c7568ee3e388839b7777dab379ac6ecf3c5bc7bdeec2562417f88f862b80b5_s390x | — | ||
| Unresolved product id: DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:0ba88226a4c28d5caab277cbddac90e8782bd9b77a87c2253b5933730fda57f2_amd64 | — | ||
| Unresolved product id: DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:3d0cf855d29d897af3f55066f0882b844402d43c29ede0401336e00d8e09806e_ppc64le | — | ||
| Unresolved product id: DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:70d9351eb4156abab69dd5001020cf9a90731d25a2677069c85788c6f41d2130_arm64 | — |
A flaw was found in golang.org/x/crypto/ssh. Source-address validation can be skipped when an SSH server configuration uses an authentication callback type other than public key, allowing authorization bypass in misconfigured servers. This is a follow-on to incomplete coverage from the CVE-2024-45337 fix.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:273e029b1618235c7c4ea103d09da99dac8d2803c9be4b5754f1f251563fce27_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:2f577d0458bb4af7eb00dc937cac08023c2de0fca74e31fc2c2725cc4cc26a44_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:71f0ecbb31045e41063e781e2cf03737e8878c49b27366103ff15b7a95e8e946_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:b74935a50eddbd0bfa65b9cd7546c73fadc9267f867adcdaa0cbf8c32b6b4e40_ppc64le | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-operator-bundle@sha256:2a263321d0db82af2c030c7035349d3b42378fb3b03c3e58c0553ce68217581b_amd64 | — |
Workaround
|
|
| Unresolved product id: DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:2a99aac71cd2c5ac53e26817eb8e1df65e417ebbc0fce30b05905f022df9dda3_arm64 | — |
Workaround
|
|
| Unresolved product id: DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:509841df7c98e3d55c85e44dce9d1b235ab9ad80fa0ec82fdfc9a3562e4effbf_s390x | — |
Workaround
|
|
| Unresolved product id: DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:77e0a72e35af25a60b202082ada3e61d80d0be7e24ea3b0c374541c93d25da44_ppc64le | — |
Workaround
|
|
| Unresolved product id: DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:f1d6822065c055040bf9017047ea4afd874c33ccbfa3c4e5854655419f58dd8e_amd64 | — |
Workaround
|
|
| Unresolved product id: DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:00c7568ee3e388839b7777dab379ac6ecf3c5bc7bdeec2562417f88f862b80b5_s390x | — |
Workaround
|
|
| Unresolved product id: DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:0ba88226a4c28d5caab277cbddac90e8782bd9b77a87c2253b5933730fda57f2_amd64 | — |
Workaround
|
|
| Unresolved product id: DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:3d0cf855d29d897af3f55066f0882b844402d43c29ede0401336e00d8e09806e_ppc64le | — |
Workaround
|
|
| Unresolved product id: DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:70d9351eb4156abab69dd5001020cf9a90731d25a2677069c85788c6f41d2130_arm64 | — |
Workaround
|
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "DevWorkspace Operator 0.42.0 has been released.",
"title": "Topic"
},
{
"category": "general",
"text": "The DevWorkspace Operator extends OpenShift to provide DevWorkspace support.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:36808",
"url": "https://access.redhat.com/errata/RHSA-2026:36808"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-32281",
"url": "https://access.redhat.com/security/cve/CVE-2026-32281"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-39821",
"url": "https://access.redhat.com/security/cve/CVE-2026-39821"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-39828",
"url": "https://access.redhat.com/security/cve/CVE-2026-39828"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-39829",
"url": "https://access.redhat.com/security/cve/CVE-2026-39829"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-39830",
"url": "https://access.redhat.com/security/cve/CVE-2026-39830"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-42508",
"url": "https://access.redhat.com/security/cve/CVE-2026-42508"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-46595",
"url": "https://access.redhat.com/security/cve/CVE-2026-46595"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "external",
"summary": "https://redhat.atlassian.net/browse/CRW-11515",
"url": "https://redhat.atlassian.net/browse/CRW-11515"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_36808.json"
}
],
"title": "Red Hat Security Advisory: DevWorkspace Operator 0.42.0 release.",
"tracking": {
"current_release_date": "2026-07-08T23:34:11+00:00",
"generator": {
"date": "2026-07-08T23:34:11+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.1"
}
},
"id": "RHSA-2026:36808",
"initial_release_date": "2026-07-08T16:06:37+00:00",
"revision_history": [
{
"date": "2026-07-08T16:06:37+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-07-08T16:06:46+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-07-08T23:34:11+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "DevWorkspace Operator 0.42",
"product": {
"name": "DevWorkspace Operator 0.42",
"product_id": "DevWorkspace Operator 0.42",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:devworkspace:0.42::el9"
}
}
}
],
"category": "product_family",
"name": "DevWorkspace Operator"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:273e029b1618235c7c4ea103d09da99dac8d2803c9be4b5754f1f251563fce27_amd64",
"product": {
"name": "registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:273e029b1618235c7c4ea103d09da99dac8d2803c9be4b5754f1f251563fce27_amd64",
"product_id": "registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:273e029b1618235c7c4ea103d09da99dac8d2803c9be4b5754f1f251563fce27_amd64",
"product_identification_helper": {
"purl": "pkg:oci/devworkspace-rhel9-operator@sha256%3A273e029b1618235c7c4ea103d09da99dac8d2803c9be4b5754f1f251563fce27?arch=amd64\u0026repository_url=registry.redhat.io/devworkspace/devworkspace-rhel9-operator\u0026tag=1782401674"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devworkspace/devworkspace-operator-bundle@sha256:2a263321d0db82af2c030c7035349d3b42378fb3b03c3e58c0553ce68217581b_amd64",
"product": {
"name": "registry.redhat.io/devworkspace/devworkspace-operator-bundle@sha256:2a263321d0db82af2c030c7035349d3b42378fb3b03c3e58c0553ce68217581b_amd64",
"product_id": "registry.redhat.io/devworkspace/devworkspace-operator-bundle@sha256:2a263321d0db82af2c030c7035349d3b42378fb3b03c3e58c0553ce68217581b_amd64",
"product_identification_helper": {
"purl": "pkg:oci/devworkspace-operator-bundle@sha256%3A2a263321d0db82af2c030c7035349d3b42378fb3b03c3e58c0553ce68217581b?arch=amd64\u0026repository_url=registry.redhat.io/devworkspace/devworkspace-operator-bundle\u0026tag=1782405692"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:f1d6822065c055040bf9017047ea4afd874c33ccbfa3c4e5854655419f58dd8e_amd64",
"product": {
"name": "registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:f1d6822065c055040bf9017047ea4afd874c33ccbfa3c4e5854655419f58dd8e_amd64",
"product_id": "registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:f1d6822065c055040bf9017047ea4afd874c33ccbfa3c4e5854655419f58dd8e_amd64",
"product_identification_helper": {
"purl": "pkg:oci/devworkspace-project-backup-rhel9@sha256%3Af1d6822065c055040bf9017047ea4afd874c33ccbfa3c4e5854655419f58dd8e?arch=amd64\u0026repository_url=registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9\u0026tag=1782401412"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:0ba88226a4c28d5caab277cbddac90e8782bd9b77a87c2253b5933730fda57f2_amd64",
"product": {
"name": "registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:0ba88226a4c28d5caab277cbddac90e8782bd9b77a87c2253b5933730fda57f2_amd64",
"product_id": "registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:0ba88226a4c28d5caab277cbddac90e8782bd9b77a87c2253b5933730fda57f2_amd64",
"product_identification_helper": {
"purl": "pkg:oci/devworkspace-project-clone-rhel9@sha256%3A0ba88226a4c28d5caab277cbddac90e8782bd9b77a87c2253b5933730fda57f2?arch=amd64\u0026repository_url=registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9\u0026tag=1782400868"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:2f577d0458bb4af7eb00dc937cac08023c2de0fca74e31fc2c2725cc4cc26a44_s390x",
"product": {
"name": "registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:2f577d0458bb4af7eb00dc937cac08023c2de0fca74e31fc2c2725cc4cc26a44_s390x",
"product_id": "registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:2f577d0458bb4af7eb00dc937cac08023c2de0fca74e31fc2c2725cc4cc26a44_s390x",
"product_identification_helper": {
"purl": "pkg:oci/devworkspace-rhel9-operator@sha256%3A2f577d0458bb4af7eb00dc937cac08023c2de0fca74e31fc2c2725cc4cc26a44?arch=s390x\u0026repository_url=registry.redhat.io/devworkspace/devworkspace-rhel9-operator\u0026tag=1782401674"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:509841df7c98e3d55c85e44dce9d1b235ab9ad80fa0ec82fdfc9a3562e4effbf_s390x",
"product": {
"name": "registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:509841df7c98e3d55c85e44dce9d1b235ab9ad80fa0ec82fdfc9a3562e4effbf_s390x",
"product_id": "registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:509841df7c98e3d55c85e44dce9d1b235ab9ad80fa0ec82fdfc9a3562e4effbf_s390x",
"product_identification_helper": {
"purl": "pkg:oci/devworkspace-project-backup-rhel9@sha256%3A509841df7c98e3d55c85e44dce9d1b235ab9ad80fa0ec82fdfc9a3562e4effbf?arch=s390x\u0026repository_url=registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9\u0026tag=1782401412"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:00c7568ee3e388839b7777dab379ac6ecf3c5bc7bdeec2562417f88f862b80b5_s390x",
"product": {
"name": "registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:00c7568ee3e388839b7777dab379ac6ecf3c5bc7bdeec2562417f88f862b80b5_s390x",
"product_id": "registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:00c7568ee3e388839b7777dab379ac6ecf3c5bc7bdeec2562417f88f862b80b5_s390x",
"product_identification_helper": {
"purl": "pkg:oci/devworkspace-project-clone-rhel9@sha256%3A00c7568ee3e388839b7777dab379ac6ecf3c5bc7bdeec2562417f88f862b80b5?arch=s390x\u0026repository_url=registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9\u0026tag=1782400868"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:b74935a50eddbd0bfa65b9cd7546c73fadc9267f867adcdaa0cbf8c32b6b4e40_ppc64le",
"product": {
"name": "registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:b74935a50eddbd0bfa65b9cd7546c73fadc9267f867adcdaa0cbf8c32b6b4e40_ppc64le",
"product_id": "registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:b74935a50eddbd0bfa65b9cd7546c73fadc9267f867adcdaa0cbf8c32b6b4e40_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/devworkspace-rhel9-operator@sha256%3Ab74935a50eddbd0bfa65b9cd7546c73fadc9267f867adcdaa0cbf8c32b6b4e40?arch=ppc64le\u0026repository_url=registry.redhat.io/devworkspace/devworkspace-rhel9-operator\u0026tag=1782401674"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:77e0a72e35af25a60b202082ada3e61d80d0be7e24ea3b0c374541c93d25da44_ppc64le",
"product": {
"name": "registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:77e0a72e35af25a60b202082ada3e61d80d0be7e24ea3b0c374541c93d25da44_ppc64le",
"product_id": "registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:77e0a72e35af25a60b202082ada3e61d80d0be7e24ea3b0c374541c93d25da44_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/devworkspace-project-backup-rhel9@sha256%3A77e0a72e35af25a60b202082ada3e61d80d0be7e24ea3b0c374541c93d25da44?arch=ppc64le\u0026repository_url=registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9\u0026tag=1782401412"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:3d0cf855d29d897af3f55066f0882b844402d43c29ede0401336e00d8e09806e_ppc64le",
"product": {
"name": "registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:3d0cf855d29d897af3f55066f0882b844402d43c29ede0401336e00d8e09806e_ppc64le",
"product_id": "registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:3d0cf855d29d897af3f55066f0882b844402d43c29ede0401336e00d8e09806e_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/devworkspace-project-clone-rhel9@sha256%3A3d0cf855d29d897af3f55066f0882b844402d43c29ede0401336e00d8e09806e?arch=ppc64le\u0026repository_url=registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9\u0026tag=1782400868"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:71f0ecbb31045e41063e781e2cf03737e8878c49b27366103ff15b7a95e8e946_arm64",
"product": {
"name": "registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:71f0ecbb31045e41063e781e2cf03737e8878c49b27366103ff15b7a95e8e946_arm64",
"product_id": "registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:71f0ecbb31045e41063e781e2cf03737e8878c49b27366103ff15b7a95e8e946_arm64",
"product_identification_helper": {
"purl": "pkg:oci/devworkspace-rhel9-operator@sha256%3A71f0ecbb31045e41063e781e2cf03737e8878c49b27366103ff15b7a95e8e946?arch=arm64\u0026repository_url=registry.redhat.io/devworkspace/devworkspace-rhel9-operator\u0026tag=1782401674"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:2a99aac71cd2c5ac53e26817eb8e1df65e417ebbc0fce30b05905f022df9dda3_arm64",
"product": {
"name": "registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:2a99aac71cd2c5ac53e26817eb8e1df65e417ebbc0fce30b05905f022df9dda3_arm64",
"product_id": "registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:2a99aac71cd2c5ac53e26817eb8e1df65e417ebbc0fce30b05905f022df9dda3_arm64",
"product_identification_helper": {
"purl": "pkg:oci/devworkspace-project-backup-rhel9@sha256%3A2a99aac71cd2c5ac53e26817eb8e1df65e417ebbc0fce30b05905f022df9dda3?arch=arm64\u0026repository_url=registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9\u0026tag=1782401412"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:70d9351eb4156abab69dd5001020cf9a90731d25a2677069c85788c6f41d2130_arm64",
"product": {
"name": "registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:70d9351eb4156abab69dd5001020cf9a90731d25a2677069c85788c6f41d2130_arm64",
"product_id": "registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:70d9351eb4156abab69dd5001020cf9a90731d25a2677069c85788c6f41d2130_arm64",
"product_identification_helper": {
"purl": "pkg:oci/devworkspace-project-clone-rhel9@sha256%3A70d9351eb4156abab69dd5001020cf9a90731d25a2677069c85788c6f41d2130?arch=arm64\u0026repository_url=registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9\u0026tag=1782400868"
}
}
}
],
"category": "architecture",
"name": "arm64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devworkspace/devworkspace-operator-bundle@sha256:2a263321d0db82af2c030c7035349d3b42378fb3b03c3e58c0553ce68217581b_amd64 as a component of DevWorkspace Operator 0.42",
"product_id": "DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-operator-bundle@sha256:2a263321d0db82af2c030c7035349d3b42378fb3b03c3e58c0553ce68217581b_amd64"
},
"product_reference": "registry.redhat.io/devworkspace/devworkspace-operator-bundle@sha256:2a263321d0db82af2c030c7035349d3b42378fb3b03c3e58c0553ce68217581b_amd64",
"relates_to_product_reference": "DevWorkspace Operator 0.42"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:2a99aac71cd2c5ac53e26817eb8e1df65e417ebbc0fce30b05905f022df9dda3_arm64 as a component of DevWorkspace Operator 0.42",
"product_id": "DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:2a99aac71cd2c5ac53e26817eb8e1df65e417ebbc0fce30b05905f022df9dda3_arm64"
},
"product_reference": "registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:2a99aac71cd2c5ac53e26817eb8e1df65e417ebbc0fce30b05905f022df9dda3_arm64",
"relates_to_product_reference": "DevWorkspace Operator 0.42"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:509841df7c98e3d55c85e44dce9d1b235ab9ad80fa0ec82fdfc9a3562e4effbf_s390x as a component of DevWorkspace Operator 0.42",
"product_id": "DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:509841df7c98e3d55c85e44dce9d1b235ab9ad80fa0ec82fdfc9a3562e4effbf_s390x"
},
"product_reference": "registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:509841df7c98e3d55c85e44dce9d1b235ab9ad80fa0ec82fdfc9a3562e4effbf_s390x",
"relates_to_product_reference": "DevWorkspace Operator 0.42"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:77e0a72e35af25a60b202082ada3e61d80d0be7e24ea3b0c374541c93d25da44_ppc64le as a component of DevWorkspace Operator 0.42",
"product_id": "DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:77e0a72e35af25a60b202082ada3e61d80d0be7e24ea3b0c374541c93d25da44_ppc64le"
},
"product_reference": "registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:77e0a72e35af25a60b202082ada3e61d80d0be7e24ea3b0c374541c93d25da44_ppc64le",
"relates_to_product_reference": "DevWorkspace Operator 0.42"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:f1d6822065c055040bf9017047ea4afd874c33ccbfa3c4e5854655419f58dd8e_amd64 as a component of DevWorkspace Operator 0.42",
"product_id": "DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:f1d6822065c055040bf9017047ea4afd874c33ccbfa3c4e5854655419f58dd8e_amd64"
},
"product_reference": "registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:f1d6822065c055040bf9017047ea4afd874c33ccbfa3c4e5854655419f58dd8e_amd64",
"relates_to_product_reference": "DevWorkspace Operator 0.42"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:00c7568ee3e388839b7777dab379ac6ecf3c5bc7bdeec2562417f88f862b80b5_s390x as a component of DevWorkspace Operator 0.42",
"product_id": "DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:00c7568ee3e388839b7777dab379ac6ecf3c5bc7bdeec2562417f88f862b80b5_s390x"
},
"product_reference": "registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:00c7568ee3e388839b7777dab379ac6ecf3c5bc7bdeec2562417f88f862b80b5_s390x",
"relates_to_product_reference": "DevWorkspace Operator 0.42"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:0ba88226a4c28d5caab277cbddac90e8782bd9b77a87c2253b5933730fda57f2_amd64 as a component of DevWorkspace Operator 0.42",
"product_id": "DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:0ba88226a4c28d5caab277cbddac90e8782bd9b77a87c2253b5933730fda57f2_amd64"
},
"product_reference": "registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:0ba88226a4c28d5caab277cbddac90e8782bd9b77a87c2253b5933730fda57f2_amd64",
"relates_to_product_reference": "DevWorkspace Operator 0.42"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:3d0cf855d29d897af3f55066f0882b844402d43c29ede0401336e00d8e09806e_ppc64le as a component of DevWorkspace Operator 0.42",
"product_id": "DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:3d0cf855d29d897af3f55066f0882b844402d43c29ede0401336e00d8e09806e_ppc64le"
},
"product_reference": "registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:3d0cf855d29d897af3f55066f0882b844402d43c29ede0401336e00d8e09806e_ppc64le",
"relates_to_product_reference": "DevWorkspace Operator 0.42"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:70d9351eb4156abab69dd5001020cf9a90731d25a2677069c85788c6f41d2130_arm64 as a component of DevWorkspace Operator 0.42",
"product_id": "DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:70d9351eb4156abab69dd5001020cf9a90731d25a2677069c85788c6f41d2130_arm64"
},
"product_reference": "registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:70d9351eb4156abab69dd5001020cf9a90731d25a2677069c85788c6f41d2130_arm64",
"relates_to_product_reference": "DevWorkspace Operator 0.42"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:273e029b1618235c7c4ea103d09da99dac8d2803c9be4b5754f1f251563fce27_amd64 as a component of DevWorkspace Operator 0.42",
"product_id": "DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:273e029b1618235c7c4ea103d09da99dac8d2803c9be4b5754f1f251563fce27_amd64"
},
"product_reference": "registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:273e029b1618235c7c4ea103d09da99dac8d2803c9be4b5754f1f251563fce27_amd64",
"relates_to_product_reference": "DevWorkspace Operator 0.42"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:2f577d0458bb4af7eb00dc937cac08023c2de0fca74e31fc2c2725cc4cc26a44_s390x as a component of DevWorkspace Operator 0.42",
"product_id": "DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:2f577d0458bb4af7eb00dc937cac08023c2de0fca74e31fc2c2725cc4cc26a44_s390x"
},
"product_reference": "registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:2f577d0458bb4af7eb00dc937cac08023c2de0fca74e31fc2c2725cc4cc26a44_s390x",
"relates_to_product_reference": "DevWorkspace Operator 0.42"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:71f0ecbb31045e41063e781e2cf03737e8878c49b27366103ff15b7a95e8e946_arm64 as a component of DevWorkspace Operator 0.42",
"product_id": "DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:71f0ecbb31045e41063e781e2cf03737e8878c49b27366103ff15b7a95e8e946_arm64"
},
"product_reference": "registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:71f0ecbb31045e41063e781e2cf03737e8878c49b27366103ff15b7a95e8e946_arm64",
"relates_to_product_reference": "DevWorkspace Operator 0.42"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:b74935a50eddbd0bfa65b9cd7546c73fadc9267f867adcdaa0cbf8c32b6b4e40_ppc64le as a component of DevWorkspace Operator 0.42",
"product_id": "DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:b74935a50eddbd0bfa65b9cd7546c73fadc9267f867adcdaa0cbf8c32b6b4e40_ppc64le"
},
"product_reference": "registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:b74935a50eddbd0bfa65b9cd7546c73fadc9267f867adcdaa0cbf8c32b6b4e40_ppc64le",
"relates_to_product_reference": "DevWorkspace Operator 0.42"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-32281",
"cwe": {
"id": "CWE-1050",
"name": "Excessive Platform Resource Consumption within a Loop"
},
"discovery_date": "2026-04-08T02:01:00.930989+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-operator-bundle@sha256:2a263321d0db82af2c030c7035349d3b42378fb3b03c3e58c0553ce68217581b_amd64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:2a99aac71cd2c5ac53e26817eb8e1df65e417ebbc0fce30b05905f022df9dda3_arm64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:509841df7c98e3d55c85e44dce9d1b235ab9ad80fa0ec82fdfc9a3562e4effbf_s390x",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:77e0a72e35af25a60b202082ada3e61d80d0be7e24ea3b0c374541c93d25da44_ppc64le",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:f1d6822065c055040bf9017047ea4afd874c33ccbfa3c4e5854655419f58dd8e_amd64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:00c7568ee3e388839b7777dab379ac6ecf3c5bc7bdeec2562417f88f862b80b5_s390x",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:0ba88226a4c28d5caab277cbddac90e8782bd9b77a87c2253b5933730fda57f2_amd64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:3d0cf855d29d897af3f55066f0882b844402d43c29ede0401336e00d8e09806e_ppc64le",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:70d9351eb4156abab69dd5001020cf9a90731d25a2677069c85788c6f41d2130_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2456333"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Go\u0027s `crypto/x509` package. A remote attacker could exploit this by presenting a specially crafted certificate chain containing a large number of policy mappings. This inefficient validation process consumes excessive resources, which can lead to a denial of service (DoS) for applications or systems performing certificate validation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw occurs during the validation of otherwise trusted certificate chains that contain a large number of policy mappings, leading to excessive resource consumption. Exploitation requires an attacker to present a specially crafted, yet trusted, certificate chain which would require the attacker has already compromised a trusted certificate root. Red Hat continuously monitors certificate authorities and curates the set which is trusted by default for Red Hat products.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:273e029b1618235c7c4ea103d09da99dac8d2803c9be4b5754f1f251563fce27_amd64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:2f577d0458bb4af7eb00dc937cac08023c2de0fca74e31fc2c2725cc4cc26a44_s390x",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:71f0ecbb31045e41063e781e2cf03737e8878c49b27366103ff15b7a95e8e946_arm64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:b74935a50eddbd0bfa65b9cd7546c73fadc9267f867adcdaa0cbf8c32b6b4e40_ppc64le"
],
"known_not_affected": [
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-operator-bundle@sha256:2a263321d0db82af2c030c7035349d3b42378fb3b03c3e58c0553ce68217581b_amd64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:2a99aac71cd2c5ac53e26817eb8e1df65e417ebbc0fce30b05905f022df9dda3_arm64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:509841df7c98e3d55c85e44dce9d1b235ab9ad80fa0ec82fdfc9a3562e4effbf_s390x",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:77e0a72e35af25a60b202082ada3e61d80d0be7e24ea3b0c374541c93d25da44_ppc64le",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:f1d6822065c055040bf9017047ea4afd874c33ccbfa3c4e5854655419f58dd8e_amd64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:00c7568ee3e388839b7777dab379ac6ecf3c5bc7bdeec2562417f88f862b80b5_s390x",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:0ba88226a4c28d5caab277cbddac90e8782bd9b77a87c2253b5933730fda57f2_amd64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:3d0cf855d29d897af3f55066f0882b844402d43c29ede0401336e00d8e09806e_ppc64le",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:70d9351eb4156abab69dd5001020cf9a90731d25a2677069c85788c6f41d2130_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-32281"
},
{
"category": "external",
"summary": "RHBZ#2456333",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456333"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-32281",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32281"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32281",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32281"
},
{
"category": "external",
"summary": "https://go.dev/cl/758061",
"url": "https://go.dev/cl/758061"
},
{
"category": "external",
"summary": "https://go.dev/issue/78281",
"url": "https://go.dev/issue/78281"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU",
"url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4946",
"url": "https://pkg.go.dev/vuln/GO-2026-4946"
}
],
"release_date": "2026-04-08T01:06:58.354000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-08T16:06:37+00:00",
"details": "To start using the DevWorkspace Operator, install the DevWorkspace Operator from OpenShift OperatorHub on OpenShift Container Platform 4.16 or higher.",
"product_ids": [
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:273e029b1618235c7c4ea103d09da99dac8d2803c9be4b5754f1f251563fce27_amd64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:2f577d0458bb4af7eb00dc937cac08023c2de0fca74e31fc2c2725cc4cc26a44_s390x",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:71f0ecbb31045e41063e781e2cf03737e8878c49b27366103ff15b7a95e8e946_arm64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:b74935a50eddbd0bfa65b9cd7546c73fadc9267f867adcdaa0cbf8c32b6b4e40_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:36808"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-operator-bundle@sha256:2a263321d0db82af2c030c7035349d3b42378fb3b03c3e58c0553ce68217581b_amd64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:2a99aac71cd2c5ac53e26817eb8e1df65e417ebbc0fce30b05905f022df9dda3_arm64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:509841df7c98e3d55c85e44dce9d1b235ab9ad80fa0ec82fdfc9a3562e4effbf_s390x",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:77e0a72e35af25a60b202082ada3e61d80d0be7e24ea3b0c374541c93d25da44_ppc64le",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:f1d6822065c055040bf9017047ea4afd874c33ccbfa3c4e5854655419f58dd8e_amd64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:00c7568ee3e388839b7777dab379ac6ecf3c5bc7bdeec2562417f88f862b80b5_s390x",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:0ba88226a4c28d5caab277cbddac90e8782bd9b77a87c2253b5933730fda57f2_amd64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:3d0cf855d29d897af3f55066f0882b844402d43c29ede0401336e00d8e09806e_ppc64le",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:70d9351eb4156abab69dd5001020cf9a90731d25a2677069c85788c6f41d2130_arm64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:273e029b1618235c7c4ea103d09da99dac8d2803c9be4b5754f1f251563fce27_amd64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:2f577d0458bb4af7eb00dc937cac08023c2de0fca74e31fc2c2725cc4cc26a44_s390x",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:71f0ecbb31045e41063e781e2cf03737e8878c49b27366103ff15b7a95e8e946_arm64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:b74935a50eddbd0bfa65b9cd7546c73fadc9267f867adcdaa0cbf8c32b6b4e40_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-operator-bundle@sha256:2a263321d0db82af2c030c7035349d3b42378fb3b03c3e58c0553ce68217581b_amd64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:2a99aac71cd2c5ac53e26817eb8e1df65e417ebbc0fce30b05905f022df9dda3_arm64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:509841df7c98e3d55c85e44dce9d1b235ab9ad80fa0ec82fdfc9a3562e4effbf_s390x",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:77e0a72e35af25a60b202082ada3e61d80d0be7e24ea3b0c374541c93d25da44_ppc64le",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:f1d6822065c055040bf9017047ea4afd874c33ccbfa3c4e5854655419f58dd8e_amd64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:00c7568ee3e388839b7777dab379ac6ecf3c5bc7bdeec2562417f88f862b80b5_s390x",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:0ba88226a4c28d5caab277cbddac90e8782bd9b77a87c2253b5933730fda57f2_amd64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:3d0cf855d29d897af3f55066f0882b844402d43c29ede0401336e00d8e09806e_ppc64le",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:70d9351eb4156abab69dd5001020cf9a90731d25a2677069c85788c6f41d2130_arm64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:273e029b1618235c7c4ea103d09da99dac8d2803c9be4b5754f1f251563fce27_amd64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:2f577d0458bb4af7eb00dc937cac08023c2de0fca74e31fc2c2725cc4cc26a44_s390x",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:71f0ecbb31045e41063e781e2cf03737e8878c49b27366103ff15b7a95e8e946_arm64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:b74935a50eddbd0bfa65b9cd7546c73fadc9267f867adcdaa0cbf8c32b6b4e40_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation"
},
{
"cve": "CVE-2026-39821",
"cwe": {
"id": "CWE-1289",
"name": "Improper Validation of Unsafe Equivalence in Input"
},
"discovery_date": "2026-05-22T16:00:52.844126+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-operator-bundle@sha256:2a263321d0db82af2c030c7035349d3b42378fb3b03c3e58c0553ce68217581b_amd64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:2a99aac71cd2c5ac53e26817eb8e1df65e417ebbc0fce30b05905f022df9dda3_arm64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:509841df7c98e3d55c85e44dce9d1b235ab9ad80fa0ec82fdfc9a3562e4effbf_s390x",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:77e0a72e35af25a60b202082ada3e61d80d0be7e24ea3b0c374541c93d25da44_ppc64le",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:f1d6822065c055040bf9017047ea4afd874c33ccbfa3c4e5854655419f58dd8e_amd64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:00c7568ee3e388839b7777dab379ac6ecf3c5bc7bdeec2562417f88f862b80b5_s390x",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:0ba88226a4c28d5caab277cbddac90e8782bd9b77a87c2253b5933730fda57f2_amd64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:3d0cf855d29d897af3f55066f0882b844402d43c29ede0401336e00d8e09806e_ppc64le",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:70d9351eb4156abab69dd5001020cf9a90731d25a2677069c85788c6f41d2130_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2480756"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang.org/x/net/idna. ToASCII and ToUnicode incorrectly accept Punycode-encoded labels that decode to an ASCII-only hostname (for example, xn--example-.com returns example.com instead of an error). Applications that validate the ASCII form then convert to Unicode may grant access to a restricted hostname the ASCII check would have rejected.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/net/idna: golang: golang.org/x/net/idna: Privilege escalation via incorrect Punycode label processing",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "golang.org/x/net/idna is vulnerable to privilege escalation through incorrect Punycode label handling in ToASCII and ToUnicode. An attacker who can supply a Punycode hostname that passes an ASCII-only authorization check may have it normalized to a restricted ASCII name the application intended to block. Red Hat exposure is broad across products shipping the Go toolchain or bundling golang.org/x/net, including RHEL and RHEL-AI golang RPMs, hummingbird Go runtimes, OpenShift and ODF container builds, and Ceph/OpenShift components compiled against affected x/net versions.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:273e029b1618235c7c4ea103d09da99dac8d2803c9be4b5754f1f251563fce27_amd64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:2f577d0458bb4af7eb00dc937cac08023c2de0fca74e31fc2c2725cc4cc26a44_s390x",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:71f0ecbb31045e41063e781e2cf03737e8878c49b27366103ff15b7a95e8e946_arm64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:b74935a50eddbd0bfa65b9cd7546c73fadc9267f867adcdaa0cbf8c32b6b4e40_ppc64le"
],
"known_not_affected": [
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-operator-bundle@sha256:2a263321d0db82af2c030c7035349d3b42378fb3b03c3e58c0553ce68217581b_amd64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:2a99aac71cd2c5ac53e26817eb8e1df65e417ebbc0fce30b05905f022df9dda3_arm64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:509841df7c98e3d55c85e44dce9d1b235ab9ad80fa0ec82fdfc9a3562e4effbf_s390x",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:77e0a72e35af25a60b202082ada3e61d80d0be7e24ea3b0c374541c93d25da44_ppc64le",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:f1d6822065c055040bf9017047ea4afd874c33ccbfa3c4e5854655419f58dd8e_amd64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:00c7568ee3e388839b7777dab379ac6ecf3c5bc7bdeec2562417f88f862b80b5_s390x",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:0ba88226a4c28d5caab277cbddac90e8782bd9b77a87c2253b5933730fda57f2_amd64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:3d0cf855d29d897af3f55066f0882b844402d43c29ede0401336e00d8e09806e_ppc64le",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:70d9351eb4156abab69dd5001020cf9a90731d25a2677069c85788c6f41d2130_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-39821"
},
{
"category": "external",
"summary": "RHBZ#2480756",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2480756"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-39821",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-39821"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-39821",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39821"
},
{
"category": "external",
"summary": "https://go.dev/cl/767220",
"url": "https://go.dev/cl/767220"
},
{
"category": "external",
"summary": "https://go.dev/issue/78760",
"url": "https://go.dev/issue/78760"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/iI-mYSI0lu8",
"url": "https://groups.google.com/g/golang-announce/c/iI-mYSI0lu8"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-5026",
"url": "https://pkg.go.dev/vuln/GO-2026-5026"
}
],
"release_date": "2026-05-22T15:01:21.462000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-08T16:06:37+00:00",
"details": "To start using the DevWorkspace Operator, install the DevWorkspace Operator from OpenShift OperatorHub on OpenShift Container Platform 4.16 or higher.",
"product_ids": [
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:273e029b1618235c7c4ea103d09da99dac8d2803c9be4b5754f1f251563fce27_amd64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:2f577d0458bb4af7eb00dc937cac08023c2de0fca74e31fc2c2725cc4cc26a44_s390x",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:71f0ecbb31045e41063e781e2cf03737e8878c49b27366103ff15b7a95e8e946_arm64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:b74935a50eddbd0bfa65b9cd7546c73fadc9267f867adcdaa0cbf8c32b6b4e40_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:36808"
},
{
"category": "workaround",
"details": "Upgrade to a fixed golang.org/x/net release that includes the idna correction, via updated golang or dependent package rebuilds.",
"product_ids": [
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-operator-bundle@sha256:2a263321d0db82af2c030c7035349d3b42378fb3b03c3e58c0553ce68217581b_amd64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:2a99aac71cd2c5ac53e26817eb8e1df65e417ebbc0fce30b05905f022df9dda3_arm64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:509841df7c98e3d55c85e44dce9d1b235ab9ad80fa0ec82fdfc9a3562e4effbf_s390x",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:77e0a72e35af25a60b202082ada3e61d80d0be7e24ea3b0c374541c93d25da44_ppc64le",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:f1d6822065c055040bf9017047ea4afd874c33ccbfa3c4e5854655419f58dd8e_amd64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:00c7568ee3e388839b7777dab379ac6ecf3c5bc7bdeec2562417f88f862b80b5_s390x",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:0ba88226a4c28d5caab277cbddac90e8782bd9b77a87c2253b5933730fda57f2_amd64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:3d0cf855d29d897af3f55066f0882b844402d43c29ede0401336e00d8e09806e_ppc64le",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:70d9351eb4156abab69dd5001020cf9a90731d25a2677069c85788c6f41d2130_arm64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:273e029b1618235c7c4ea103d09da99dac8d2803c9be4b5754f1f251563fce27_amd64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:2f577d0458bb4af7eb00dc937cac08023c2de0fca74e31fc2c2725cc4cc26a44_s390x",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:71f0ecbb31045e41063e781e2cf03737e8878c49b27366103ff15b7a95e8e946_arm64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:b74935a50eddbd0bfa65b9cd7546c73fadc9267f867adcdaa0cbf8c32b6b4e40_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-operator-bundle@sha256:2a263321d0db82af2c030c7035349d3b42378fb3b03c3e58c0553ce68217581b_amd64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:2a99aac71cd2c5ac53e26817eb8e1df65e417ebbc0fce30b05905f022df9dda3_arm64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:509841df7c98e3d55c85e44dce9d1b235ab9ad80fa0ec82fdfc9a3562e4effbf_s390x",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:77e0a72e35af25a60b202082ada3e61d80d0be7e24ea3b0c374541c93d25da44_ppc64le",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:f1d6822065c055040bf9017047ea4afd874c33ccbfa3c4e5854655419f58dd8e_amd64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:00c7568ee3e388839b7777dab379ac6ecf3c5bc7bdeec2562417f88f862b80b5_s390x",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:0ba88226a4c28d5caab277cbddac90e8782bd9b77a87c2253b5933730fda57f2_amd64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:3d0cf855d29d897af3f55066f0882b844402d43c29ede0401336e00d8e09806e_ppc64le",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:70d9351eb4156abab69dd5001020cf9a90731d25a2677069c85788c6f41d2130_arm64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:273e029b1618235c7c4ea103d09da99dac8d2803c9be4b5754f1f251563fce27_amd64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:2f577d0458bb4af7eb00dc937cac08023c2de0fca74e31fc2c2725cc4cc26a44_s390x",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:71f0ecbb31045e41063e781e2cf03737e8878c49b27366103ff15b7a95e8e946_arm64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:b74935a50eddbd0bfa65b9cd7546c73fadc9267f867adcdaa0cbf8c32b6b4e40_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang.org/x/net/idna: golang: golang.org/x/net/idna: Privilege escalation via incorrect Punycode label processing"
},
{
"cve": "CVE-2026-39828",
"cwe": {
"id": "CWE-281",
"name": "Improper Preservation of Permissions"
},
"discovery_date": "2026-05-22T04:01:46.775641+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-operator-bundle@sha256:2a263321d0db82af2c030c7035349d3b42378fb3b03c3e58c0553ce68217581b_amd64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:2a99aac71cd2c5ac53e26817eb8e1df65e417ebbc0fce30b05905f022df9dda3_arm64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:509841df7c98e3d55c85e44dce9d1b235ab9ad80fa0ec82fdfc9a3562e4effbf_s390x",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:77e0a72e35af25a60b202082ada3e61d80d0be7e24ea3b0c374541c93d25da44_ppc64le",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:f1d6822065c055040bf9017047ea4afd874c33ccbfa3c4e5854655419f58dd8e_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2480687"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang.org/x/crypto/ssh. A remote attacker could exploit this vulnerability when an SSH server authentication callback returned a PartialSuccessError with non-nil permissions. This flaw caused these permissions to be silently discarded, potentially bypassing certificate restrictions, such as a force-command, after a second authentication factor succeeded. This could lead to unauthorized command execution or access.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Unauthorized command execution via discarded SSH permissions",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an Important security flaw in the `golang.org/x/crypto/ssh` library. When an SSH server utilizing this library is configured with specific authentication callbacks that return a `PartialSuccessError` with non-nil permissions, an attacker could bypass intended certificate restrictions, such as `force-command`. This bypass could lead to unauthorized command execution or access on affected Red Hat systems configured with multi-factor authentication and certificate-based access controls.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:00c7568ee3e388839b7777dab379ac6ecf3c5bc7bdeec2562417f88f862b80b5_s390x",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:0ba88226a4c28d5caab277cbddac90e8782bd9b77a87c2253b5933730fda57f2_amd64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:3d0cf855d29d897af3f55066f0882b844402d43c29ede0401336e00d8e09806e_ppc64le",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:70d9351eb4156abab69dd5001020cf9a90731d25a2677069c85788c6f41d2130_arm64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:273e029b1618235c7c4ea103d09da99dac8d2803c9be4b5754f1f251563fce27_amd64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:2f577d0458bb4af7eb00dc937cac08023c2de0fca74e31fc2c2725cc4cc26a44_s390x",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:71f0ecbb31045e41063e781e2cf03737e8878c49b27366103ff15b7a95e8e946_arm64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:b74935a50eddbd0bfa65b9cd7546c73fadc9267f867adcdaa0cbf8c32b6b4e40_ppc64le"
],
"known_not_affected": [
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-operator-bundle@sha256:2a263321d0db82af2c030c7035349d3b42378fb3b03c3e58c0553ce68217581b_amd64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:2a99aac71cd2c5ac53e26817eb8e1df65e417ebbc0fce30b05905f022df9dda3_arm64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:509841df7c98e3d55c85e44dce9d1b235ab9ad80fa0ec82fdfc9a3562e4effbf_s390x",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:77e0a72e35af25a60b202082ada3e61d80d0be7e24ea3b0c374541c93d25da44_ppc64le",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:f1d6822065c055040bf9017047ea4afd874c33ccbfa3c4e5854655419f58dd8e_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-39828"
},
{
"category": "external",
"summary": "RHBZ#2480687",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2480687"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-39828",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-39828"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-39828",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39828"
},
{
"category": "external",
"summary": "https://go.dev/cl/781621",
"url": "https://go.dev/cl/781621"
},
{
"category": "external",
"summary": "https://go.dev/issue/79562",
"url": "https://go.dev/issue/79562"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/a082jnz-LvI",
"url": "https://groups.google.com/g/golang-announce/c/a082jnz-LvI"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-5014",
"url": "https://pkg.go.dev/vuln/GO-2026-5014"
}
],
"release_date": "2026-05-22T02:31:26.883000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-08T16:06:37+00:00",
"details": "To start using the DevWorkspace Operator, install the DevWorkspace Operator from OpenShift OperatorHub on OpenShift Container Platform 4.16 or higher.",
"product_ids": [
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:00c7568ee3e388839b7777dab379ac6ecf3c5bc7bdeec2562417f88f862b80b5_s390x",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:0ba88226a4c28d5caab277cbddac90e8782bd9b77a87c2253b5933730fda57f2_amd64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:3d0cf855d29d897af3f55066f0882b844402d43c29ede0401336e00d8e09806e_ppc64le",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:70d9351eb4156abab69dd5001020cf9a90731d25a2677069c85788c6f41d2130_arm64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:273e029b1618235c7c4ea103d09da99dac8d2803c9be4b5754f1f251563fce27_amd64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:2f577d0458bb4af7eb00dc937cac08023c2de0fca74e31fc2c2725cc4cc26a44_s390x",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:71f0ecbb31045e41063e781e2cf03737e8878c49b27366103ff15b7a95e8e946_arm64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:b74935a50eddbd0bfa65b9cd7546c73fadc9267f867adcdaa0cbf8c32b6b4e40_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:36808"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-operator-bundle@sha256:2a263321d0db82af2c030c7035349d3b42378fb3b03c3e58c0553ce68217581b_amd64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:2a99aac71cd2c5ac53e26817eb8e1df65e417ebbc0fce30b05905f022df9dda3_arm64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:509841df7c98e3d55c85e44dce9d1b235ab9ad80fa0ec82fdfc9a3562e4effbf_s390x",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:77e0a72e35af25a60b202082ada3e61d80d0be7e24ea3b0c374541c93d25da44_ppc64le",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:f1d6822065c055040bf9017047ea4afd874c33ccbfa3c4e5854655419f58dd8e_amd64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:00c7568ee3e388839b7777dab379ac6ecf3c5bc7bdeec2562417f88f862b80b5_s390x",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:0ba88226a4c28d5caab277cbddac90e8782bd9b77a87c2253b5933730fda57f2_amd64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:3d0cf855d29d897af3f55066f0882b844402d43c29ede0401336e00d8e09806e_ppc64le",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:70d9351eb4156abab69dd5001020cf9a90731d25a2677069c85788c6f41d2130_arm64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:273e029b1618235c7c4ea103d09da99dac8d2803c9be4b5754f1f251563fce27_amd64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:2f577d0458bb4af7eb00dc937cac08023c2de0fca74e31fc2c2725cc4cc26a44_s390x",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:71f0ecbb31045e41063e781e2cf03737e8878c49b27366103ff15b7a95e8e946_arm64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:b74935a50eddbd0bfa65b9cd7546c73fadc9267f867adcdaa0cbf8c32b6b4e40_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-operator-bundle@sha256:2a263321d0db82af2c030c7035349d3b42378fb3b03c3e58c0553ce68217581b_amd64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:2a99aac71cd2c5ac53e26817eb8e1df65e417ebbc0fce30b05905f022df9dda3_arm64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:509841df7c98e3d55c85e44dce9d1b235ab9ad80fa0ec82fdfc9a3562e4effbf_s390x",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:77e0a72e35af25a60b202082ada3e61d80d0be7e24ea3b0c374541c93d25da44_ppc64le",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:f1d6822065c055040bf9017047ea4afd874c33ccbfa3c4e5854655419f58dd8e_amd64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:00c7568ee3e388839b7777dab379ac6ecf3c5bc7bdeec2562417f88f862b80b5_s390x",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:0ba88226a4c28d5caab277cbddac90e8782bd9b77a87c2253b5933730fda57f2_amd64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:3d0cf855d29d897af3f55066f0882b844402d43c29ede0401336e00d8e09806e_ppc64le",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:70d9351eb4156abab69dd5001020cf9a90731d25a2677069c85788c6f41d2130_arm64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:273e029b1618235c7c4ea103d09da99dac8d2803c9be4b5754f1f251563fce27_amd64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:2f577d0458bb4af7eb00dc937cac08023c2de0fca74e31fc2c2725cc4cc26a44_s390x",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:71f0ecbb31045e41063e781e2cf03737e8878c49b27366103ff15b7a95e8e946_arm64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:b74935a50eddbd0bfa65b9cd7546c73fadc9267f867adcdaa0cbf8c32b6b4e40_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Unauthorized command execution via discarded SSH permissions"
},
{
"cve": "CVE-2026-39829",
"cwe": {
"id": "CWE-1284",
"name": "Improper Validation of Specified Quantity in Input"
},
"discovery_date": "2026-05-22T04:01:30.092249+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-operator-bundle@sha256:2a263321d0db82af2c030c7035349d3b42378fb3b03c3e58c0553ce68217581b_amd64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:2a99aac71cd2c5ac53e26817eb8e1df65e417ebbc0fce30b05905f022df9dda3_arm64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:509841df7c98e3d55c85e44dce9d1b235ab9ad80fa0ec82fdfc9a3562e4effbf_s390x",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:77e0a72e35af25a60b202082ada3e61d80d0be7e24ea3b0c374541c93d25da44_ppc64le",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:f1d6822065c055040bf9017047ea4afd874c33ccbfa3c4e5854655419f58dd8e_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2480681"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang.org/x/crypto/ssh. The RSA and DSA public key parsers in the affected component did not enforce size limits on key parameters. This vulnerability allows an unauthenticated client to provide a crafted public key with an excessively large modulus or DSA parameter during public key authentication. Successful exploitation could lead to a denial of service (DoS) due to prolonged CPU consumption during signature verification.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Service via crafted public key with excessive parameters",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability in golang.org/x/crypto/ssh is rated as Important. An unauthenticated remote attacker could trigger a denial of service by providing a specially crafted public key with excessively large parameters during SSH public key authentication. This could lead to prolonged CPU consumption on the server, impacting service availability.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:00c7568ee3e388839b7777dab379ac6ecf3c5bc7bdeec2562417f88f862b80b5_s390x",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:0ba88226a4c28d5caab277cbddac90e8782bd9b77a87c2253b5933730fda57f2_amd64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:3d0cf855d29d897af3f55066f0882b844402d43c29ede0401336e00d8e09806e_ppc64le",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:70d9351eb4156abab69dd5001020cf9a90731d25a2677069c85788c6f41d2130_arm64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:273e029b1618235c7c4ea103d09da99dac8d2803c9be4b5754f1f251563fce27_amd64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:2f577d0458bb4af7eb00dc937cac08023c2de0fca74e31fc2c2725cc4cc26a44_s390x",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:71f0ecbb31045e41063e781e2cf03737e8878c49b27366103ff15b7a95e8e946_arm64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:b74935a50eddbd0bfa65b9cd7546c73fadc9267f867adcdaa0cbf8c32b6b4e40_ppc64le"
],
"known_not_affected": [
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-operator-bundle@sha256:2a263321d0db82af2c030c7035349d3b42378fb3b03c3e58c0553ce68217581b_amd64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:2a99aac71cd2c5ac53e26817eb8e1df65e417ebbc0fce30b05905f022df9dda3_arm64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:509841df7c98e3d55c85e44dce9d1b235ab9ad80fa0ec82fdfc9a3562e4effbf_s390x",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:77e0a72e35af25a60b202082ada3e61d80d0be7e24ea3b0c374541c93d25da44_ppc64le",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:f1d6822065c055040bf9017047ea4afd874c33ccbfa3c4e5854655419f58dd8e_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-39829"
},
{
"category": "external",
"summary": "RHBZ#2480681",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2480681"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-39829",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-39829"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-39829",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39829"
},
{
"category": "external",
"summary": "https://go.dev/cl/781641",
"url": "https://go.dev/cl/781641"
},
{
"category": "external",
"summary": "https://go.dev/cl/781661",
"url": "https://go.dev/cl/781661"
},
{
"category": "external",
"summary": "https://go.dev/issue/79565",
"url": "https://go.dev/issue/79565"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/a082jnz-LvI",
"url": "https://groups.google.com/g/golang-announce/c/a082jnz-LvI"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-5018",
"url": "https://pkg.go.dev/vuln/GO-2026-5018"
}
],
"release_date": "2026-05-22T02:31:27.324000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-08T16:06:37+00:00",
"details": "To start using the DevWorkspace Operator, install the DevWorkspace Operator from OpenShift OperatorHub on OpenShift Container Platform 4.16 or higher.",
"product_ids": [
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:00c7568ee3e388839b7777dab379ac6ecf3c5bc7bdeec2562417f88f862b80b5_s390x",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:0ba88226a4c28d5caab277cbddac90e8782bd9b77a87c2253b5933730fda57f2_amd64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:3d0cf855d29d897af3f55066f0882b844402d43c29ede0401336e00d8e09806e_ppc64le",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:70d9351eb4156abab69dd5001020cf9a90731d25a2677069c85788c6f41d2130_arm64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:273e029b1618235c7c4ea103d09da99dac8d2803c9be4b5754f1f251563fce27_amd64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:2f577d0458bb4af7eb00dc937cac08023c2de0fca74e31fc2c2725cc4cc26a44_s390x",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:71f0ecbb31045e41063e781e2cf03737e8878c49b27366103ff15b7a95e8e946_arm64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:b74935a50eddbd0bfa65b9cd7546c73fadc9267f867adcdaa0cbf8c32b6b4e40_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:36808"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-operator-bundle@sha256:2a263321d0db82af2c030c7035349d3b42378fb3b03c3e58c0553ce68217581b_amd64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:2a99aac71cd2c5ac53e26817eb8e1df65e417ebbc0fce30b05905f022df9dda3_arm64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:509841df7c98e3d55c85e44dce9d1b235ab9ad80fa0ec82fdfc9a3562e4effbf_s390x",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:77e0a72e35af25a60b202082ada3e61d80d0be7e24ea3b0c374541c93d25da44_ppc64le",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:f1d6822065c055040bf9017047ea4afd874c33ccbfa3c4e5854655419f58dd8e_amd64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:00c7568ee3e388839b7777dab379ac6ecf3c5bc7bdeec2562417f88f862b80b5_s390x",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:0ba88226a4c28d5caab277cbddac90e8782bd9b77a87c2253b5933730fda57f2_amd64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:3d0cf855d29d897af3f55066f0882b844402d43c29ede0401336e00d8e09806e_ppc64le",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:70d9351eb4156abab69dd5001020cf9a90731d25a2677069c85788c6f41d2130_arm64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:273e029b1618235c7c4ea103d09da99dac8d2803c9be4b5754f1f251563fce27_amd64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:2f577d0458bb4af7eb00dc937cac08023c2de0fca74e31fc2c2725cc4cc26a44_s390x",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:71f0ecbb31045e41063e781e2cf03737e8878c49b27366103ff15b7a95e8e946_arm64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:b74935a50eddbd0bfa65b9cd7546c73fadc9267f867adcdaa0cbf8c32b6b4e40_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-operator-bundle@sha256:2a263321d0db82af2c030c7035349d3b42378fb3b03c3e58c0553ce68217581b_amd64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:2a99aac71cd2c5ac53e26817eb8e1df65e417ebbc0fce30b05905f022df9dda3_arm64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:509841df7c98e3d55c85e44dce9d1b235ab9ad80fa0ec82fdfc9a3562e4effbf_s390x",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:77e0a72e35af25a60b202082ada3e61d80d0be7e24ea3b0c374541c93d25da44_ppc64le",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:f1d6822065c055040bf9017047ea4afd874c33ccbfa3c4e5854655419f58dd8e_amd64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:00c7568ee3e388839b7777dab379ac6ecf3c5bc7bdeec2562417f88f862b80b5_s390x",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:0ba88226a4c28d5caab277cbddac90e8782bd9b77a87c2253b5933730fda57f2_amd64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:3d0cf855d29d897af3f55066f0882b844402d43c29ede0401336e00d8e09806e_ppc64le",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:70d9351eb4156abab69dd5001020cf9a90731d25a2677069c85788c6f41d2130_arm64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:273e029b1618235c7c4ea103d09da99dac8d2803c9be4b5754f1f251563fce27_amd64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:2f577d0458bb4af7eb00dc937cac08023c2de0fca74e31fc2c2725cc4cc26a44_s390x",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:71f0ecbb31045e41063e781e2cf03737e8878c49b27366103ff15b7a95e8e946_arm64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:b74935a50eddbd0bfa65b9cd7546c73fadc9267f867adcdaa0cbf8c32b6b4e40_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Service via crafted public key with excessive parameters"
},
{
"cve": "CVE-2026-39830",
"cwe": {
"id": "CWE-772",
"name": "Missing Release of Resource after Effective Lifetime"
},
"discovery_date": "2026-05-22T04:01:38.517202+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-operator-bundle@sha256:2a263321d0db82af2c030c7035349d3b42378fb3b03c3e58c0553ce68217581b_amd64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:2a99aac71cd2c5ac53e26817eb8e1df65e417ebbc0fce30b05905f022df9dda3_arm64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:509841df7c98e3d55c85e44dce9d1b235ab9ad80fa0ec82fdfc9a3562e4effbf_s390x",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:77e0a72e35af25a60b202082ada3e61d80d0be7e24ea3b0c374541c93d25da44_ppc64le",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:f1d6822065c055040bf9017047ea4afd874c33ccbfa3c4e5854655419f58dd8e_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2480684"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang.org/x/crypto/ssh. A remote malicious SSH peer can exploit this by sending unsolicited global request responses, which fills an internal buffer and blocks the connection\u0027s read loop. This prevents the associated resources from being released, leading to a resource leak per connection. The consequence is a Denial of Service (DoS) for the affected system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Service via resource leak from unsolicited SSH responses",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an Important denial of service flaw in `golang.org/x/crypto/ssh`. A remote, unauthenticated attacker can exploit this vulnerability by sending unsolicited global request responses to an affected SSH server, leading to resource exhaustion and a denial of service. The impact is considered Important due to the potential for unauthenticated remote disruption of services utilizing the vulnerable SSH library.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:00c7568ee3e388839b7777dab379ac6ecf3c5bc7bdeec2562417f88f862b80b5_s390x",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:0ba88226a4c28d5caab277cbddac90e8782bd9b77a87c2253b5933730fda57f2_amd64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:3d0cf855d29d897af3f55066f0882b844402d43c29ede0401336e00d8e09806e_ppc64le",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:70d9351eb4156abab69dd5001020cf9a90731d25a2677069c85788c6f41d2130_arm64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:273e029b1618235c7c4ea103d09da99dac8d2803c9be4b5754f1f251563fce27_amd64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:2f577d0458bb4af7eb00dc937cac08023c2de0fca74e31fc2c2725cc4cc26a44_s390x",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:71f0ecbb31045e41063e781e2cf03737e8878c49b27366103ff15b7a95e8e946_arm64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:b74935a50eddbd0bfa65b9cd7546c73fadc9267f867adcdaa0cbf8c32b6b4e40_ppc64le"
],
"known_not_affected": [
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-operator-bundle@sha256:2a263321d0db82af2c030c7035349d3b42378fb3b03c3e58c0553ce68217581b_amd64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:2a99aac71cd2c5ac53e26817eb8e1df65e417ebbc0fce30b05905f022df9dda3_arm64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:509841df7c98e3d55c85e44dce9d1b235ab9ad80fa0ec82fdfc9a3562e4effbf_s390x",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:77e0a72e35af25a60b202082ada3e61d80d0be7e24ea3b0c374541c93d25da44_ppc64le",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:f1d6822065c055040bf9017047ea4afd874c33ccbfa3c4e5854655419f58dd8e_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-39830"
},
{
"category": "external",
"summary": "RHBZ#2480684",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2480684"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-39830",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-39830"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-39830",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39830"
},
{
"category": "external",
"summary": "https://go.dev/cl/781640",
"url": "https://go.dev/cl/781640"
},
{
"category": "external",
"summary": "https://go.dev/cl/781664",
"url": "https://go.dev/cl/781664"
},
{
"category": "external",
"summary": "https://go.dev/issue/79564",
"url": "https://go.dev/issue/79564"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/a082jnz-LvI",
"url": "https://groups.google.com/g/golang-announce/c/a082jnz-LvI"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-5017",
"url": "https://pkg.go.dev/vuln/GO-2026-5017"
}
],
"release_date": "2026-05-22T02:31:27.208000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-08T16:06:37+00:00",
"details": "To start using the DevWorkspace Operator, install the DevWorkspace Operator from OpenShift OperatorHub on OpenShift Container Platform 4.16 or higher.",
"product_ids": [
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:00c7568ee3e388839b7777dab379ac6ecf3c5bc7bdeec2562417f88f862b80b5_s390x",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:0ba88226a4c28d5caab277cbddac90e8782bd9b77a87c2253b5933730fda57f2_amd64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:3d0cf855d29d897af3f55066f0882b844402d43c29ede0401336e00d8e09806e_ppc64le",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:70d9351eb4156abab69dd5001020cf9a90731d25a2677069c85788c6f41d2130_arm64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:273e029b1618235c7c4ea103d09da99dac8d2803c9be4b5754f1f251563fce27_amd64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:2f577d0458bb4af7eb00dc937cac08023c2de0fca74e31fc2c2725cc4cc26a44_s390x",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:71f0ecbb31045e41063e781e2cf03737e8878c49b27366103ff15b7a95e8e946_arm64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:b74935a50eddbd0bfa65b9cd7546c73fadc9267f867adcdaa0cbf8c32b6b4e40_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:36808"
},
{
"category": "workaround",
"details": "To mitigate this denial of service vulnerability, restrict network access to any service that utilizes the `golang.org/x/crypto/ssh` library and is exposed to untrusted networks. Implement firewall rules to allow connections only from trusted hosts or networks. This action limits the ability of malicious peers to send unsolicited global request responses. A restart of the affected service may be necessary for the new network rules to be applied effectively.",
"product_ids": [
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-operator-bundle@sha256:2a263321d0db82af2c030c7035349d3b42378fb3b03c3e58c0553ce68217581b_amd64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:2a99aac71cd2c5ac53e26817eb8e1df65e417ebbc0fce30b05905f022df9dda3_arm64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:509841df7c98e3d55c85e44dce9d1b235ab9ad80fa0ec82fdfc9a3562e4effbf_s390x",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:77e0a72e35af25a60b202082ada3e61d80d0be7e24ea3b0c374541c93d25da44_ppc64le",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:f1d6822065c055040bf9017047ea4afd874c33ccbfa3c4e5854655419f58dd8e_amd64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:00c7568ee3e388839b7777dab379ac6ecf3c5bc7bdeec2562417f88f862b80b5_s390x",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:0ba88226a4c28d5caab277cbddac90e8782bd9b77a87c2253b5933730fda57f2_amd64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:3d0cf855d29d897af3f55066f0882b844402d43c29ede0401336e00d8e09806e_ppc64le",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:70d9351eb4156abab69dd5001020cf9a90731d25a2677069c85788c6f41d2130_arm64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:273e029b1618235c7c4ea103d09da99dac8d2803c9be4b5754f1f251563fce27_amd64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:2f577d0458bb4af7eb00dc937cac08023c2de0fca74e31fc2c2725cc4cc26a44_s390x",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:71f0ecbb31045e41063e781e2cf03737e8878c49b27366103ff15b7a95e8e946_arm64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:b74935a50eddbd0bfa65b9cd7546c73fadc9267f867adcdaa0cbf8c32b6b4e40_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-operator-bundle@sha256:2a263321d0db82af2c030c7035349d3b42378fb3b03c3e58c0553ce68217581b_amd64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:2a99aac71cd2c5ac53e26817eb8e1df65e417ebbc0fce30b05905f022df9dda3_arm64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:509841df7c98e3d55c85e44dce9d1b235ab9ad80fa0ec82fdfc9a3562e4effbf_s390x",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:77e0a72e35af25a60b202082ada3e61d80d0be7e24ea3b0c374541c93d25da44_ppc64le",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:f1d6822065c055040bf9017047ea4afd874c33ccbfa3c4e5854655419f58dd8e_amd64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:00c7568ee3e388839b7777dab379ac6ecf3c5bc7bdeec2562417f88f862b80b5_s390x",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:0ba88226a4c28d5caab277cbddac90e8782bd9b77a87c2253b5933730fda57f2_amd64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:3d0cf855d29d897af3f55066f0882b844402d43c29ede0401336e00d8e09806e_ppc64le",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:70d9351eb4156abab69dd5001020cf9a90731d25a2677069c85788c6f41d2130_arm64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:273e029b1618235c7c4ea103d09da99dac8d2803c9be4b5754f1f251563fce27_amd64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:2f577d0458bb4af7eb00dc937cac08023c2de0fca74e31fc2c2725cc4cc26a44_s390x",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:71f0ecbb31045e41063e781e2cf03737e8878c49b27366103ff15b7a95e8e946_arm64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:b74935a50eddbd0bfa65b9cd7546c73fadc9267f867adcdaa0cbf8c32b6b4e40_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Service via resource leak from unsolicited SSH responses"
},
{
"cve": "CVE-2026-42508",
"cwe": {
"id": "CWE-295",
"name": "Improper Certificate Validation"
},
"discovery_date": "2026-05-22T04:01:49.515058+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-operator-bundle@sha256:2a263321d0db82af2c030c7035349d3b42378fb3b03c3e58c0553ce68217581b_amd64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:2a99aac71cd2c5ac53e26817eb8e1df65e417ebbc0fce30b05905f022df9dda3_arm64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:509841df7c98e3d55c85e44dce9d1b235ab9ad80fa0ec82fdfc9a3562e4effbf_s390x",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:77e0a72e35af25a60b202082ada3e61d80d0be7e24ea3b0c374541c93d25da44_ppc64le",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:f1d6822065c055040bf9017047ea4afd874c33ccbfa3c4e5854655419f58dd8e_amd64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:00c7568ee3e388839b7777dab379ac6ecf3c5bc7bdeec2562417f88f862b80b5_s390x",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:0ba88226a4c28d5caab277cbddac90e8782bd9b77a87c2253b5933730fda57f2_amd64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:3d0cf855d29d897af3f55066f0882b844402d43c29ede0401336e00d8e09806e_ppc64le",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:70d9351eb4156abab69dd5001020cf9a90731d25a2677069c85788c6f41d2130_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2480688"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang.org/x/crypto/ssh/knownhosts. This vulnerability occurs because the system did not correctly check for the revocation status of a SignatureKey belonging to a Certificate Authority (CA). A remote attacker could potentially exploit this by presenting a revoked key, leading to the system accepting it as valid. This could allow an attacker to bypass security checks and potentially gain unauthorized access or spoof legitimate entities.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/crypto/ssh/knownhosts: golang: golang.org/x/crypto/ssh/knownhosts: Revocation bypass via unchecked SignatureKey",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Important: A flaw in `golang.org/x/crypto/ssh/knownhosts` allows a remote attacker to bypass security checks. This vulnerability arises because the system fails to properly verify the revocation status of a Certificate Authority (CA) `SignatureKey`. In Red Hat environments, this could enable an attacker to present a revoked key, leading to its acceptance as valid and potentially granting unauthorized access or facilitating the spoofing of legitimate entities.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:273e029b1618235c7c4ea103d09da99dac8d2803c9be4b5754f1f251563fce27_amd64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:2f577d0458bb4af7eb00dc937cac08023c2de0fca74e31fc2c2725cc4cc26a44_s390x",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:71f0ecbb31045e41063e781e2cf03737e8878c49b27366103ff15b7a95e8e946_arm64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:b74935a50eddbd0bfa65b9cd7546c73fadc9267f867adcdaa0cbf8c32b6b4e40_ppc64le"
],
"known_not_affected": [
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-operator-bundle@sha256:2a263321d0db82af2c030c7035349d3b42378fb3b03c3e58c0553ce68217581b_amd64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:2a99aac71cd2c5ac53e26817eb8e1df65e417ebbc0fce30b05905f022df9dda3_arm64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:509841df7c98e3d55c85e44dce9d1b235ab9ad80fa0ec82fdfc9a3562e4effbf_s390x",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:77e0a72e35af25a60b202082ada3e61d80d0be7e24ea3b0c374541c93d25da44_ppc64le",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:f1d6822065c055040bf9017047ea4afd874c33ccbfa3c4e5854655419f58dd8e_amd64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:00c7568ee3e388839b7777dab379ac6ecf3c5bc7bdeec2562417f88f862b80b5_s390x",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:0ba88226a4c28d5caab277cbddac90e8782bd9b77a87c2253b5933730fda57f2_amd64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:3d0cf855d29d897af3f55066f0882b844402d43c29ede0401336e00d8e09806e_ppc64le",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:70d9351eb4156abab69dd5001020cf9a90731d25a2677069c85788c6f41d2130_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42508"
},
{
"category": "external",
"summary": "RHBZ#2480688",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2480688"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42508",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42508"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42508",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42508"
},
{
"category": "external",
"summary": "https://go.dev/cl/781220",
"url": "https://go.dev/cl/781220"
},
{
"category": "external",
"summary": "https://go.dev/issue/79568",
"url": "https://go.dev/issue/79568"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/a082jnz-LvI",
"url": "https://groups.google.com/g/golang-announce/c/a082jnz-LvI"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-5021",
"url": "https://pkg.go.dev/vuln/GO-2026-5021"
}
],
"release_date": "2026-05-22T02:31:27.644000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-08T16:06:37+00:00",
"details": "To start using the DevWorkspace Operator, install the DevWorkspace Operator from OpenShift OperatorHub on OpenShift Container Platform 4.16 or higher.",
"product_ids": [
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:273e029b1618235c7c4ea103d09da99dac8d2803c9be4b5754f1f251563fce27_amd64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:2f577d0458bb4af7eb00dc937cac08023c2de0fca74e31fc2c2725cc4cc26a44_s390x",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:71f0ecbb31045e41063e781e2cf03737e8878c49b27366103ff15b7a95e8e946_arm64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:b74935a50eddbd0bfa65b9cd7546c73fadc9267f867adcdaa0cbf8c32b6b4e40_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:36808"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-operator-bundle@sha256:2a263321d0db82af2c030c7035349d3b42378fb3b03c3e58c0553ce68217581b_amd64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:2a99aac71cd2c5ac53e26817eb8e1df65e417ebbc0fce30b05905f022df9dda3_arm64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:509841df7c98e3d55c85e44dce9d1b235ab9ad80fa0ec82fdfc9a3562e4effbf_s390x",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:77e0a72e35af25a60b202082ada3e61d80d0be7e24ea3b0c374541c93d25da44_ppc64le",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:f1d6822065c055040bf9017047ea4afd874c33ccbfa3c4e5854655419f58dd8e_amd64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:00c7568ee3e388839b7777dab379ac6ecf3c5bc7bdeec2562417f88f862b80b5_s390x",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:0ba88226a4c28d5caab277cbddac90e8782bd9b77a87c2253b5933730fda57f2_amd64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:3d0cf855d29d897af3f55066f0882b844402d43c29ede0401336e00d8e09806e_ppc64le",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:70d9351eb4156abab69dd5001020cf9a90731d25a2677069c85788c6f41d2130_arm64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:273e029b1618235c7c4ea103d09da99dac8d2803c9be4b5754f1f251563fce27_amd64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:2f577d0458bb4af7eb00dc937cac08023c2de0fca74e31fc2c2725cc4cc26a44_s390x",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:71f0ecbb31045e41063e781e2cf03737e8878c49b27366103ff15b7a95e8e946_arm64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:b74935a50eddbd0bfa65b9cd7546c73fadc9267f867adcdaa0cbf8c32b6b4e40_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang.org/x/crypto/ssh/knownhosts: golang: golang.org/x/crypto/ssh/knownhosts: Revocation bypass via unchecked SignatureKey"
},
{
"cve": "CVE-2026-46595",
"cwe": {
"id": "CWE-303",
"name": "Incorrect Implementation of Authentication Algorithm"
},
"discovery_date": "2026-05-22T04:01:52.215134+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-operator-bundle@sha256:2a263321d0db82af2c030c7035349d3b42378fb3b03c3e58c0553ce68217581b_amd64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:2a99aac71cd2c5ac53e26817eb8e1df65e417ebbc0fce30b05905f022df9dda3_arm64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:509841df7c98e3d55c85e44dce9d1b235ab9ad80fa0ec82fdfc9a3562e4effbf_s390x",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:77e0a72e35af25a60b202082ada3e61d80d0be7e24ea3b0c374541c93d25da44_ppc64le",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:f1d6822065c055040bf9017047ea4afd874c33ccbfa3c4e5854655419f58dd8e_amd64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:00c7568ee3e388839b7777dab379ac6ecf3c5bc7bdeec2562417f88f862b80b5_s390x",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:0ba88226a4c28d5caab277cbddac90e8782bd9b77a87c2253b5933730fda57f2_amd64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:3d0cf855d29d897af3f55066f0882b844402d43c29ede0401336e00d8e09806e_ppc64le",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:70d9351eb4156abab69dd5001020cf9a90731d25a2677069c85788c6f41d2130_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2480689"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang.org/x/crypto/ssh. Source-address validation can be skipped when an SSH server configuration uses an authentication callback type other than public key, allowing authorization bypass in misconfigured servers. This is a follow-on to incomplete coverage from the CVE-2024-45337 fix.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Authorization bypass due to skipped source-address validation",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "golang.org/x/crypto/ssh is vulnerable to authorization bypass when SSH server configurations rely on source-address validation alongside non-public-key authentication callbacks. An attacker with low privileges who can authenticate through such a callback path may bypass intended source-address restrictions and gain unauthorized SSH access. Red Hat impact sits in services built with affected x/crypto/ssh, including RHEL golang streams, hummingbird Go toolchains, RHACM/MCE agents, and OpenShift or Ceph components that embed Go SSH servers with mixed callback types.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:273e029b1618235c7c4ea103d09da99dac8d2803c9be4b5754f1f251563fce27_amd64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:2f577d0458bb4af7eb00dc937cac08023c2de0fca74e31fc2c2725cc4cc26a44_s390x",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:71f0ecbb31045e41063e781e2cf03737e8878c49b27366103ff15b7a95e8e946_arm64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:b74935a50eddbd0bfa65b9cd7546c73fadc9267f867adcdaa0cbf8c32b6b4e40_ppc64le"
],
"known_not_affected": [
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-operator-bundle@sha256:2a263321d0db82af2c030c7035349d3b42378fb3b03c3e58c0553ce68217581b_amd64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:2a99aac71cd2c5ac53e26817eb8e1df65e417ebbc0fce30b05905f022df9dda3_arm64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:509841df7c98e3d55c85e44dce9d1b235ab9ad80fa0ec82fdfc9a3562e4effbf_s390x",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:77e0a72e35af25a60b202082ada3e61d80d0be7e24ea3b0c374541c93d25da44_ppc64le",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:f1d6822065c055040bf9017047ea4afd874c33ccbfa3c4e5854655419f58dd8e_amd64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:00c7568ee3e388839b7777dab379ac6ecf3c5bc7bdeec2562417f88f862b80b5_s390x",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:0ba88226a4c28d5caab277cbddac90e8782bd9b77a87c2253b5933730fda57f2_amd64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:3d0cf855d29d897af3f55066f0882b844402d43c29ede0401336e00d8e09806e_ppc64le",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:70d9351eb4156abab69dd5001020cf9a90731d25a2677069c85788c6f41d2130_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-46595"
},
{
"category": "external",
"summary": "RHBZ#2480689",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2480689"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-46595",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-46595"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-46595",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-46595"
},
{
"category": "external",
"summary": "https://go.dev/cl/781642",
"url": "https://go.dev/cl/781642"
},
{
"category": "external",
"summary": "https://go.dev/issue/79570",
"url": "https://go.dev/issue/79570"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/a082jnz-LvI",
"url": "https://groups.google.com/g/golang-announce/c/a082jnz-LvI"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-5023",
"url": "https://pkg.go.dev/vuln/GO-2026-5023"
}
],
"release_date": "2026-05-22T02:31:27.894000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-08T16:06:37+00:00",
"details": "To start using the DevWorkspace Operator, install the DevWorkspace Operator from OpenShift OperatorHub on OpenShift Container Platform 4.16 or higher.",
"product_ids": [
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:273e029b1618235c7c4ea103d09da99dac8d2803c9be4b5754f1f251563fce27_amd64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:2f577d0458bb4af7eb00dc937cac08023c2de0fca74e31fc2c2725cc4cc26a44_s390x",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:71f0ecbb31045e41063e781e2cf03737e8878c49b27366103ff15b7a95e8e946_arm64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:b74935a50eddbd0bfa65b9cd7546c73fadc9267f867adcdaa0cbf8c32b6b4e40_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:36808"
},
{
"category": "workaround",
"details": "Upgrade to a fixed golang.org/x/crypto/ssh release via updated golang or package rebuilds. Ensure SSH servers use supported public-key callback configurations with source-address validation as intended.",
"product_ids": [
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-operator-bundle@sha256:2a263321d0db82af2c030c7035349d3b42378fb3b03c3e58c0553ce68217581b_amd64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:2a99aac71cd2c5ac53e26817eb8e1df65e417ebbc0fce30b05905f022df9dda3_arm64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:509841df7c98e3d55c85e44dce9d1b235ab9ad80fa0ec82fdfc9a3562e4effbf_s390x",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:77e0a72e35af25a60b202082ada3e61d80d0be7e24ea3b0c374541c93d25da44_ppc64le",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:f1d6822065c055040bf9017047ea4afd874c33ccbfa3c4e5854655419f58dd8e_amd64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:00c7568ee3e388839b7777dab379ac6ecf3c5bc7bdeec2562417f88f862b80b5_s390x",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:0ba88226a4c28d5caab277cbddac90e8782bd9b77a87c2253b5933730fda57f2_amd64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:3d0cf855d29d897af3f55066f0882b844402d43c29ede0401336e00d8e09806e_ppc64le",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:70d9351eb4156abab69dd5001020cf9a90731d25a2677069c85788c6f41d2130_arm64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:273e029b1618235c7c4ea103d09da99dac8d2803c9be4b5754f1f251563fce27_amd64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:2f577d0458bb4af7eb00dc937cac08023c2de0fca74e31fc2c2725cc4cc26a44_s390x",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:71f0ecbb31045e41063e781e2cf03737e8878c49b27366103ff15b7a95e8e946_arm64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:b74935a50eddbd0bfa65b9cd7546c73fadc9267f867adcdaa0cbf8c32b6b4e40_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"products": [
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-operator-bundle@sha256:2a263321d0db82af2c030c7035349d3b42378fb3b03c3e58c0553ce68217581b_amd64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:2a99aac71cd2c5ac53e26817eb8e1df65e417ebbc0fce30b05905f022df9dda3_arm64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:509841df7c98e3d55c85e44dce9d1b235ab9ad80fa0ec82fdfc9a3562e4effbf_s390x",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:77e0a72e35af25a60b202082ada3e61d80d0be7e24ea3b0c374541c93d25da44_ppc64le",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:f1d6822065c055040bf9017047ea4afd874c33ccbfa3c4e5854655419f58dd8e_amd64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:00c7568ee3e388839b7777dab379ac6ecf3c5bc7bdeec2562417f88f862b80b5_s390x",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:0ba88226a4c28d5caab277cbddac90e8782bd9b77a87c2253b5933730fda57f2_amd64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:3d0cf855d29d897af3f55066f0882b844402d43c29ede0401336e00d8e09806e_ppc64le",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:70d9351eb4156abab69dd5001020cf9a90731d25a2677069c85788c6f41d2130_arm64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:273e029b1618235c7c4ea103d09da99dac8d2803c9be4b5754f1f251563fce27_amd64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:2f577d0458bb4af7eb00dc937cac08023c2de0fca74e31fc2c2725cc4cc26a44_s390x",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:71f0ecbb31045e41063e781e2cf03737e8878c49b27366103ff15b7a95e8e946_arm64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:b74935a50eddbd0bfa65b9cd7546c73fadc9267f867adcdaa0cbf8c32b6b4e40_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Authorization bypass due to skipped source-address validation"
}
]
}
SUSE-SU-2026:22065-1
Vulnerability from csaf_suse - Published: 2026-06-10 08:12 - Updated: 2026-06-10 08:12| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.x86_64 | — |
Vendor Fix
|
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for elemental-toolkit",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for elemental-toolkit fixes the following issue\n\n- CVE-2026-33186: google.golang.org/grpc: authorization bypass due to improper validation of the HTTP/2 :path pseudo-\n header (bsc#1260277).\n\nChanges for elemental-toolkit:\n\n- Update to version 2.1.6:\n * Bump golang.org/x/net to v0.55.0 (bsc#1267168)\n * Bump golang.org/x/crypto to v0.52.0 (bsc#1266187)\n * Update orange flavor\n * Install hugo from the OS repositories\n * Bump actions/upload-artifact to v7\n * Bump actions/cache to v5\n * Bump golangci/golangci-lint-action to v9\n * Bump github.com/spf13/cobra library\n * Bump github.com/jaypipes/ghw library\n * Bump github.com/bramvdbogaerde/go-scp library\n * Bump google.golang.org/grpc library (bsc#1260277 CVE-2026-33186)\n * Bump github.com/ulikunitz/xz library\n * Do not clean cache on PRs from forks\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLE-Micro-6.0-749",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_22065-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2026:22065-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-202622065-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2026:22065-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-June/026725.html"
},
{
"category": "self",
"summary": "SUSE Bug 1260277",
"url": "https://bugzilla.suse.com/1260277"
},
{
"category": "self",
"summary": "SUSE Bug 1266187",
"url": "https://bugzilla.suse.com/1266187"
},
{
"category": "self",
"summary": "SUSE Bug 1267168",
"url": "https://bugzilla.suse.com/1267168"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-25680 page",
"url": "https://www.suse.com/security/cve/CVE-2026-25680/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-25681 page",
"url": "https://www.suse.com/security/cve/CVE-2026-25681/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-27136 page",
"url": "https://www.suse.com/security/cve/CVE-2026-27136/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-33186 page",
"url": "https://www.suse.com/security/cve/CVE-2026-33186/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39827 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39827/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39828 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39828/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39829 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39829/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39830 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39830/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39831 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39831/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39832 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39832/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39833 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39833/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39834 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39834/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39835 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39835/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-42502 page",
"url": "https://www.suse.com/security/cve/CVE-2026-42502/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-42506 page",
"url": "https://www.suse.com/security/cve/CVE-2026-42506/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-42508 page",
"url": "https://www.suse.com/security/cve/CVE-2026-42508/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-46595 page",
"url": "https://www.suse.com/security/cve/CVE-2026-46595/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-46597 page",
"url": "https://www.suse.com/security/cve/CVE-2026-46597/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-46598 page",
"url": "https://www.suse.com/security/cve/CVE-2026-46598/"
}
],
"title": "Security update for elemental-toolkit",
"tracking": {
"current_release_date": "2026-06-10T08:12:23Z",
"generator": {
"date": "2026-06-10T08:12:23Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2026:22065-1",
"initial_release_date": "2026-06-10T08:12:23Z",
"revision_history": [
{
"date": "2026-06-10T08:12:23Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "elemental-toolkit-2.1.6-1.1.aarch64",
"product": {
"name": "elemental-toolkit-2.1.6-1.1.aarch64",
"product_id": "elemental-toolkit-2.1.6-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "elemental-toolkit-2.1.6-1.1.x86_64",
"product": {
"name": "elemental-toolkit-2.1.6-1.1.x86_64",
"product_id": "elemental-toolkit-2.1.6-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Micro 6.0",
"product": {
"name": "SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sl-micro:6.0"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "elemental-toolkit-2.1.6-1.1.aarch64 as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.aarch64"
},
"product_reference": "elemental-toolkit-2.1.6-1.1.aarch64",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "elemental-toolkit-2.1.6-1.1.x86_64 as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.x86_64"
},
"product_reference": "elemental-toolkit-2.1.6-1.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-25680",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-25680"
}
],
"notes": [
{
"category": "general",
"text": "Parsing arbitrary HTML can consume excessive CPU time, possibly leading to denial of service.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.aarch64",
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-25680",
"url": "https://www.suse.com/security/cve/CVE-2026-25680"
},
{
"category": "external",
"summary": "SUSE Bug 1267044 for CVE-2026-25680",
"url": "https://bugzilla.suse.com/1267044"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.aarch64",
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.aarch64",
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-10T08:12:23Z",
"details": "important"
}
],
"title": "CVE-2026-25680"
},
{
"cve": "CVE-2026-25681",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-25681"
}
],
"notes": [
{
"category": "general",
"text": "Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt to sanitize input HTML before rendering.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.aarch64",
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-25681",
"url": "https://www.suse.com/security/cve/CVE-2026-25681"
},
{
"category": "external",
"summary": "SUSE Bug 1267044 for CVE-2026-25681",
"url": "https://bugzilla.suse.com/1267044"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.aarch64",
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.aarch64",
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-10T08:12:23Z",
"details": "important"
}
],
"title": "CVE-2026-25681"
},
{
"cve": "CVE-2026-27136",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-27136"
}
],
"notes": [
{
"category": "general",
"text": "Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt to sanitize input HTML before rendering.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.aarch64",
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-27136",
"url": "https://www.suse.com/security/cve/CVE-2026-27136"
},
{
"category": "external",
"summary": "SUSE Bug 1267044 for CVE-2026-27136",
"url": "https://bugzilla.suse.com/1267044"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.aarch64",
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.aarch64",
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-10T08:12:23Z",
"details": "important"
}
],
"title": "CVE-2026-27136"
},
{
"cve": "CVE-2026-33186",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-33186"
}
],
"notes": [
{
"category": "general",
"text": "gRPC-Go is the Go language implementation of gRPC. Versions prior to 1.79.3 have an authorization bypass resulting from improper input validation of the HTTP/2 `:path` pseudo-header. The gRPC-Go server was too lenient in its routing logic, accepting requests where the `:path` omitted the mandatory leading slash (e.g., `Service/Method` instead of `/Service/Method`). While the server successfully routed these requests to the correct handler, authorization interceptors (including the official `grpc/authz` package) evaluated the raw, non-canonical path string. Consequently, \"deny\" rules defined using canonical paths (starting with `/`) failed to match the incoming request, allowing it to bypass the policy if a fallback \"allow\" rule was present. This affects gRPC-Go servers that use path-based authorization interceptors, such as the official RBAC implementation in `google.golang.org/grpc/authz` or custom interceptors relying on `info.FullMethod` or `grpc.Method(ctx)`; AND that have a security policy contains specific \"deny\" rules for canonical paths but allows other requests by default (a fallback \"allow\" rule). The vulnerability is exploitable by an attacker who can send raw HTTP/2 frames with malformed `:path` headers directly to the gRPC server. The fix in version 1.79.3 ensures that any request with a `:path` that does not start with a leading slash is immediately rejected with a `codes.Unimplemented` error, preventing it from reaching authorization interceptors or handlers with a non-canonical path string. While upgrading is the most secure and recommended path, users can mitigate the vulnerability using one of the following methods: Use a validating interceptor (recommended mitigation); infrastructure-level normalization; and/or policy hardening.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.aarch64",
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-33186",
"url": "https://www.suse.com/security/cve/CVE-2026-33186"
},
{
"category": "external",
"summary": "SUSE Bug 1260085 for CVE-2026-33186",
"url": "https://bugzilla.suse.com/1260085"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.aarch64",
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.aarch64",
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-10T08:12:23Z",
"details": "important"
}
],
"title": "CVE-2026-33186"
},
{
"cve": "CVE-2026-39827",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39827"
}
],
"notes": [
{
"category": "general",
"text": "An authenticated SSH client that repeatedly opened channels which were rejected by the server caused unbounded memory growth, eventually crashing the server process and affecting all connected users. Rejected channels are now properly removed from the connection\u0027s internal state and released for garbage collection.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.aarch64",
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39827",
"url": "https://www.suse.com/security/cve/CVE-2026-39827"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-39827",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.aarch64",
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.aarch64",
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-10T08:12:23Z",
"details": "important"
}
],
"title": "CVE-2026-39827"
},
{
"cve": "CVE-2026-39828",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39828"
}
],
"notes": [
{
"category": "general",
"text": "When an SSH server authentication callback returned PartialSuccessError with non-nil Permissions, those permissions were silently discarded, potentially dropping certificate restrictions such as force-command after a second factor succeeded. Returning non-nil Permissions with PartialSuccessError now results in a connection error.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.aarch64",
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39828",
"url": "https://www.suse.com/security/cve/CVE-2026-39828"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-39828",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.aarch64",
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.aarch64",
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-10T08:12:23Z",
"details": "important"
}
],
"title": "CVE-2026-39828"
},
{
"cve": "CVE-2026-39829",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39829"
}
],
"notes": [
{
"category": "general",
"text": "The RSA and DSA public key parsers did not enforce size limits on key parameters. A crafted public key with an excessively large modulus or DSA parameter could cause several minutes of CPU consumption during signature verification. This could be triggered by unauthenticated clients during public key authentication. RSA moduli are now limited to 8192 bits, and DSA parameters are validated per FIPS 186-2.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.aarch64",
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39829",
"url": "https://www.suse.com/security/cve/CVE-2026-39829"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-39829",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.aarch64",
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.aarch64",
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-10T08:12:23Z",
"details": "important"
}
],
"title": "CVE-2026-39829"
},
{
"cve": "CVE-2026-39830",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39830"
}
],
"notes": [
{
"category": "general",
"text": "A malicious SSH peer could send unsolicited global request responses to fill an internal buffer, blocking the connection\u0027s read loop. The blocked goroutine could not be released by calling Close(), resulting in a resource leak per connection. Unsolicited global responses are now discarded.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.aarch64",
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39830",
"url": "https://www.suse.com/security/cve/CVE-2026-39830"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-39830",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.aarch64",
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.aarch64",
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-10T08:12:23Z",
"details": "important"
}
],
"title": "CVE-2026-39830"
},
{
"cve": "CVE-2026-39831",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39831"
}
],
"notes": [
{
"category": "general",
"text": "The Verify() method for FIDO/U2F security key types (sk-ecdsa-sha2-nistp256@openssh.com, sk-ssh-ed25519@openssh.com) did not check the User Presence flag. Signatures generated without physical touch were accepted, allowing unattended use of a hardware security key. To restore the previous behavior, return a \"no-touch-required\" extension in Permissions.Extensions from PublicKeyCallback.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.aarch64",
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39831",
"url": "https://www.suse.com/security/cve/CVE-2026-39831"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-39831",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.aarch64",
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.aarch64",
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-10T08:12:23Z",
"details": "important"
}
],
"title": "CVE-2026-39831"
},
{
"cve": "CVE-2026-39832",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39832"
}
],
"notes": [
{
"category": "general",
"text": "When adding a key to a remote agent constraint extensions such as restrict-destination-v00@openssh.com were not serialized in the request. Destination restrictions were silently stripped when forwarding keys, allowing unrestricted use of the key on the remote host. The client now serializes all constraint extensions. Additionally, the in-memory keyring returned by NewKeyring() now rejects keys with unsupported constraint extensions instead of silently ignoring them.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.aarch64",
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39832",
"url": "https://www.suse.com/security/cve/CVE-2026-39832"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-39832",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.aarch64",
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.aarch64",
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-10T08:12:23Z",
"details": "important"
}
],
"title": "CVE-2026-39832"
},
{
"cve": "CVE-2026-39833",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39833"
}
],
"notes": [
{
"category": "general",
"text": "The in-memory keyring returned by NewKeyring() silently accepted keys with the ConfirmBeforeUse constraint but never enforced it. The key would sign without any confirmation prompt, with no indication to the caller that the constraint was not in effect. NewKeyring() now returns an error when unsupported constraints are requested.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.aarch64",
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39833",
"url": "https://www.suse.com/security/cve/CVE-2026-39833"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-39833",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.aarch64",
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.aarch64",
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-10T08:12:23Z",
"details": "important"
}
],
"title": "CVE-2026-39833"
},
{
"cve": "CVE-2026-39834",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39834"
}
],
"notes": [
{
"category": "general",
"text": "When writing data larger than 4GB in a single Write call on an SSH channel, an integer overflow in the internal payload size calculation caused the write loop to spin indefinitely, sending empty packets without making progress. The size comparison now uses int64 to prevent truncation.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.aarch64",
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39834",
"url": "https://www.suse.com/security/cve/CVE-2026-39834"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-39834",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.aarch64",
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.aarch64",
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-10T08:12:23Z",
"details": "important"
}
],
"title": "CVE-2026-39834"
},
{
"cve": "CVE-2026-39835",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39835"
}
],
"notes": [
{
"category": "general",
"text": "SSH servers which use CertChecker as a public key callback without setting IsUserAuthority or IsHostAuthority could be caused to panic by a client presenting a certificate. CertChecker now returns an error instead of panicking when these callbacks are nil.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.aarch64",
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39835",
"url": "https://www.suse.com/security/cve/CVE-2026-39835"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-39835",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.aarch64",
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.aarch64",
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-10T08:12:23Z",
"details": "important"
}
],
"title": "CVE-2026-39835"
},
{
"cve": "CVE-2026-42502",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-42502"
}
],
"notes": [
{
"category": "general",
"text": "Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt to sanitize input HTML before rendering.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.aarch64",
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-42502",
"url": "https://www.suse.com/security/cve/CVE-2026-42502"
},
{
"category": "external",
"summary": "SUSE Bug 1267044 for CVE-2026-42502",
"url": "https://bugzilla.suse.com/1267044"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.aarch64",
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.aarch64",
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-10T08:12:23Z",
"details": "important"
}
],
"title": "CVE-2026-42502"
},
{
"cve": "CVE-2026-42506",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-42506"
}
],
"notes": [
{
"category": "general",
"text": "Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt to sanitize input HTML before rendering.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.aarch64",
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-42506",
"url": "https://www.suse.com/security/cve/CVE-2026-42506"
},
{
"category": "external",
"summary": "SUSE Bug 1267044 for CVE-2026-42506",
"url": "https://bugzilla.suse.com/1267044"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.aarch64",
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.aarch64",
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-10T08:12:23Z",
"details": "important"
}
],
"title": "CVE-2026-42506"
},
{
"cve": "CVE-2026-42508",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-42508"
}
],
"notes": [
{
"category": "general",
"text": "Previously, a revoked \u0027SignatureKey\u0027 belonging to a CA was not correctly checked for revocation. Now, both the \u0027key\u0027 and \u0027key.SignatureKey\u0027 are checked for @revoked.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.aarch64",
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-42508",
"url": "https://www.suse.com/security/cve/CVE-2026-42508"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-42508",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.aarch64",
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.aarch64",
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-10T08:12:23Z",
"details": "important"
}
],
"title": "CVE-2026-42508"
},
{
"cve": "CVE-2026-46595",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-46595"
}
],
"notes": [
{
"category": "general",
"text": "Previously, CVE-2024-45337 fixed an authorization bypass for misused ssh server configurations; if any other type of callback is passed other than public key, then the source-address validation would be skipped.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.aarch64",
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-46595",
"url": "https://www.suse.com/security/cve/CVE-2026-46595"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-46595",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.aarch64",
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.aarch64",
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-10T08:12:23Z",
"details": "important"
}
],
"title": "CVE-2026-46595"
},
{
"cve": "CVE-2026-46597",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-46597"
}
],
"notes": [
{
"category": "general",
"text": "An incorrectly placed cast from bytes to int allowed for server-side panic in the AES-GCM packet decoder for well-crafted inputs.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.aarch64",
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-46597",
"url": "https://www.suse.com/security/cve/CVE-2026-46597"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-46597",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.aarch64",
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.aarch64",
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-10T08:12:23Z",
"details": "important"
}
],
"title": "CVE-2026-46597"
},
{
"cve": "CVE-2026-46598",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-46598"
}
],
"notes": [
{
"category": "general",
"text": "For certain crafted inputs, a \u0027ed25519.PrivateKey\u0027 was created by casting malformed wire bytes, leading to a panic when used.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.aarch64",
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-46598",
"url": "https://www.suse.com/security/cve/CVE-2026-46598"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-46598",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.aarch64",
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.aarch64",
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-10T08:12:23Z",
"details": "important"
}
],
"title": "CVE-2026-46598"
}
]
}
SUSE-SU-2026:22074-1
Vulnerability from csaf_suse - Published: 2026-06-10 07:44 - Updated: 2026-06-10 07:44| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.x86_64 | — |
Vendor Fix
|
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for elemental-toolkit",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for elemental-toolkit fixes the following issue\n\n- CVE-2026-33186: google.golang.org/grpc: authorization bypass due to improper validation of the HTTP/2 :path pseudo-\n header (bsc#1260277).\n\nChanges for elemental-toolkit:\n\n- Update to v2.2.9:\n * 0e33b2bc Bump golang.org/x/net to v0.55.0 (bsc#1267168)\n * 4f5423b9 Bump golang.org/x/crypto to v0.52.0 (bsc#1266187)\n- Update to v2.2.8:\n * 3f38ae3e Avoid pulling binaries with curl\n * ef3f97a0 Bump golangci/golangci-lint-action to v9\n * 34f9ed84 Bump github.com/spf13/cobra library\n * dff54d9a Bump github.com/jaypipes/ghw library\n * 7b7ba7ac github.com/bramvdbogaerde/go-scp libary\n * ac19e71c Bump google.golang.org/grpc library (bsc#1260277 CVE-2026-33186)\n * 55761782 Bump github.com/ulikunitz/xz library\n * d04e480d Update headers to 2026\n * bb7974f4 Switch from TW to Leap 16.0 for green flavor\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLE-Micro-6.1-570",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_22074-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2026:22074-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-202622074-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2026:22074-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2026-June/047276.html"
},
{
"category": "self",
"summary": "SUSE Bug 1260277",
"url": "https://bugzilla.suse.com/1260277"
},
{
"category": "self",
"summary": "SUSE Bug 1266187",
"url": "https://bugzilla.suse.com/1266187"
},
{
"category": "self",
"summary": "SUSE Bug 1267168",
"url": "https://bugzilla.suse.com/1267168"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-25680 page",
"url": "https://www.suse.com/security/cve/CVE-2026-25680/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-25681 page",
"url": "https://www.suse.com/security/cve/CVE-2026-25681/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-27136 page",
"url": "https://www.suse.com/security/cve/CVE-2026-27136/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-33186 page",
"url": "https://www.suse.com/security/cve/CVE-2026-33186/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39827 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39827/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39828 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39828/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39829 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39829/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39830 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39830/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39831 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39831/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39832 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39832/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39833 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39833/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39834 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39834/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39835 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39835/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-42502 page",
"url": "https://www.suse.com/security/cve/CVE-2026-42502/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-42506 page",
"url": "https://www.suse.com/security/cve/CVE-2026-42506/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-42508 page",
"url": "https://www.suse.com/security/cve/CVE-2026-42508/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-46595 page",
"url": "https://www.suse.com/security/cve/CVE-2026-46595/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-46597 page",
"url": "https://www.suse.com/security/cve/CVE-2026-46597/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-46598 page",
"url": "https://www.suse.com/security/cve/CVE-2026-46598/"
}
],
"title": "Security update for elemental-toolkit",
"tracking": {
"current_release_date": "2026-06-10T07:44:30Z",
"generator": {
"date": "2026-06-10T07:44:30Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2026:22074-1",
"initial_release_date": "2026-06-10T07:44:30Z",
"revision_history": [
{
"date": "2026-06-10T07:44:30Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "elemental-toolkit-2.2.9-slfo.1.1_1.1.aarch64",
"product": {
"name": "elemental-toolkit-2.2.9-slfo.1.1_1.1.aarch64",
"product_id": "elemental-toolkit-2.2.9-slfo.1.1_1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "elemental-toolkit-2.2.9-slfo.1.1_1.1.x86_64",
"product": {
"name": "elemental-toolkit-2.2.9-slfo.1.1_1.1.x86_64",
"product_id": "elemental-toolkit-2.2.9-slfo.1.1_1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Micro 6.1",
"product": {
"name": "SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sl-micro:6.1"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "elemental-toolkit-2.2.9-slfo.1.1_1.1.aarch64 as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.aarch64"
},
"product_reference": "elemental-toolkit-2.2.9-slfo.1.1_1.1.aarch64",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "elemental-toolkit-2.2.9-slfo.1.1_1.1.x86_64 as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.x86_64"
},
"product_reference": "elemental-toolkit-2.2.9-slfo.1.1_1.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-25680",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-25680"
}
],
"notes": [
{
"category": "general",
"text": "Parsing arbitrary HTML can consume excessive CPU time, possibly leading to denial of service.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-25680",
"url": "https://www.suse.com/security/cve/CVE-2026-25680"
},
{
"category": "external",
"summary": "SUSE Bug 1267044 for CVE-2026-25680",
"url": "https://bugzilla.suse.com/1267044"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-10T07:44:30Z",
"details": "important"
}
],
"title": "CVE-2026-25680"
},
{
"cve": "CVE-2026-25681",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-25681"
}
],
"notes": [
{
"category": "general",
"text": "Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt to sanitize input HTML before rendering.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-25681",
"url": "https://www.suse.com/security/cve/CVE-2026-25681"
},
{
"category": "external",
"summary": "SUSE Bug 1267044 for CVE-2026-25681",
"url": "https://bugzilla.suse.com/1267044"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-10T07:44:30Z",
"details": "important"
}
],
"title": "CVE-2026-25681"
},
{
"cve": "CVE-2026-27136",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-27136"
}
],
"notes": [
{
"category": "general",
"text": "Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt to sanitize input HTML before rendering.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-27136",
"url": "https://www.suse.com/security/cve/CVE-2026-27136"
},
{
"category": "external",
"summary": "SUSE Bug 1267044 for CVE-2026-27136",
"url": "https://bugzilla.suse.com/1267044"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-10T07:44:30Z",
"details": "important"
}
],
"title": "CVE-2026-27136"
},
{
"cve": "CVE-2026-33186",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-33186"
}
],
"notes": [
{
"category": "general",
"text": "gRPC-Go is the Go language implementation of gRPC. Versions prior to 1.79.3 have an authorization bypass resulting from improper input validation of the HTTP/2 `:path` pseudo-header. The gRPC-Go server was too lenient in its routing logic, accepting requests where the `:path` omitted the mandatory leading slash (e.g., `Service/Method` instead of `/Service/Method`). While the server successfully routed these requests to the correct handler, authorization interceptors (including the official `grpc/authz` package) evaluated the raw, non-canonical path string. Consequently, \"deny\" rules defined using canonical paths (starting with `/`) failed to match the incoming request, allowing it to bypass the policy if a fallback \"allow\" rule was present. This affects gRPC-Go servers that use path-based authorization interceptors, such as the official RBAC implementation in `google.golang.org/grpc/authz` or custom interceptors relying on `info.FullMethod` or `grpc.Method(ctx)`; AND that have a security policy contains specific \"deny\" rules for canonical paths but allows other requests by default (a fallback \"allow\" rule). The vulnerability is exploitable by an attacker who can send raw HTTP/2 frames with malformed `:path` headers directly to the gRPC server. The fix in version 1.79.3 ensures that any request with a `:path` that does not start with a leading slash is immediately rejected with a `codes.Unimplemented` error, preventing it from reaching authorization interceptors or handlers with a non-canonical path string. While upgrading is the most secure and recommended path, users can mitigate the vulnerability using one of the following methods: Use a validating interceptor (recommended mitigation); infrastructure-level normalization; and/or policy hardening.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-33186",
"url": "https://www.suse.com/security/cve/CVE-2026-33186"
},
{
"category": "external",
"summary": "SUSE Bug 1260085 for CVE-2026-33186",
"url": "https://bugzilla.suse.com/1260085"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-10T07:44:30Z",
"details": "important"
}
],
"title": "CVE-2026-33186"
},
{
"cve": "CVE-2026-39827",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39827"
}
],
"notes": [
{
"category": "general",
"text": "An authenticated SSH client that repeatedly opened channels which were rejected by the server caused unbounded memory growth, eventually crashing the server process and affecting all connected users. Rejected channels are now properly removed from the connection\u0027s internal state and released for garbage collection.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39827",
"url": "https://www.suse.com/security/cve/CVE-2026-39827"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-39827",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-10T07:44:30Z",
"details": "important"
}
],
"title": "CVE-2026-39827"
},
{
"cve": "CVE-2026-39828",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39828"
}
],
"notes": [
{
"category": "general",
"text": "When an SSH server authentication callback returned PartialSuccessError with non-nil Permissions, those permissions were silently discarded, potentially dropping certificate restrictions such as force-command after a second factor succeeded. Returning non-nil Permissions with PartialSuccessError now results in a connection error.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39828",
"url": "https://www.suse.com/security/cve/CVE-2026-39828"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-39828",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-10T07:44:30Z",
"details": "important"
}
],
"title": "CVE-2026-39828"
},
{
"cve": "CVE-2026-39829",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39829"
}
],
"notes": [
{
"category": "general",
"text": "The RSA and DSA public key parsers did not enforce size limits on key parameters. A crafted public key with an excessively large modulus or DSA parameter could cause several minutes of CPU consumption during signature verification. This could be triggered by unauthenticated clients during public key authentication. RSA moduli are now limited to 8192 bits, and DSA parameters are validated per FIPS 186-2.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39829",
"url": "https://www.suse.com/security/cve/CVE-2026-39829"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-39829",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-10T07:44:30Z",
"details": "important"
}
],
"title": "CVE-2026-39829"
},
{
"cve": "CVE-2026-39830",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39830"
}
],
"notes": [
{
"category": "general",
"text": "A malicious SSH peer could send unsolicited global request responses to fill an internal buffer, blocking the connection\u0027s read loop. The blocked goroutine could not be released by calling Close(), resulting in a resource leak per connection. Unsolicited global responses are now discarded.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39830",
"url": "https://www.suse.com/security/cve/CVE-2026-39830"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-39830",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-10T07:44:30Z",
"details": "important"
}
],
"title": "CVE-2026-39830"
},
{
"cve": "CVE-2026-39831",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39831"
}
],
"notes": [
{
"category": "general",
"text": "The Verify() method for FIDO/U2F security key types (sk-ecdsa-sha2-nistp256@openssh.com, sk-ssh-ed25519@openssh.com) did not check the User Presence flag. Signatures generated without physical touch were accepted, allowing unattended use of a hardware security key. To restore the previous behavior, return a \"no-touch-required\" extension in Permissions.Extensions from PublicKeyCallback.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39831",
"url": "https://www.suse.com/security/cve/CVE-2026-39831"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-39831",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-10T07:44:30Z",
"details": "important"
}
],
"title": "CVE-2026-39831"
},
{
"cve": "CVE-2026-39832",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39832"
}
],
"notes": [
{
"category": "general",
"text": "When adding a key to a remote agent constraint extensions such as restrict-destination-v00@openssh.com were not serialized in the request. Destination restrictions were silently stripped when forwarding keys, allowing unrestricted use of the key on the remote host. The client now serializes all constraint extensions. Additionally, the in-memory keyring returned by NewKeyring() now rejects keys with unsupported constraint extensions instead of silently ignoring them.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39832",
"url": "https://www.suse.com/security/cve/CVE-2026-39832"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-39832",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-10T07:44:30Z",
"details": "important"
}
],
"title": "CVE-2026-39832"
},
{
"cve": "CVE-2026-39833",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39833"
}
],
"notes": [
{
"category": "general",
"text": "The in-memory keyring returned by NewKeyring() silently accepted keys with the ConfirmBeforeUse constraint but never enforced it. The key would sign without any confirmation prompt, with no indication to the caller that the constraint was not in effect. NewKeyring() now returns an error when unsupported constraints are requested.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39833",
"url": "https://www.suse.com/security/cve/CVE-2026-39833"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-39833",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-10T07:44:30Z",
"details": "important"
}
],
"title": "CVE-2026-39833"
},
{
"cve": "CVE-2026-39834",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39834"
}
],
"notes": [
{
"category": "general",
"text": "When writing data larger than 4GB in a single Write call on an SSH channel, an integer overflow in the internal payload size calculation caused the write loop to spin indefinitely, sending empty packets without making progress. The size comparison now uses int64 to prevent truncation.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39834",
"url": "https://www.suse.com/security/cve/CVE-2026-39834"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-39834",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-10T07:44:30Z",
"details": "important"
}
],
"title": "CVE-2026-39834"
},
{
"cve": "CVE-2026-39835",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39835"
}
],
"notes": [
{
"category": "general",
"text": "SSH servers which use CertChecker as a public key callback without setting IsUserAuthority or IsHostAuthority could be caused to panic by a client presenting a certificate. CertChecker now returns an error instead of panicking when these callbacks are nil.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39835",
"url": "https://www.suse.com/security/cve/CVE-2026-39835"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-39835",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-10T07:44:30Z",
"details": "important"
}
],
"title": "CVE-2026-39835"
},
{
"cve": "CVE-2026-42502",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-42502"
}
],
"notes": [
{
"category": "general",
"text": "Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt to sanitize input HTML before rendering.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-42502",
"url": "https://www.suse.com/security/cve/CVE-2026-42502"
},
{
"category": "external",
"summary": "SUSE Bug 1267044 for CVE-2026-42502",
"url": "https://bugzilla.suse.com/1267044"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-10T07:44:30Z",
"details": "important"
}
],
"title": "CVE-2026-42502"
},
{
"cve": "CVE-2026-42506",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-42506"
}
],
"notes": [
{
"category": "general",
"text": "Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt to sanitize input HTML before rendering.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-42506",
"url": "https://www.suse.com/security/cve/CVE-2026-42506"
},
{
"category": "external",
"summary": "SUSE Bug 1267044 for CVE-2026-42506",
"url": "https://bugzilla.suse.com/1267044"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-10T07:44:30Z",
"details": "important"
}
],
"title": "CVE-2026-42506"
},
{
"cve": "CVE-2026-42508",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-42508"
}
],
"notes": [
{
"category": "general",
"text": "Previously, a revoked \u0027SignatureKey\u0027 belonging to a CA was not correctly checked for revocation. Now, both the \u0027key\u0027 and \u0027key.SignatureKey\u0027 are checked for @revoked.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-42508",
"url": "https://www.suse.com/security/cve/CVE-2026-42508"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-42508",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-10T07:44:30Z",
"details": "important"
}
],
"title": "CVE-2026-42508"
},
{
"cve": "CVE-2026-46595",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-46595"
}
],
"notes": [
{
"category": "general",
"text": "Previously, CVE-2024-45337 fixed an authorization bypass for misused ssh server configurations; if any other type of callback is passed other than public key, then the source-address validation would be skipped.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-46595",
"url": "https://www.suse.com/security/cve/CVE-2026-46595"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-46595",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-10T07:44:30Z",
"details": "important"
}
],
"title": "CVE-2026-46595"
},
{
"cve": "CVE-2026-46597",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-46597"
}
],
"notes": [
{
"category": "general",
"text": "An incorrectly placed cast from bytes to int allowed for server-side panic in the AES-GCM packet decoder for well-crafted inputs.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-46597",
"url": "https://www.suse.com/security/cve/CVE-2026-46597"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-46597",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-10T07:44:30Z",
"details": "important"
}
],
"title": "CVE-2026-46597"
},
{
"cve": "CVE-2026-46598",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-46598"
}
],
"notes": [
{
"category": "general",
"text": "For certain crafted inputs, a \u0027ed25519.PrivateKey\u0027 was created by casting malformed wire bytes, leading to a panic when used.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-46598",
"url": "https://www.suse.com/security/cve/CVE-2026-46598"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-46598",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-10T07:44:30Z",
"details": "important"
}
],
"title": "CVE-2026-46598"
}
]
}
SUSE-SU-2026:22157-1
Vulnerability from csaf_suse - Published: 2026-06-17 16:31 - Updated: 2026-06-17 16:31| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64 | — |
Vendor Fix
|
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for amazon-ssm-agent",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for amazon-ssm-agent fixes the following issues\n\nUpdate to version 3.3.4624.0:\n\n- CVE-2025-22869: golang.org/x/crypto/ssh: Denial of Service in the Key Exchange of golang.org/x/crypto/ssh\n (bsc#1239342).\n- CVE-2025-22870: golang.org/x/net/proxy: proxy bypass using IPv6 zone IDs (bsc#1238702).\n- CVE-2025-47913: golang.org/x/crypto/ssh/agent: client process termination when receiving an unexpected message type in\n response to a key listing or signing request (bsc#1253611).\n- CVE-2026-1229: the CombinedMult function in the ecc/p384 package produces an incorrect value for specific inputs\n (bsc#1265474).\n- CVE-2026-25934: github.com/go-git/go-git/v5: improper verification of data integrity values for .pack and .idx files\n can lead to the consumption of corrupted files (bsc#1258095).\n- CVE-2026-39821: golang.org/x/net/idna: failure to reject ASCII-only Punycode-encoded labels allows for validation\n bypass and privilege esca (bsc#1266781).\n- CVE-2026-41506: github.com/go-git/go-git/v5: HTTP authentication credential leak when following redirects during\n smart-HTTP clone and fetch operations (bsc#1264952).\n- CVE-2026-44740: github.com/go-git/go-billy/v5: improper input handling in many components can lead to DoS via infinite\n loops, panics or resource consumption (bsc#1267332).\n- CVE-2026-39827: Invoking memory leak when rejecting channels can lead to DoS in golang.org/x/crypto/ssh (bsc#1266200).\n- CVE-2026-39828: Invoking bypass of certificate restrictions in golang.org/x/crypto/ssh (bsc#1266200).\n- CVE-2026-39829: Invoking pathological RSA/DSA parameters may cause DoS in golang.org/x/crypto/ssh (bsc#1266200).\n- CVE-2026-39830: Invoking client can cause server deadlock on unexpected responses in golang.org/x/crypto/ssh\n (bsc#1266200).\n- CVE-2026-39831: Invoking bypass of FIDO/U2F security keys physical interaction in golang.org/x/crypto/ssh\n (bsc#1266200).\n- CVE-2026-39832: Invoking agent constraints dropped when forwarding keys in golang.org/x/crypto/ssh/agent\n (bsc#1266200).\n- CVE-2026-39833: Invoking key constraints not enforced in golang.org/x/crypto/ssh/agent (bsc#1266200).\n- CVE-2026-39834: Invoking infinite loop on large channel writes in golang.org/x/crypto/ssh (bsc#1266200).\n- CVE-2026-39835: Invoking server panic during CheckHostKey/Authenticate in golang.org/x/crypto/ssh (bsc#1266200).\n- CVE-2026-42508: Invoking auth bypass via unenforced @revoked status in golang.org/x/crypto/ssh/knownhosts\n (bsc#1266200).\n- CVE-2026-46595: Invoking VerifiedPublicKeyCallback permissions skip enforcement in golang.org/x/crypto/ssh\n (bsc#1266200).\n- CVE-2026-46597: Invoking byte arithmetic causes underflow and panic in golang.org/x/crypto/ssh (bsc#1266200).\n- CVE-2026-46598: Invoking pathological inputs can lead to client panic in golang.org/x/crypto/ssh/agent (bsc#1266200).\n\nChanges:\n\n * Bump golang.org/x/crypto from v0.51.0 to v0.52.0\n * Bump golang.org/x/net from v0.54.0 to v0.55.0\n * Enforce directory boundary in BuildSafePath\n * Fix visibility issue with Bottlerocket OS in document output\n * Update go-git from v5.17.1 to v5.19.1 (bsc#1264952, CVE-2026-41506), this\n also updates go-billy from v5.8.0 to v5.9.0 (bsc#1267332, CVE-2026-44740)\n * Bump golang.org/x/net from v0.48.0 to v0.53.0 (bsc#1266781, CVE-2026-39821)\n * Quit if sysprep failed and log its current state\n * Remove attached legacy cloudwatch plugin packages\n * Upgrade Go version to 1.25.10\n * Use BuildSafePath wherever it is applicable\n * Add OOM killer protection to systemd service files\n * Apply more sanitation to file and registry inventory gatherers\n * Bump go-git to v5.17.1\n * Deprecate legacy cloudwatch plugin\n * Preserve network error details in credential refresher SSM API failures\n * Upgrade Go version to 1.25.9\n * Add SSM Distributor support for Bottlerocket OS\n * Implement flush credentials command in ssm-cli\n * Log ec2messages access denied as debug instead of error to reduce log noise\n * Make credential refresher refresh cache quickly in case of credential flush\n * Make Greengrass component registration resilient with retry\n * Add EnforceWorkspaceRootOwnership configuration to support disable\n hardening of agent workspace\n * Add reboot comment to Windows shutdown command for SSM Agent traceability\n * Update privilege access check to verify ownership and permissions\n of document state files\n * Add read-only version check prior to install and uninstall\n in case of occupied package manager locks\n * Add ANSI processing for CloudWatch and S3 log\n * Upgrade go-git to v5.17.0 and cloudflare/circl to v1.6.3\n to fix CVE-2026-1229\n- Switch to systemd-tmpfiles to store runtime data (jsc#PED-14843)\n * Disable Go 1.25 container-aware GOMAXPROCS to prevent holding\n cgroup file descriptors open\n * Upgrade Go version to 1.25.8\n * Document CommandWorkerBufferLimit config\n * Include package update in Dockerfile\n * Reduce CloudWatch event message length threshold\n * Upgrade Go version to 1.25.7\n * Update github.com/go-git/go-git/v5 to 5.16.5 (bsc#1258095, CVE-2026-25934)\n * Update greengrass version\n * Update Golang version to 1.24.12\n * Updating golang.org/x/crypto from v0.37.0 to v0.47.0, golang.org/x/net\n from v0.39.0 to v0.48.0 and golang.org/x/sys from v0.32.0 to v0.40.0\n (bsc#1253611, CVE-2025-47913)\n * Categorize integration tests by adding new tags to split fast and slow ones\n * Fix bug where IP field being empty string and causing UII API failure\n * Allow Patch execution to persist across reboots not registered to SSM Agent\n * Fix ENV_VAR interpolation to work correctly with parameter store value\n * Implement immediate retries for failed reply messages to MGS for RunCommand documents\n * Improve ssm-cli get-diagnostics command log output\n * Support DomainJoin endpoint for EU sovereign cloud\n * Support dualstack S3 endpoint for distributor packages\n * Upgrade Go version to 1.24.11\n * Add initial IPv6 support with UseDualStackEndpoint configuration option\n * Fix CPU utilization issue for instances with thousands of network interfaces\n * Add IMDS retry count to account for EC2 droplet refresh\n * Fix duplicate uid error logging in MDS module\n * Update aws:Domainjoin plugin logging from Log4Net to NLog\n * Upgrade Go version to 1.24.7\n * Update github.com/go-git/go-git/v5 to 5.15.0\n * Update golang.org/x/crypto to v0.37.0 (bsc#1238702, CVE-2025-22870)\n * Update golang.org/x/net to v0.39.0\n * Update golang.org/x/sys to v0.32.0\n * Add EU sovereign cloud S3 endpoint for DownloadContent plugin\n * Add configurable credential rotation max backoff interval\n * Migrate from twinj/uuid to google/uuid library\n * Allow newer agent versions to be installed when deploying on Greengrass\n * Harden function to remove non-admin run command documents in execution path\n * Fix macOS credential refresher test issue due to missing Debugf from serialport skip file\n * Enhance testability of custom certificate usage in debug SSM Agent builds\n * Decouple serial port from startup and add credential refresher serialport logging\n * Add GlobalEnhancedTelemetryEnabled config to README\n * Add cloudwatch logs endpoint configuration to optional config for agent\n * Update Greengrass component version\n * Add file privilege check before processing document state file\n * Storing AWS document interpolation ENV_VAR types as environment variables\n * Throw explicit error when running local cli as non-priviledged user\n * Harden telemetry dynamic config folder permissions\n * Add configuration option for HandshakeTimeout\n * Improve unit tests\n * Add setup for emitting telemetry logs and metrics\n * Add initial selection of error logs to emit to telemetry\n * Simplify checkstyle and import organization in build scripts\n * Update golang.org/x/net from v0.37.0 to v0.38.0\n * Agent hibernation reason is logged to EC2 system logs\n * Add metrics for the EC2Detector and IMDS EC2 status findings\n * Change Linux DomainJoin plugin parameter KeepHostName to accept\n both boolean and string\n * Upgrade GoLang to version 1.23.8\n * Update golang.org/x/crypto from v0.32.0 to v0.36.0 (bsc#1239342, CVE-2025-22869)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLES-16.0-943",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_22157-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2026:22157-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-202622157-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2026:22157-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-June/026930.html"
},
{
"category": "self",
"summary": "SUSE Bug 1238702",
"url": "https://bugzilla.suse.com/1238702"
},
{
"category": "self",
"summary": "SUSE Bug 1239342",
"url": "https://bugzilla.suse.com/1239342"
},
{
"category": "self",
"summary": "SUSE Bug 1253611",
"url": "https://bugzilla.suse.com/1253611"
},
{
"category": "self",
"summary": "SUSE Bug 1258095",
"url": "https://bugzilla.suse.com/1258095"
},
{
"category": "self",
"summary": "SUSE Bug 1264952",
"url": "https://bugzilla.suse.com/1264952"
},
{
"category": "self",
"summary": "SUSE Bug 1265474",
"url": "https://bugzilla.suse.com/1265474"
},
{
"category": "self",
"summary": "SUSE Bug 1266200",
"url": "https://bugzilla.suse.com/1266200"
},
{
"category": "self",
"summary": "SUSE Bug 1266781",
"url": "https://bugzilla.suse.com/1266781"
},
{
"category": "self",
"summary": "SUSE Bug 1267332",
"url": "https://bugzilla.suse.com/1267332"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22869 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22869/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22870 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22870/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-47913 page",
"url": "https://www.suse.com/security/cve/CVE-2025-47913/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-1229 page",
"url": "https://www.suse.com/security/cve/CVE-2026-1229/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-25934 page",
"url": "https://www.suse.com/security/cve/CVE-2026-25934/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39821 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39821/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39827 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39827/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39828 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39828/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39829 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39829/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39830 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39830/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39831 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39831/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39832 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39832/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39833 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39833/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39834 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39834/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39835 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39835/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-41506 page",
"url": "https://www.suse.com/security/cve/CVE-2026-41506/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-42508 page",
"url": "https://www.suse.com/security/cve/CVE-2026-42508/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-44740 page",
"url": "https://www.suse.com/security/cve/CVE-2026-44740/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-46595 page",
"url": "https://www.suse.com/security/cve/CVE-2026-46595/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-46597 page",
"url": "https://www.suse.com/security/cve/CVE-2026-46597/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-46598 page",
"url": "https://www.suse.com/security/cve/CVE-2026-46598/"
}
],
"title": "Security update for amazon-ssm-agent",
"tracking": {
"current_release_date": "2026-06-17T16:31:19Z",
"generator": {
"date": "2026-06-17T16:31:19Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2026:22157-1",
"initial_release_date": "2026-06-17T16:31:19Z",
"revision_history": [
{
"date": "2026-06-17T16:31:19Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64",
"product": {
"name": "amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64",
"product_id": "amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64",
"product": {
"name": "amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64",
"product_id": "amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 16.0",
"product": {
"name": "SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:16:16.0:server"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP applications 16.0",
"product": {
"name": "SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:16:16.0:server-sap"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64 as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64"
},
"product_reference": "amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64 as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64"
},
"product_reference": "amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64 as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64"
},
"product_reference": "amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64 as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64"
},
"product_reference": "amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-22869",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22869"
}
],
"notes": [
{
"category": "general",
"text": "SSH servers which implement file transfer protocols are vulnerable to a denial of service attack from clients which complete the key exchange slowly, or not at all, causing pending content to be read into memory, but never transmitted.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22869",
"url": "https://www.suse.com/security/cve/CVE-2025-22869"
},
{
"category": "external",
"summary": "SUSE Bug 1239322 for CVE-2025-22869",
"url": "https://bugzilla.suse.com/1239322"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-17T16:31:19Z",
"details": "important"
}
],
"title": "CVE-2025-22869"
},
{
"cve": "CVE-2025-22870",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22870"
}
],
"notes": [
{
"category": "general",
"text": "Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NO_PROXY environment variable is set to \"*.example.com\", a request to \"[::1%25.example.com]:80` will incorrectly match and not be proxied.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22870",
"url": "https://www.suse.com/security/cve/CVE-2025-22870"
},
{
"category": "external",
"summary": "SUSE Bug 1238572 for CVE-2025-22870",
"url": "https://bugzilla.suse.com/1238572"
},
{
"category": "external",
"summary": "SUSE Bug 1238611 for CVE-2025-22870",
"url": "https://bugzilla.suse.com/1238611"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-17T16:31:19Z",
"details": "moderate"
}
],
"title": "CVE-2025-22870"
},
{
"cve": "CVE-2025-47913",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-47913"
}
],
"notes": [
{
"category": "general",
"text": "SSH clients receiving SSH_AGENT_SUCCESS when expecting a typed response will panic and cause early termination of the client process.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-47913",
"url": "https://www.suse.com/security/cve/CVE-2025-47913"
},
{
"category": "external",
"summary": "SUSE Bug 1253506 for CVE-2025-47913",
"url": "https://bugzilla.suse.com/1253506"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-17T16:31:19Z",
"details": "important"
}
],
"title": "CVE-2025-47913"
},
{
"cve": "CVE-2026-1229",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-1229"
}
],
"notes": [
{
"category": "general",
"text": "The CombinedMult function in the CIRCL ecc/p384 package (secp384r1 curve) produces an incorrect value for specific inputs. The issue is fixed by using complete addition formulas.\nECDH and ECDSA signing relying on this curve are not affected.\n\nThe bug was fixed in v1.6.3 https://github.com/cloudflare/circl/releases/tag/v1.6.3 .",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-1229",
"url": "https://www.suse.com/security/cve/CVE-2026-1229"
},
{
"category": "external",
"summary": "SUSE Bug 1265416 for CVE-2026-1229",
"url": "https://bugzilla.suse.com/1265416"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-17T16:31:19Z",
"details": "important"
}
],
"title": "CVE-2026-1229"
},
{
"cve": "CVE-2026-25934",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-25934"
}
],
"notes": [
{
"category": "general",
"text": "go-git is a highly extensible git implementation library written in pure Go. Prior to 5.16.5, a vulnerability was discovered in go-git whereby data integrity values for .pack and .idx files were not properly verified. This resulted in go-git potentially consuming corrupted files, which would likely result in unexpected errors such as object not found. For context, clients fetch packfiles from upstream Git servers. Those files contain a checksum of their contents, so that clients can perform integrity checks before consuming it. The pack indexes (.idx) are generated locally by go-git, or the git cli, when new .pack files are received and processed. The integrity checks for both files were not being verified correctly. This vulnerability is fixed in 5.16.5.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-25934",
"url": "https://www.suse.com/security/cve/CVE-2026-25934"
},
{
"category": "external",
"summary": "SUSE Bug 1258093 for CVE-2026-25934",
"url": "https://bugzilla.suse.com/1258093"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-17T16:31:19Z",
"details": "moderate"
}
],
"title": "CVE-2026-25934"
},
{
"cve": "CVE-2026-39821",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39821"
}
],
"notes": [
{
"category": "general",
"text": "The ToASCII and ToUnicode functions incorrectly accept Punycode-encoded labels that decode to an ASCII-only label. For example, ToUnicode(\"xn--example-.com\") incorrectly returns the name \"example.com\" rather than an error. This behavior can lead to privilege escalation in programs using the idna package. For example, a program which performs privilege checks on the ASCII hostname may reject \"example.com\" but permit \"xn--example-.com\". If that program subsequently converts the ASCII hostname to Unicode, it will inadvertently permits access to the Unicode name \"example.com\".",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39821",
"url": "https://www.suse.com/security/cve/CVE-2026-39821"
},
{
"category": "external",
"summary": "SUSE Bug 1266474 for CVE-2026-39821",
"url": "https://bugzilla.suse.com/1266474"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-17T16:31:19Z",
"details": "important"
}
],
"title": "CVE-2026-39821"
},
{
"cve": "CVE-2026-39827",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39827"
}
],
"notes": [
{
"category": "general",
"text": "An authenticated SSH client that repeatedly opened channels which were rejected by the server caused unbounded memory growth, eventually crashing the server process and affecting all connected users. Rejected channels are now properly removed from the connection\u0027s internal state and released for garbage collection.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39827",
"url": "https://www.suse.com/security/cve/CVE-2026-39827"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-39827",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-17T16:31:19Z",
"details": "important"
}
],
"title": "CVE-2026-39827"
},
{
"cve": "CVE-2026-39828",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39828"
}
],
"notes": [
{
"category": "general",
"text": "When an SSH server authentication callback returned PartialSuccessError with non-nil Permissions, those permissions were silently discarded, potentially dropping certificate restrictions such as force-command after a second factor succeeded. Returning non-nil Permissions with PartialSuccessError now results in a connection error.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39828",
"url": "https://www.suse.com/security/cve/CVE-2026-39828"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-39828",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-17T16:31:19Z",
"details": "important"
}
],
"title": "CVE-2026-39828"
},
{
"cve": "CVE-2026-39829",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39829"
}
],
"notes": [
{
"category": "general",
"text": "The RSA and DSA public key parsers did not enforce size limits on key parameters. A crafted public key with an excessively large modulus or DSA parameter could cause several minutes of CPU consumption during signature verification. This could be triggered by unauthenticated clients during public key authentication. RSA moduli are now limited to 8192 bits, and DSA parameters are validated per FIPS 186-2.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39829",
"url": "https://www.suse.com/security/cve/CVE-2026-39829"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-39829",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-17T16:31:19Z",
"details": "important"
}
],
"title": "CVE-2026-39829"
},
{
"cve": "CVE-2026-39830",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39830"
}
],
"notes": [
{
"category": "general",
"text": "A malicious SSH peer could send unsolicited global request responses to fill an internal buffer, blocking the connection\u0027s read loop. The blocked goroutine could not be released by calling Close(), resulting in a resource leak per connection. Unsolicited global responses are now discarded.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39830",
"url": "https://www.suse.com/security/cve/CVE-2026-39830"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-39830",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-17T16:31:19Z",
"details": "important"
}
],
"title": "CVE-2026-39830"
},
{
"cve": "CVE-2026-39831",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39831"
}
],
"notes": [
{
"category": "general",
"text": "The Verify() method for FIDO/U2F security key types (sk-ecdsa-sha2-nistp256@openssh.com, sk-ssh-ed25519@openssh.com) did not check the User Presence flag. Signatures generated without physical touch were accepted, allowing unattended use of a hardware security key. To restore the previous behavior, return a \"no-touch-required\" extension in Permissions.Extensions from PublicKeyCallback.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39831",
"url": "https://www.suse.com/security/cve/CVE-2026-39831"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-39831",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-17T16:31:19Z",
"details": "important"
}
],
"title": "CVE-2026-39831"
},
{
"cve": "CVE-2026-39832",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39832"
}
],
"notes": [
{
"category": "general",
"text": "When adding a key to a remote agent constraint extensions such as restrict-destination-v00@openssh.com were not serialized in the request. Destination restrictions were silently stripped when forwarding keys, allowing unrestricted use of the key on the remote host. The client now serializes all constraint extensions. Additionally, the in-memory keyring returned by NewKeyring() now rejects keys with unsupported constraint extensions instead of silently ignoring them.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39832",
"url": "https://www.suse.com/security/cve/CVE-2026-39832"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-39832",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-17T16:31:19Z",
"details": "important"
}
],
"title": "CVE-2026-39832"
},
{
"cve": "CVE-2026-39833",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39833"
}
],
"notes": [
{
"category": "general",
"text": "The in-memory keyring returned by NewKeyring() silently accepted keys with the ConfirmBeforeUse constraint but never enforced it. The key would sign without any confirmation prompt, with no indication to the caller that the constraint was not in effect. NewKeyring() now returns an error when unsupported constraints are requested.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39833",
"url": "https://www.suse.com/security/cve/CVE-2026-39833"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-39833",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-17T16:31:19Z",
"details": "important"
}
],
"title": "CVE-2026-39833"
},
{
"cve": "CVE-2026-39834",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39834"
}
],
"notes": [
{
"category": "general",
"text": "When writing data larger than 4GB in a single Write call on an SSH channel, an integer overflow in the internal payload size calculation caused the write loop to spin indefinitely, sending empty packets without making progress. The size comparison now uses int64 to prevent truncation.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39834",
"url": "https://www.suse.com/security/cve/CVE-2026-39834"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-39834",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-17T16:31:19Z",
"details": "important"
}
],
"title": "CVE-2026-39834"
},
{
"cve": "CVE-2026-39835",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39835"
}
],
"notes": [
{
"category": "general",
"text": "SSH servers which use CertChecker as a public key callback without setting IsUserAuthority or IsHostAuthority could be caused to panic by a client presenting a certificate. CertChecker now returns an error instead of panicking when these callbacks are nil.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39835",
"url": "https://www.suse.com/security/cve/CVE-2026-39835"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-39835",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-17T16:31:19Z",
"details": "important"
}
],
"title": "CVE-2026-39835"
},
{
"cve": "CVE-2026-41506",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-41506"
}
],
"notes": [
{
"category": "general",
"text": "go-git is an extensible git implementation library written in pure Go. Prior to versions 5.18.0 and 6.0.0-alpha.2, go-git may leak HTTP authentication credentials when following redirects during smart-HTTP clone and fetch operations. This issue has been patched in versions 5.18.0 and 6.0.0-alpha.2.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-41506",
"url": "https://www.suse.com/security/cve/CVE-2026-41506"
},
{
"category": "external",
"summary": "SUSE Bug 1264854 for CVE-2026-41506",
"url": "https://bugzilla.suse.com/1264854"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-17T16:31:19Z",
"details": "moderate"
}
],
"title": "CVE-2026-41506"
},
{
"cve": "CVE-2026-42508",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-42508"
}
],
"notes": [
{
"category": "general",
"text": "Previously, a revoked \u0027SignatureKey\u0027 belonging to a CA was not correctly checked for revocation. Now, both the \u0027key\u0027 and \u0027key.SignatureKey\u0027 are checked for @revoked.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-42508",
"url": "https://www.suse.com/security/cve/CVE-2026-42508"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-42508",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-17T16:31:19Z",
"details": "important"
}
],
"title": "CVE-2026-42508"
},
{
"cve": "CVE-2026-44740",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-44740"
}
],
"notes": [
{
"category": "general",
"text": "Billy is an interface filesystem abstraction for Go. Prior to versions 5.9.0 and 6.0.0-alpha.1, multiple components may improperly handle crafted or malformed input, resulting in panics, infinite loops, uncontrolled recursion, or excessive resource consumption. These issues arise from insufficient validation and missing safety mechanisms such as cycle detection, recursion limits, or defensive handling of unexpected states when processing untrusted repository data and filesystem structures. This issue has been patched in versions 5.9.0 and 6.0.0-alpha.1.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-44740",
"url": "https://www.suse.com/security/cve/CVE-2026-44740"
},
{
"category": "external",
"summary": "SUSE Bug 1267264 for CVE-2026-44740",
"url": "https://bugzilla.suse.com/1267264"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-17T16:31:19Z",
"details": "important"
}
],
"title": "CVE-2026-44740"
},
{
"cve": "CVE-2026-46595",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-46595"
}
],
"notes": [
{
"category": "general",
"text": "Previously, CVE-2024-45337 fixed an authorization bypass for misused ssh server configurations; if any other type of callback is passed other than public key, then the source-address validation would be skipped.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-46595",
"url": "https://www.suse.com/security/cve/CVE-2026-46595"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-46595",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-17T16:31:19Z",
"details": "important"
}
],
"title": "CVE-2026-46595"
},
{
"cve": "CVE-2026-46597",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-46597"
}
],
"notes": [
{
"category": "general",
"text": "An incorrectly placed cast from bytes to int allowed for server-side panic in the AES-GCM packet decoder for well-crafted inputs.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-46597",
"url": "https://www.suse.com/security/cve/CVE-2026-46597"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-46597",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-17T16:31:19Z",
"details": "important"
}
],
"title": "CVE-2026-46597"
},
{
"cve": "CVE-2026-46598",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-46598"
}
],
"notes": [
{
"category": "general",
"text": "For certain crafted inputs, a \u0027ed25519.PrivateKey\u0027 was created by casting malformed wire bytes, leading to a panic when used.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-46598",
"url": "https://www.suse.com/security/cve/CVE-2026-46598"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-46598",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-17T16:31:19Z",
"details": "important"
}
],
"title": "CVE-2026-46598"
}
]
}
SUSE-SU-2026:22159-1
Vulnerability from csaf_suse - Published: 2026-06-18 14:30 - Updated: 2026-06-18 14:30| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:distribution-registry-3.1.1-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:distribution-registry-3.1.1-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:distribution-registry-3.1.1-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:distribution-registry-3.1.1-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:distribution-registry-3.1.1-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:distribution-registry-3.1.1-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:distribution-registry-3.1.1-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:distribution-registry-3.1.1-160000.1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:distribution-registry-3.1.1-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:distribution-registry-3.1.1-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:distribution-registry-3.1.1-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:distribution-registry-3.1.1-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:distribution-registry-3.1.1-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:distribution-registry-3.1.1-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:distribution-registry-3.1.1-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:distribution-registry-3.1.1-160000.1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:distribution-registry-3.1.1-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:distribution-registry-3.1.1-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:distribution-registry-3.1.1-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:distribution-registry-3.1.1-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:distribution-registry-3.1.1-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:distribution-registry-3.1.1-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:distribution-registry-3.1.1-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:distribution-registry-3.1.1-160000.1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:distribution-registry-3.1.1-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:distribution-registry-3.1.1-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:distribution-registry-3.1.1-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:distribution-registry-3.1.1-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:distribution-registry-3.1.1-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:distribution-registry-3.1.1-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:distribution-registry-3.1.1-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:distribution-registry-3.1.1-160000.1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:distribution-registry-3.1.1-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:distribution-registry-3.1.1-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:distribution-registry-3.1.1-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:distribution-registry-3.1.1-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:distribution-registry-3.1.1-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:distribution-registry-3.1.1-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:distribution-registry-3.1.1-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:distribution-registry-3.1.1-160000.1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:distribution-registry-3.1.1-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:distribution-registry-3.1.1-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:distribution-registry-3.1.1-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:distribution-registry-3.1.1-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:distribution-registry-3.1.1-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:distribution-registry-3.1.1-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:distribution-registry-3.1.1-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:distribution-registry-3.1.1-160000.1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:distribution-registry-3.1.1-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:distribution-registry-3.1.1-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:distribution-registry-3.1.1-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:distribution-registry-3.1.1-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:distribution-registry-3.1.1-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:distribution-registry-3.1.1-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:distribution-registry-3.1.1-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:distribution-registry-3.1.1-160000.1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:distribution-registry-3.1.1-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:distribution-registry-3.1.1-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:distribution-registry-3.1.1-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:distribution-registry-3.1.1-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:distribution-registry-3.1.1-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:distribution-registry-3.1.1-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:distribution-registry-3.1.1-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:distribution-registry-3.1.1-160000.1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:distribution-registry-3.1.1-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:distribution-registry-3.1.1-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:distribution-registry-3.1.1-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:distribution-registry-3.1.1-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:distribution-registry-3.1.1-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:distribution-registry-3.1.1-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:distribution-registry-3.1.1-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:distribution-registry-3.1.1-160000.1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:distribution-registry-3.1.1-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:distribution-registry-3.1.1-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:distribution-registry-3.1.1-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:distribution-registry-3.1.1-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:distribution-registry-3.1.1-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:distribution-registry-3.1.1-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:distribution-registry-3.1.1-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:distribution-registry-3.1.1-160000.1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:distribution-registry-3.1.1-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:distribution-registry-3.1.1-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:distribution-registry-3.1.1-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:distribution-registry-3.1.1-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:distribution-registry-3.1.1-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:distribution-registry-3.1.1-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:distribution-registry-3.1.1-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:distribution-registry-3.1.1-160000.1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:distribution-registry-3.1.1-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:distribution-registry-3.1.1-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:distribution-registry-3.1.1-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:distribution-registry-3.1.1-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:distribution-registry-3.1.1-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:distribution-registry-3.1.1-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:distribution-registry-3.1.1-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:distribution-registry-3.1.1-160000.1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:distribution-registry-3.1.1-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:distribution-registry-3.1.1-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:distribution-registry-3.1.1-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:distribution-registry-3.1.1-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:distribution-registry-3.1.1-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:distribution-registry-3.1.1-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:distribution-registry-3.1.1-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:distribution-registry-3.1.1-160000.1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:distribution-registry-3.1.1-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:distribution-registry-3.1.1-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:distribution-registry-3.1.1-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:distribution-registry-3.1.1-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:distribution-registry-3.1.1-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:distribution-registry-3.1.1-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:distribution-registry-3.1.1-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:distribution-registry-3.1.1-160000.1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:distribution-registry-3.1.1-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:distribution-registry-3.1.1-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:distribution-registry-3.1.1-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:distribution-registry-3.1.1-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:distribution-registry-3.1.1-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:distribution-registry-3.1.1-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:distribution-registry-3.1.1-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:distribution-registry-3.1.1-160000.1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:distribution-registry-3.1.1-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:distribution-registry-3.1.1-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:distribution-registry-3.1.1-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:distribution-registry-3.1.1-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:distribution-registry-3.1.1-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:distribution-registry-3.1.1-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:distribution-registry-3.1.1-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:distribution-registry-3.1.1-160000.1.1.x86_64 | — |
Vendor Fix
|
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for distribution",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for distribution fixes the following issues\n\n- CVE-2026-33814: golang.org/x/net/http2: infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE\n (bsc#1265788).\n- CVE-2026-39821: golang.org/x/net/idna: failure to reject ASCII-only Punycode-encoded labels allows for validation\n bypass and privilege escalation (bsc#1266629).\n- CVE-2026-41888: tag deletion bypasses the storage.delete.enabled configuration (bsc#1265429).\n- CVE-2026-39827: Invoking memory leak when rejecting channels can lead to DoS in golang.org/x/crypto/ssh (bsc#1266049).\n- CVE-2026-39828: Invoking bypass of certificate restrictions in golang.org/x/crypto/ssh (bsc#1266049).\n- CVE-2026-39829: Invoking pathological RSA/DSA parameters may cause DoS in golang.org/x/crypto/ssh (bsc#1266049).\n- CVE-2026-39830: Invoking client can cause server deadlock on unexpected responses in golang.org/x/crypto/ssh\n (bsc#1266049).\n- CVE-2026-39831: Invoking bypass of FIDO/U2F security keys physical interaction in golang.org/x/crypto/ssh\n (bsc#1266049).\n- CVE-2026-39832: Invoking agent constraints dropped when forwarding keys in golang.org/x/crypto/ssh/agent\n (bsc#1266049).\n- CVE-2026-39833: Invoking key constraints not enforced in golang.org/x/crypto/ssh/agent (bsc#1266049).\n- CVE-2026-39834: Invoking infinite loop on large channel writes in golang.org/x/crypto/ssh (bsc#1266049).\n- CVE-2026-39835: Invoking server panic during CheckHostKey/Authenticate in golang.org/x/crypto/ssh (bsc#1266049).\n- CVE-2026-42508: Invoking auth bypass via unenforced @revoked status in golang.org/x/crypto/ssh/knownhosts\n (bsc#1266049).\n- CVE-2026-46595: Invoking VerifiedPublicKeyCallback permissions skip enforcement in golang.org/x/crypto/ssh\n (bsc#1266049).\n- CVE-2026-46597: Invoking byte arithmetic causes underflow and panic in golang.org/x/crypto/ssh (bsc#1266049).\n- CVE-2026-46598: Invoking pathological inputs can lead to client panic in golang.org/x/crypto/ssh/agent (bsc#1266049).\n\nChanges:\n\n * Bounds-check the file basename in PurgeUploads Walk callback\n * Add S3 Express One Zone support to the S3 storage driver\n * Fix tag list endpoint in proxy mode\n * Clamp oversized `n` query parameter in proxy mode instead of\n returning 400\n * See the full changelog below for the full list of changes.\n * internal/client/auth/challenge: cleanups and minor refactor\n * build(deps): bump\n go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp\n from 0.18.0 to 0.19.0 in the go_modules group across 1\n directory\n * build(deps): bump go.opentelemetry.io/otel/exporters/otlp/otl\n ptrace/otlptracehttp from 1.42.0 to 1.43.0 in the go_modules\n group across 1 directory\n * build(deps): bump github/codeql-action from 4.34.1 to 4.35.1\n * chore(build): Bump go version to latest\n * refactor: use slices.Backward to simplify the code\n * fix(proxy): fix tag list endpoint in proxy mode\n * Update docker-compose structure in deploying.md\n * build(deps): bump actions/upload-artifact from 7.0.0 to 7.0.1\n * build(deps): bump actions/upload-pages-artifact from 4.0.0 to\n 5.0.0\n * build(deps): bump docker/login-action from 4.0.0 to 4.1.0\n * build(deps): bump docker/bake-action from 7.0.0 to 7.1.0\n * fix(proxy): clamp oversized n query param instead of\n * feat(s3): add express zone one support to S3 driver\n * fix(storage): bounds-check the file basename in PurgeUploads\n Walk callback\n * chore(release): prepare for v3.1.1 release\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLES-16.0-949",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_22159-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2026:22159-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-202622159-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2026:22159-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-June/026928.html"
},
{
"category": "self",
"summary": "SUSE Bug 1265429",
"url": "https://bugzilla.suse.com/1265429"
},
{
"category": "self",
"summary": "SUSE Bug 1265788",
"url": "https://bugzilla.suse.com/1265788"
},
{
"category": "self",
"summary": "SUSE Bug 1266049",
"url": "https://bugzilla.suse.com/1266049"
},
{
"category": "self",
"summary": "SUSE Bug 1266629",
"url": "https://bugzilla.suse.com/1266629"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-33814 page",
"url": "https://www.suse.com/security/cve/CVE-2026-33814/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39821 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39821/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39827 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39827/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39828 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39828/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39829 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39829/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39830 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39830/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39831 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39831/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39832 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39832/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39833 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39833/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39834 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39834/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39835 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39835/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-41888 page",
"url": "https://www.suse.com/security/cve/CVE-2026-41888/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-42508 page",
"url": "https://www.suse.com/security/cve/CVE-2026-42508/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-46595 page",
"url": "https://www.suse.com/security/cve/CVE-2026-46595/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-46597 page",
"url": "https://www.suse.com/security/cve/CVE-2026-46597/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-46598 page",
"url": "https://www.suse.com/security/cve/CVE-2026-46598/"
}
],
"title": "Security update for distribution",
"tracking": {
"current_release_date": "2026-06-18T14:30:18Z",
"generator": {
"date": "2026-06-18T14:30:18Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2026:22159-1",
"initial_release_date": "2026-06-18T14:30:18Z",
"revision_history": [
{
"date": "2026-06-18T14:30:18Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "distribution-registry-3.1.1-160000.1.1.aarch64",
"product": {
"name": "distribution-registry-3.1.1-160000.1.1.aarch64",
"product_id": "distribution-registry-3.1.1-160000.1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "distribution-registry-3.1.1-160000.1.1.ppc64le",
"product": {
"name": "distribution-registry-3.1.1-160000.1.1.ppc64le",
"product_id": "distribution-registry-3.1.1-160000.1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "distribution-registry-3.1.1-160000.1.1.s390x",
"product": {
"name": "distribution-registry-3.1.1-160000.1.1.s390x",
"product_id": "distribution-registry-3.1.1-160000.1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "distribution-registry-3.1.1-160000.1.1.x86_64",
"product": {
"name": "distribution-registry-3.1.1-160000.1.1.x86_64",
"product_id": "distribution-registry-3.1.1-160000.1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 16.0",
"product": {
"name": "SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:16:16.0:server"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP applications 16.0",
"product": {
"name": "SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:16:16.0:server-sap"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "distribution-registry-3.1.1-160000.1.1.aarch64 as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:distribution-registry-3.1.1-160000.1.1.aarch64"
},
"product_reference": "distribution-registry-3.1.1-160000.1.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "distribution-registry-3.1.1-160000.1.1.ppc64le as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:distribution-registry-3.1.1-160000.1.1.ppc64le"
},
"product_reference": "distribution-registry-3.1.1-160000.1.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "distribution-registry-3.1.1-160000.1.1.s390x as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:distribution-registry-3.1.1-160000.1.1.s390x"
},
"product_reference": "distribution-registry-3.1.1-160000.1.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "distribution-registry-3.1.1-160000.1.1.x86_64 as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:distribution-registry-3.1.1-160000.1.1.x86_64"
},
"product_reference": "distribution-registry-3.1.1-160000.1.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "distribution-registry-3.1.1-160000.1.1.aarch64 as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:distribution-registry-3.1.1-160000.1.1.aarch64"
},
"product_reference": "distribution-registry-3.1.1-160000.1.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "distribution-registry-3.1.1-160000.1.1.ppc64le as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:distribution-registry-3.1.1-160000.1.1.ppc64le"
},
"product_reference": "distribution-registry-3.1.1-160000.1.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "distribution-registry-3.1.1-160000.1.1.s390x as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:distribution-registry-3.1.1-160000.1.1.s390x"
},
"product_reference": "distribution-registry-3.1.1-160000.1.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "distribution-registry-3.1.1-160000.1.1.x86_64 as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:distribution-registry-3.1.1-160000.1.1.x86_64"
},
"product_reference": "distribution-registry-3.1.1-160000.1.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-33814",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-33814"
}
],
"notes": [
{
"category": "general",
"text": "When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a SETTINGS_MAX_FRAME_SIZE with a value of 0.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:distribution-registry-3.1.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:distribution-registry-3.1.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:distribution-registry-3.1.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:distribution-registry-3.1.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:distribution-registry-3.1.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:distribution-registry-3.1.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:distribution-registry-3.1.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:distribution-registry-3.1.1-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-33814",
"url": "https://www.suse.com/security/cve/CVE-2026-33814"
},
{
"category": "external",
"summary": "SUSE Bug 1264506 for CVE-2026-33814",
"url": "https://bugzilla.suse.com/1264506"
},
{
"category": "external",
"summary": "SUSE Bug 1268758 for CVE-2026-33814",
"url": "https://bugzilla.suse.com/1268758"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:distribution-registry-3.1.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:distribution-registry-3.1.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:distribution-registry-3.1.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:distribution-registry-3.1.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:distribution-registry-3.1.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:distribution-registry-3.1.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:distribution-registry-3.1.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:distribution-registry-3.1.1-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:distribution-registry-3.1.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:distribution-registry-3.1.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:distribution-registry-3.1.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:distribution-registry-3.1.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:distribution-registry-3.1.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:distribution-registry-3.1.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:distribution-registry-3.1.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:distribution-registry-3.1.1-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-18T14:30:18Z",
"details": "important"
}
],
"title": "CVE-2026-33814"
},
{
"cve": "CVE-2026-39821",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39821"
}
],
"notes": [
{
"category": "general",
"text": "The ToASCII and ToUnicode functions incorrectly accept Punycode-encoded labels that decode to an ASCII-only label. For example, ToUnicode(\"xn--example-.com\") incorrectly returns the name \"example.com\" rather than an error. This behavior can lead to privilege escalation in programs using the idna package. For example, a program which performs privilege checks on the ASCII hostname may reject \"example.com\" but permit \"xn--example-.com\". If that program subsequently converts the ASCII hostname to Unicode, it will inadvertently permits access to the Unicode name \"example.com\".",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:distribution-registry-3.1.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:distribution-registry-3.1.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:distribution-registry-3.1.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:distribution-registry-3.1.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:distribution-registry-3.1.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:distribution-registry-3.1.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:distribution-registry-3.1.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:distribution-registry-3.1.1-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39821",
"url": "https://www.suse.com/security/cve/CVE-2026-39821"
},
{
"category": "external",
"summary": "SUSE Bug 1266474 for CVE-2026-39821",
"url": "https://bugzilla.suse.com/1266474"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:distribution-registry-3.1.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:distribution-registry-3.1.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:distribution-registry-3.1.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:distribution-registry-3.1.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:distribution-registry-3.1.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:distribution-registry-3.1.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:distribution-registry-3.1.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:distribution-registry-3.1.1-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:distribution-registry-3.1.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:distribution-registry-3.1.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:distribution-registry-3.1.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:distribution-registry-3.1.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:distribution-registry-3.1.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:distribution-registry-3.1.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:distribution-registry-3.1.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:distribution-registry-3.1.1-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-18T14:30:18Z",
"details": "important"
}
],
"title": "CVE-2026-39821"
},
{
"cve": "CVE-2026-39827",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39827"
}
],
"notes": [
{
"category": "general",
"text": "An authenticated SSH client that repeatedly opened channels which were rejected by the server caused unbounded memory growth, eventually crashing the server process and affecting all connected users. Rejected channels are now properly removed from the connection\u0027s internal state and released for garbage collection.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:distribution-registry-3.1.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:distribution-registry-3.1.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:distribution-registry-3.1.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:distribution-registry-3.1.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:distribution-registry-3.1.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:distribution-registry-3.1.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:distribution-registry-3.1.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:distribution-registry-3.1.1-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39827",
"url": "https://www.suse.com/security/cve/CVE-2026-39827"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-39827",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:distribution-registry-3.1.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:distribution-registry-3.1.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:distribution-registry-3.1.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:distribution-registry-3.1.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:distribution-registry-3.1.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:distribution-registry-3.1.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:distribution-registry-3.1.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:distribution-registry-3.1.1-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:distribution-registry-3.1.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:distribution-registry-3.1.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:distribution-registry-3.1.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:distribution-registry-3.1.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:distribution-registry-3.1.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:distribution-registry-3.1.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:distribution-registry-3.1.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:distribution-registry-3.1.1-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-18T14:30:18Z",
"details": "important"
}
],
"title": "CVE-2026-39827"
},
{
"cve": "CVE-2026-39828",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39828"
}
],
"notes": [
{
"category": "general",
"text": "When an SSH server authentication callback returned PartialSuccessError with non-nil Permissions, those permissions were silently discarded, potentially dropping certificate restrictions such as force-command after a second factor succeeded. Returning non-nil Permissions with PartialSuccessError now results in a connection error.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:distribution-registry-3.1.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:distribution-registry-3.1.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:distribution-registry-3.1.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:distribution-registry-3.1.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:distribution-registry-3.1.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:distribution-registry-3.1.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:distribution-registry-3.1.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:distribution-registry-3.1.1-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39828",
"url": "https://www.suse.com/security/cve/CVE-2026-39828"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-39828",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:distribution-registry-3.1.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:distribution-registry-3.1.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:distribution-registry-3.1.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:distribution-registry-3.1.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:distribution-registry-3.1.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:distribution-registry-3.1.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:distribution-registry-3.1.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:distribution-registry-3.1.1-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:distribution-registry-3.1.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:distribution-registry-3.1.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:distribution-registry-3.1.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:distribution-registry-3.1.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:distribution-registry-3.1.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:distribution-registry-3.1.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:distribution-registry-3.1.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:distribution-registry-3.1.1-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-18T14:30:18Z",
"details": "important"
}
],
"title": "CVE-2026-39828"
},
{
"cve": "CVE-2026-39829",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39829"
}
],
"notes": [
{
"category": "general",
"text": "The RSA and DSA public key parsers did not enforce size limits on key parameters. A crafted public key with an excessively large modulus or DSA parameter could cause several minutes of CPU consumption during signature verification. This could be triggered by unauthenticated clients during public key authentication. RSA moduli are now limited to 8192 bits, and DSA parameters are validated per FIPS 186-2.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:distribution-registry-3.1.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:distribution-registry-3.1.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:distribution-registry-3.1.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:distribution-registry-3.1.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:distribution-registry-3.1.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:distribution-registry-3.1.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:distribution-registry-3.1.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:distribution-registry-3.1.1-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39829",
"url": "https://www.suse.com/security/cve/CVE-2026-39829"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-39829",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:distribution-registry-3.1.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:distribution-registry-3.1.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:distribution-registry-3.1.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:distribution-registry-3.1.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:distribution-registry-3.1.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:distribution-registry-3.1.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:distribution-registry-3.1.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:distribution-registry-3.1.1-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:distribution-registry-3.1.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:distribution-registry-3.1.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:distribution-registry-3.1.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:distribution-registry-3.1.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:distribution-registry-3.1.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:distribution-registry-3.1.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:distribution-registry-3.1.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:distribution-registry-3.1.1-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-18T14:30:18Z",
"details": "important"
}
],
"title": "CVE-2026-39829"
},
{
"cve": "CVE-2026-39830",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39830"
}
],
"notes": [
{
"category": "general",
"text": "A malicious SSH peer could send unsolicited global request responses to fill an internal buffer, blocking the connection\u0027s read loop. The blocked goroutine could not be released by calling Close(), resulting in a resource leak per connection. Unsolicited global responses are now discarded.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:distribution-registry-3.1.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:distribution-registry-3.1.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:distribution-registry-3.1.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:distribution-registry-3.1.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:distribution-registry-3.1.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:distribution-registry-3.1.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:distribution-registry-3.1.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:distribution-registry-3.1.1-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39830",
"url": "https://www.suse.com/security/cve/CVE-2026-39830"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-39830",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:distribution-registry-3.1.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:distribution-registry-3.1.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:distribution-registry-3.1.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:distribution-registry-3.1.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:distribution-registry-3.1.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:distribution-registry-3.1.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:distribution-registry-3.1.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:distribution-registry-3.1.1-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:distribution-registry-3.1.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:distribution-registry-3.1.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:distribution-registry-3.1.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:distribution-registry-3.1.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:distribution-registry-3.1.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:distribution-registry-3.1.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:distribution-registry-3.1.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:distribution-registry-3.1.1-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-18T14:30:18Z",
"details": "important"
}
],
"title": "CVE-2026-39830"
},
{
"cve": "CVE-2026-39831",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39831"
}
],
"notes": [
{
"category": "general",
"text": "The Verify() method for FIDO/U2F security key types (sk-ecdsa-sha2-nistp256@openssh.com, sk-ssh-ed25519@openssh.com) did not check the User Presence flag. Signatures generated without physical touch were accepted, allowing unattended use of a hardware security key. To restore the previous behavior, return a \"no-touch-required\" extension in Permissions.Extensions from PublicKeyCallback.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:distribution-registry-3.1.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:distribution-registry-3.1.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:distribution-registry-3.1.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:distribution-registry-3.1.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:distribution-registry-3.1.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:distribution-registry-3.1.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:distribution-registry-3.1.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:distribution-registry-3.1.1-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39831",
"url": "https://www.suse.com/security/cve/CVE-2026-39831"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-39831",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:distribution-registry-3.1.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:distribution-registry-3.1.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:distribution-registry-3.1.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:distribution-registry-3.1.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:distribution-registry-3.1.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:distribution-registry-3.1.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:distribution-registry-3.1.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:distribution-registry-3.1.1-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:distribution-registry-3.1.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:distribution-registry-3.1.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:distribution-registry-3.1.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:distribution-registry-3.1.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:distribution-registry-3.1.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:distribution-registry-3.1.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:distribution-registry-3.1.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:distribution-registry-3.1.1-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-18T14:30:18Z",
"details": "important"
}
],
"title": "CVE-2026-39831"
},
{
"cve": "CVE-2026-39832",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39832"
}
],
"notes": [
{
"category": "general",
"text": "When adding a key to a remote agent constraint extensions such as restrict-destination-v00@openssh.com were not serialized in the request. Destination restrictions were silently stripped when forwarding keys, allowing unrestricted use of the key on the remote host. The client now serializes all constraint extensions. Additionally, the in-memory keyring returned by NewKeyring() now rejects keys with unsupported constraint extensions instead of silently ignoring them.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:distribution-registry-3.1.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:distribution-registry-3.1.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:distribution-registry-3.1.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:distribution-registry-3.1.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:distribution-registry-3.1.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:distribution-registry-3.1.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:distribution-registry-3.1.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:distribution-registry-3.1.1-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39832",
"url": "https://www.suse.com/security/cve/CVE-2026-39832"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-39832",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:distribution-registry-3.1.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:distribution-registry-3.1.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:distribution-registry-3.1.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:distribution-registry-3.1.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:distribution-registry-3.1.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:distribution-registry-3.1.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:distribution-registry-3.1.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:distribution-registry-3.1.1-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:distribution-registry-3.1.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:distribution-registry-3.1.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:distribution-registry-3.1.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:distribution-registry-3.1.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:distribution-registry-3.1.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:distribution-registry-3.1.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:distribution-registry-3.1.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:distribution-registry-3.1.1-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-18T14:30:18Z",
"details": "important"
}
],
"title": "CVE-2026-39832"
},
{
"cve": "CVE-2026-39833",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39833"
}
],
"notes": [
{
"category": "general",
"text": "The in-memory keyring returned by NewKeyring() silently accepted keys with the ConfirmBeforeUse constraint but never enforced it. The key would sign without any confirmation prompt, with no indication to the caller that the constraint was not in effect. NewKeyring() now returns an error when unsupported constraints are requested.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:distribution-registry-3.1.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:distribution-registry-3.1.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:distribution-registry-3.1.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:distribution-registry-3.1.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:distribution-registry-3.1.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:distribution-registry-3.1.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:distribution-registry-3.1.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:distribution-registry-3.1.1-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39833",
"url": "https://www.suse.com/security/cve/CVE-2026-39833"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-39833",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:distribution-registry-3.1.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:distribution-registry-3.1.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:distribution-registry-3.1.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:distribution-registry-3.1.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:distribution-registry-3.1.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:distribution-registry-3.1.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:distribution-registry-3.1.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:distribution-registry-3.1.1-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:distribution-registry-3.1.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:distribution-registry-3.1.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:distribution-registry-3.1.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:distribution-registry-3.1.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:distribution-registry-3.1.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:distribution-registry-3.1.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:distribution-registry-3.1.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:distribution-registry-3.1.1-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-18T14:30:18Z",
"details": "important"
}
],
"title": "CVE-2026-39833"
},
{
"cve": "CVE-2026-39834",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39834"
}
],
"notes": [
{
"category": "general",
"text": "When writing data larger than 4GB in a single Write call on an SSH channel, an integer overflow in the internal payload size calculation caused the write loop to spin indefinitely, sending empty packets without making progress. The size comparison now uses int64 to prevent truncation.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:distribution-registry-3.1.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:distribution-registry-3.1.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:distribution-registry-3.1.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:distribution-registry-3.1.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:distribution-registry-3.1.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:distribution-registry-3.1.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:distribution-registry-3.1.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:distribution-registry-3.1.1-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39834",
"url": "https://www.suse.com/security/cve/CVE-2026-39834"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-39834",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:distribution-registry-3.1.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:distribution-registry-3.1.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:distribution-registry-3.1.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:distribution-registry-3.1.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:distribution-registry-3.1.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:distribution-registry-3.1.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:distribution-registry-3.1.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:distribution-registry-3.1.1-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:distribution-registry-3.1.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:distribution-registry-3.1.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:distribution-registry-3.1.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:distribution-registry-3.1.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:distribution-registry-3.1.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:distribution-registry-3.1.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:distribution-registry-3.1.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:distribution-registry-3.1.1-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-18T14:30:18Z",
"details": "important"
}
],
"title": "CVE-2026-39834"
},
{
"cve": "CVE-2026-39835",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39835"
}
],
"notes": [
{
"category": "general",
"text": "SSH servers which use CertChecker as a public key callback without setting IsUserAuthority or IsHostAuthority could be caused to panic by a client presenting a certificate. CertChecker now returns an error instead of panicking when these callbacks are nil.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:distribution-registry-3.1.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:distribution-registry-3.1.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:distribution-registry-3.1.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:distribution-registry-3.1.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:distribution-registry-3.1.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:distribution-registry-3.1.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:distribution-registry-3.1.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:distribution-registry-3.1.1-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39835",
"url": "https://www.suse.com/security/cve/CVE-2026-39835"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-39835",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:distribution-registry-3.1.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:distribution-registry-3.1.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:distribution-registry-3.1.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:distribution-registry-3.1.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:distribution-registry-3.1.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:distribution-registry-3.1.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:distribution-registry-3.1.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:distribution-registry-3.1.1-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:distribution-registry-3.1.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:distribution-registry-3.1.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:distribution-registry-3.1.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:distribution-registry-3.1.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:distribution-registry-3.1.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:distribution-registry-3.1.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:distribution-registry-3.1.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:distribution-registry-3.1.1-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-18T14:30:18Z",
"details": "important"
}
],
"title": "CVE-2026-39835"
},
{
"cve": "CVE-2026-41888",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-41888"
}
],
"notes": [
{
"category": "general",
"text": "Distribution is a toolkit to pack, ship, store, and deliver container content. Prior to 3.1.1, tag deletion via the DELETE /v2/\u003cname\u003e/manifests/\u003ctag\u003e endpoint bypasses the storage.delete.enabled: false configuration, allowing any API client to remove tags from repositories even when the operator has explicitly disabled deletion. This vulnerability is fixed in 3.1.1.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:distribution-registry-3.1.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:distribution-registry-3.1.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:distribution-registry-3.1.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:distribution-registry-3.1.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:distribution-registry-3.1.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:distribution-registry-3.1.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:distribution-registry-3.1.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:distribution-registry-3.1.1-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-41888",
"url": "https://www.suse.com/security/cve/CVE-2026-41888"
},
{
"category": "external",
"summary": "SUSE Bug 1265422 for CVE-2026-41888",
"url": "https://bugzilla.suse.com/1265422"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:distribution-registry-3.1.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:distribution-registry-3.1.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:distribution-registry-3.1.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:distribution-registry-3.1.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:distribution-registry-3.1.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:distribution-registry-3.1.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:distribution-registry-3.1.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:distribution-registry-3.1.1-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:distribution-registry-3.1.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:distribution-registry-3.1.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:distribution-registry-3.1.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:distribution-registry-3.1.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:distribution-registry-3.1.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:distribution-registry-3.1.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:distribution-registry-3.1.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:distribution-registry-3.1.1-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-18T14:30:18Z",
"details": "moderate"
}
],
"title": "CVE-2026-41888"
},
{
"cve": "CVE-2026-42508",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-42508"
}
],
"notes": [
{
"category": "general",
"text": "Previously, a revoked \u0027SignatureKey\u0027 belonging to a CA was not correctly checked for revocation. Now, both the \u0027key\u0027 and \u0027key.SignatureKey\u0027 are checked for @revoked.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:distribution-registry-3.1.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:distribution-registry-3.1.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:distribution-registry-3.1.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:distribution-registry-3.1.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:distribution-registry-3.1.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:distribution-registry-3.1.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:distribution-registry-3.1.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:distribution-registry-3.1.1-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-42508",
"url": "https://www.suse.com/security/cve/CVE-2026-42508"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-42508",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:distribution-registry-3.1.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:distribution-registry-3.1.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:distribution-registry-3.1.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:distribution-registry-3.1.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:distribution-registry-3.1.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:distribution-registry-3.1.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:distribution-registry-3.1.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:distribution-registry-3.1.1-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:distribution-registry-3.1.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:distribution-registry-3.1.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:distribution-registry-3.1.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:distribution-registry-3.1.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:distribution-registry-3.1.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:distribution-registry-3.1.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:distribution-registry-3.1.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:distribution-registry-3.1.1-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-18T14:30:18Z",
"details": "important"
}
],
"title": "CVE-2026-42508"
},
{
"cve": "CVE-2026-46595",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-46595"
}
],
"notes": [
{
"category": "general",
"text": "Previously, CVE-2024-45337 fixed an authorization bypass for misused ssh server configurations; if any other type of callback is passed other than public key, then the source-address validation would be skipped.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:distribution-registry-3.1.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:distribution-registry-3.1.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:distribution-registry-3.1.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:distribution-registry-3.1.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:distribution-registry-3.1.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:distribution-registry-3.1.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:distribution-registry-3.1.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:distribution-registry-3.1.1-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-46595",
"url": "https://www.suse.com/security/cve/CVE-2026-46595"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-46595",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:distribution-registry-3.1.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:distribution-registry-3.1.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:distribution-registry-3.1.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:distribution-registry-3.1.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:distribution-registry-3.1.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:distribution-registry-3.1.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:distribution-registry-3.1.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:distribution-registry-3.1.1-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:distribution-registry-3.1.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:distribution-registry-3.1.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:distribution-registry-3.1.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:distribution-registry-3.1.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:distribution-registry-3.1.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:distribution-registry-3.1.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:distribution-registry-3.1.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:distribution-registry-3.1.1-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-18T14:30:18Z",
"details": "important"
}
],
"title": "CVE-2026-46595"
},
{
"cve": "CVE-2026-46597",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-46597"
}
],
"notes": [
{
"category": "general",
"text": "An incorrectly placed cast from bytes to int allowed for server-side panic in the AES-GCM packet decoder for well-crafted inputs.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:distribution-registry-3.1.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:distribution-registry-3.1.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:distribution-registry-3.1.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:distribution-registry-3.1.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:distribution-registry-3.1.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:distribution-registry-3.1.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:distribution-registry-3.1.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:distribution-registry-3.1.1-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-46597",
"url": "https://www.suse.com/security/cve/CVE-2026-46597"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-46597",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:distribution-registry-3.1.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:distribution-registry-3.1.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:distribution-registry-3.1.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:distribution-registry-3.1.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:distribution-registry-3.1.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:distribution-registry-3.1.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:distribution-registry-3.1.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:distribution-registry-3.1.1-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:distribution-registry-3.1.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:distribution-registry-3.1.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:distribution-registry-3.1.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:distribution-registry-3.1.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:distribution-registry-3.1.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:distribution-registry-3.1.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:distribution-registry-3.1.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:distribution-registry-3.1.1-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-18T14:30:18Z",
"details": "important"
}
],
"title": "CVE-2026-46597"
},
{
"cve": "CVE-2026-46598",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-46598"
}
],
"notes": [
{
"category": "general",
"text": "For certain crafted inputs, a \u0027ed25519.PrivateKey\u0027 was created by casting malformed wire bytes, leading to a panic when used.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:distribution-registry-3.1.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:distribution-registry-3.1.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:distribution-registry-3.1.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:distribution-registry-3.1.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:distribution-registry-3.1.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:distribution-registry-3.1.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:distribution-registry-3.1.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:distribution-registry-3.1.1-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-46598",
"url": "https://www.suse.com/security/cve/CVE-2026-46598"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-46598",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:distribution-registry-3.1.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:distribution-registry-3.1.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:distribution-registry-3.1.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:distribution-registry-3.1.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:distribution-registry-3.1.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:distribution-registry-3.1.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:distribution-registry-3.1.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:distribution-registry-3.1.1-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:distribution-registry-3.1.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:distribution-registry-3.1.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:distribution-registry-3.1.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:distribution-registry-3.1.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:distribution-registry-3.1.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:distribution-registry-3.1.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:distribution-registry-3.1.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:distribution-registry-3.1.1-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-18T14:30:18Z",
"details": "important"
}
],
"title": "CVE-2026-46598"
}
]
}
SUSE-SU-2026:22193-1
Vulnerability from csaf_suse - Published: 2026-06-20 06:52 - Updated: 2026-06-20 06:52| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.x86_64 | — |
Vendor Fix
|
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for mcphost",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for mcphost fixes the following issues\n\n- CVE-2026-25680,CVE-2026-25681,CVE-2026-27136,CVE-2026-42502,CVE-2026-42506: golang.org/x/net/html: multiple issues\n when parsing HTML files (bsc#1267109).\n- CVE-2026-33814: golang.org/x/net/http2: infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE\n (bsc#1265730).\n- CVE-2026-39821: golang.org/x/net/idna: failure to reject ASCII-only Punycode-encoded labels allows for validation\n bypass and privilege escalation (bsc#1266572).\n- CVE-2026-39827: Invoking memory leak when rejecting channels can lead to DoS in golang.org/x/crypto/ssh (bsc#1266145).\n- CVE-2026-39828: Invoking bypass of certificate restrictions in golang.org/x/crypto/ssh (bsc#1266145).\n- CVE-2026-39829: Invoking pathological RSA/DSA parameters may cause DoS in golang.org/x/crypto/ssh (bsc#1266145).\n- CVE-2026-39830: Invoking client can cause server deadlock on unexpected responses in golang.org/x/crypto/ssh\n (bsc#1266145).\n- CVE-2026-39831: Invoking bypass of FIDO/U2F security keys physical interaction in golang.org/x/crypto/ssh\n (bsc#1266145).\n- CVE-2026-39832: Invoking agent constraints dropped when forwarding keys in golang.org/x/crypto/ssh/agent\n (bsc#1266145).\n- CVE-2026-39833: Invoking key constraints not enforced in golang.org/x/crypto/ssh/agent (bsc#1266145).\n- CVE-2026-39834: Invoking infinite loop on large channel writes in golang.org/x/crypto/ssh (bsc#1266145).\n- CVE-2026-39835: Invoking server panic during CheckHostKey/Authenticate in golang.org/x/crypto/ssh (bsc#1266145).\n- CVE-2026-42508: Invoking auth bypass via unenforced @revoked status in golang.org/x/crypto/ssh/knownhosts\n (bsc#1266145).\n- CVE-2026-46595: Invoking VerifiedPublicKeyCallback permissions skip enforcement in golang.org/x/crypto/ssh\n (bsc#1266145).\n- CVE-2026-46597: Invoking byte arithmetic causes underflow and panic in golang.org/x/crypto/ssh (bsc#1266145).\n- CVE-2026-46598: Invoking pathological inputs can lead to client panic in golang.org/x/crypto/ssh/agent (bsc#1266145).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLES-16.0-985",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_22193-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2026:22193-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-202622193-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2026:22193-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2026-June/047515.html"
},
{
"category": "self",
"summary": "SUSE Bug 1265730",
"url": "https://bugzilla.suse.com/1265730"
},
{
"category": "self",
"summary": "SUSE Bug 1266145",
"url": "https://bugzilla.suse.com/1266145"
},
{
"category": "self",
"summary": "SUSE Bug 1266572",
"url": "https://bugzilla.suse.com/1266572"
},
{
"category": "self",
"summary": "SUSE Bug 1267109",
"url": "https://bugzilla.suse.com/1267109"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-25680 page",
"url": "https://www.suse.com/security/cve/CVE-2026-25680/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-25681 page",
"url": "https://www.suse.com/security/cve/CVE-2026-25681/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-27136 page",
"url": "https://www.suse.com/security/cve/CVE-2026-27136/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-33814 page",
"url": "https://www.suse.com/security/cve/CVE-2026-33814/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39821 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39821/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39827 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39827/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39828 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39828/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39829 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39829/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39830 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39830/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39831 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39831/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39832 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39832/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39833 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39833/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39834 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39834/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39835 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39835/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-42502 page",
"url": "https://www.suse.com/security/cve/CVE-2026-42502/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-42506 page",
"url": "https://www.suse.com/security/cve/CVE-2026-42506/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-42508 page",
"url": "https://www.suse.com/security/cve/CVE-2026-42508/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-46595 page",
"url": "https://www.suse.com/security/cve/CVE-2026-46595/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-46597 page",
"url": "https://www.suse.com/security/cve/CVE-2026-46597/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-46598 page",
"url": "https://www.suse.com/security/cve/CVE-2026-46598/"
}
],
"title": "Security update for mcphost",
"tracking": {
"current_release_date": "2026-06-20T06:52:25Z",
"generator": {
"date": "2026-06-20T06:52:25Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2026:22193-1",
"initial_release_date": "2026-06-20T06:52:25Z",
"revision_history": [
{
"date": "2026-06-20T06:52:25Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "mcphost-0.34.0-160000.2.1.aarch64",
"product": {
"name": "mcphost-0.34.0-160000.2.1.aarch64",
"product_id": "mcphost-0.34.0-160000.2.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "mcphost-0.34.0-160000.2.1.ppc64le",
"product": {
"name": "mcphost-0.34.0-160000.2.1.ppc64le",
"product_id": "mcphost-0.34.0-160000.2.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "mcphost-0.34.0-160000.2.1.s390x",
"product": {
"name": "mcphost-0.34.0-160000.2.1.s390x",
"product_id": "mcphost-0.34.0-160000.2.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "mcphost-0.34.0-160000.2.1.x86_64",
"product": {
"name": "mcphost-0.34.0-160000.2.1.x86_64",
"product_id": "mcphost-0.34.0-160000.2.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 16.0",
"product": {
"name": "SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:16:16.0:server"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP applications 16.0",
"product": {
"name": "SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:16:16.0:server-sap"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "mcphost-0.34.0-160000.2.1.aarch64 as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.aarch64"
},
"product_reference": "mcphost-0.34.0-160000.2.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mcphost-0.34.0-160000.2.1.ppc64le as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.ppc64le"
},
"product_reference": "mcphost-0.34.0-160000.2.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mcphost-0.34.0-160000.2.1.s390x as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.s390x"
},
"product_reference": "mcphost-0.34.0-160000.2.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mcphost-0.34.0-160000.2.1.x86_64 as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.x86_64"
},
"product_reference": "mcphost-0.34.0-160000.2.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mcphost-0.34.0-160000.2.1.aarch64 as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.aarch64"
},
"product_reference": "mcphost-0.34.0-160000.2.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mcphost-0.34.0-160000.2.1.ppc64le as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.ppc64le"
},
"product_reference": "mcphost-0.34.0-160000.2.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mcphost-0.34.0-160000.2.1.s390x as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.s390x"
},
"product_reference": "mcphost-0.34.0-160000.2.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mcphost-0.34.0-160000.2.1.x86_64 as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.x86_64"
},
"product_reference": "mcphost-0.34.0-160000.2.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-25680",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-25680"
}
],
"notes": [
{
"category": "general",
"text": "Parsing arbitrary HTML can consume excessive CPU time, possibly leading to denial of service.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.aarch64",
"SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.s390x",
"SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-25680",
"url": "https://www.suse.com/security/cve/CVE-2026-25680"
},
{
"category": "external",
"summary": "SUSE Bug 1267044 for CVE-2026-25680",
"url": "https://bugzilla.suse.com/1267044"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.aarch64",
"SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.s390x",
"SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.aarch64",
"SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.s390x",
"SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-20T06:52:25Z",
"details": "important"
}
],
"title": "CVE-2026-25680"
},
{
"cve": "CVE-2026-25681",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-25681"
}
],
"notes": [
{
"category": "general",
"text": "Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt to sanitize input HTML before rendering.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.aarch64",
"SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.s390x",
"SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-25681",
"url": "https://www.suse.com/security/cve/CVE-2026-25681"
},
{
"category": "external",
"summary": "SUSE Bug 1267044 for CVE-2026-25681",
"url": "https://bugzilla.suse.com/1267044"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.aarch64",
"SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.s390x",
"SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.aarch64",
"SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.s390x",
"SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-20T06:52:25Z",
"details": "important"
}
],
"title": "CVE-2026-25681"
},
{
"cve": "CVE-2026-27136",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-27136"
}
],
"notes": [
{
"category": "general",
"text": "Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt to sanitize input HTML before rendering.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.aarch64",
"SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.s390x",
"SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-27136",
"url": "https://www.suse.com/security/cve/CVE-2026-27136"
},
{
"category": "external",
"summary": "SUSE Bug 1267044 for CVE-2026-27136",
"url": "https://bugzilla.suse.com/1267044"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.aarch64",
"SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.s390x",
"SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.aarch64",
"SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.s390x",
"SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-20T06:52:25Z",
"details": "important"
}
],
"title": "CVE-2026-27136"
},
{
"cve": "CVE-2026-33814",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-33814"
}
],
"notes": [
{
"category": "general",
"text": "When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a SETTINGS_MAX_FRAME_SIZE with a value of 0.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.aarch64",
"SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.s390x",
"SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-33814",
"url": "https://www.suse.com/security/cve/CVE-2026-33814"
},
{
"category": "external",
"summary": "SUSE Bug 1264506 for CVE-2026-33814",
"url": "https://bugzilla.suse.com/1264506"
},
{
"category": "external",
"summary": "SUSE Bug 1268758 for CVE-2026-33814",
"url": "https://bugzilla.suse.com/1268758"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.aarch64",
"SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.s390x",
"SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.aarch64",
"SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.s390x",
"SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-20T06:52:25Z",
"details": "important"
}
],
"title": "CVE-2026-33814"
},
{
"cve": "CVE-2026-39821",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39821"
}
],
"notes": [
{
"category": "general",
"text": "The ToASCII and ToUnicode functions incorrectly accept Punycode-encoded labels that decode to an ASCII-only label. For example, ToUnicode(\"xn--example-.com\") incorrectly returns the name \"example.com\" rather than an error. This behavior can lead to privilege escalation in programs using the idna package. For example, a program which performs privilege checks on the ASCII hostname may reject \"example.com\" but permit \"xn--example-.com\". If that program subsequently converts the ASCII hostname to Unicode, it will inadvertently permits access to the Unicode name \"example.com\".",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.aarch64",
"SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.s390x",
"SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39821",
"url": "https://www.suse.com/security/cve/CVE-2026-39821"
},
{
"category": "external",
"summary": "SUSE Bug 1266474 for CVE-2026-39821",
"url": "https://bugzilla.suse.com/1266474"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.aarch64",
"SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.s390x",
"SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.aarch64",
"SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.s390x",
"SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-20T06:52:25Z",
"details": "important"
}
],
"title": "CVE-2026-39821"
},
{
"cve": "CVE-2026-39827",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39827"
}
],
"notes": [
{
"category": "general",
"text": "An authenticated SSH client that repeatedly opened channels which were rejected by the server caused unbounded memory growth, eventually crashing the server process and affecting all connected users. Rejected channels are now properly removed from the connection\u0027s internal state and released for garbage collection.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.aarch64",
"SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.s390x",
"SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39827",
"url": "https://www.suse.com/security/cve/CVE-2026-39827"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-39827",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.aarch64",
"SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.s390x",
"SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.aarch64",
"SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.s390x",
"SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-20T06:52:25Z",
"details": "important"
}
],
"title": "CVE-2026-39827"
},
{
"cve": "CVE-2026-39828",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39828"
}
],
"notes": [
{
"category": "general",
"text": "When an SSH server authentication callback returned PartialSuccessError with non-nil Permissions, those permissions were silently discarded, potentially dropping certificate restrictions such as force-command after a second factor succeeded. Returning non-nil Permissions with PartialSuccessError now results in a connection error.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.aarch64",
"SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.s390x",
"SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39828",
"url": "https://www.suse.com/security/cve/CVE-2026-39828"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-39828",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.aarch64",
"SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.s390x",
"SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.aarch64",
"SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.s390x",
"SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-20T06:52:25Z",
"details": "important"
}
],
"title": "CVE-2026-39828"
},
{
"cve": "CVE-2026-39829",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39829"
}
],
"notes": [
{
"category": "general",
"text": "The RSA and DSA public key parsers did not enforce size limits on key parameters. A crafted public key with an excessively large modulus or DSA parameter could cause several minutes of CPU consumption during signature verification. This could be triggered by unauthenticated clients during public key authentication. RSA moduli are now limited to 8192 bits, and DSA parameters are validated per FIPS 186-2.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.aarch64",
"SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.s390x",
"SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39829",
"url": "https://www.suse.com/security/cve/CVE-2026-39829"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-39829",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.aarch64",
"SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.s390x",
"SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.aarch64",
"SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.s390x",
"SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-20T06:52:25Z",
"details": "important"
}
],
"title": "CVE-2026-39829"
},
{
"cve": "CVE-2026-39830",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39830"
}
],
"notes": [
{
"category": "general",
"text": "A malicious SSH peer could send unsolicited global request responses to fill an internal buffer, blocking the connection\u0027s read loop. The blocked goroutine could not be released by calling Close(), resulting in a resource leak per connection. Unsolicited global responses are now discarded.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.aarch64",
"SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.s390x",
"SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39830",
"url": "https://www.suse.com/security/cve/CVE-2026-39830"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-39830",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.aarch64",
"SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.s390x",
"SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.aarch64",
"SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.s390x",
"SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-20T06:52:25Z",
"details": "important"
}
],
"title": "CVE-2026-39830"
},
{
"cve": "CVE-2026-39831",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39831"
}
],
"notes": [
{
"category": "general",
"text": "The Verify() method for FIDO/U2F security key types (sk-ecdsa-sha2-nistp256@openssh.com, sk-ssh-ed25519@openssh.com) did not check the User Presence flag. Signatures generated without physical touch were accepted, allowing unattended use of a hardware security key. To restore the previous behavior, return a \"no-touch-required\" extension in Permissions.Extensions from PublicKeyCallback.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.aarch64",
"SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.s390x",
"SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39831",
"url": "https://www.suse.com/security/cve/CVE-2026-39831"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-39831",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.aarch64",
"SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.s390x",
"SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.aarch64",
"SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.s390x",
"SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-20T06:52:25Z",
"details": "important"
}
],
"title": "CVE-2026-39831"
},
{
"cve": "CVE-2026-39832",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39832"
}
],
"notes": [
{
"category": "general",
"text": "When adding a key to a remote agent constraint extensions such as restrict-destination-v00@openssh.com were not serialized in the request. Destination restrictions were silently stripped when forwarding keys, allowing unrestricted use of the key on the remote host. The client now serializes all constraint extensions. Additionally, the in-memory keyring returned by NewKeyring() now rejects keys with unsupported constraint extensions instead of silently ignoring them.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.aarch64",
"SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.s390x",
"SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39832",
"url": "https://www.suse.com/security/cve/CVE-2026-39832"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-39832",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.aarch64",
"SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.s390x",
"SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.aarch64",
"SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.s390x",
"SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-20T06:52:25Z",
"details": "important"
}
],
"title": "CVE-2026-39832"
},
{
"cve": "CVE-2026-39833",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39833"
}
],
"notes": [
{
"category": "general",
"text": "The in-memory keyring returned by NewKeyring() silently accepted keys with the ConfirmBeforeUse constraint but never enforced it. The key would sign without any confirmation prompt, with no indication to the caller that the constraint was not in effect. NewKeyring() now returns an error when unsupported constraints are requested.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.aarch64",
"SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.s390x",
"SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39833",
"url": "https://www.suse.com/security/cve/CVE-2026-39833"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-39833",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.aarch64",
"SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.s390x",
"SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.aarch64",
"SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.s390x",
"SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-20T06:52:25Z",
"details": "important"
}
],
"title": "CVE-2026-39833"
},
{
"cve": "CVE-2026-39834",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39834"
}
],
"notes": [
{
"category": "general",
"text": "When writing data larger than 4GB in a single Write call on an SSH channel, an integer overflow in the internal payload size calculation caused the write loop to spin indefinitely, sending empty packets without making progress. The size comparison now uses int64 to prevent truncation.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.aarch64",
"SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.s390x",
"SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39834",
"url": "https://www.suse.com/security/cve/CVE-2026-39834"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-39834",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.aarch64",
"SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.s390x",
"SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.aarch64",
"SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.s390x",
"SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-20T06:52:25Z",
"details": "important"
}
],
"title": "CVE-2026-39834"
},
{
"cve": "CVE-2026-39835",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39835"
}
],
"notes": [
{
"category": "general",
"text": "SSH servers which use CertChecker as a public key callback without setting IsUserAuthority or IsHostAuthority could be caused to panic by a client presenting a certificate. CertChecker now returns an error instead of panicking when these callbacks are nil.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.aarch64",
"SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.s390x",
"SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39835",
"url": "https://www.suse.com/security/cve/CVE-2026-39835"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-39835",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.aarch64",
"SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.s390x",
"SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.aarch64",
"SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.s390x",
"SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-20T06:52:25Z",
"details": "important"
}
],
"title": "CVE-2026-39835"
},
{
"cve": "CVE-2026-42502",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-42502"
}
],
"notes": [
{
"category": "general",
"text": "Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt to sanitize input HTML before rendering.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.aarch64",
"SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.s390x",
"SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-42502",
"url": "https://www.suse.com/security/cve/CVE-2026-42502"
},
{
"category": "external",
"summary": "SUSE Bug 1267044 for CVE-2026-42502",
"url": "https://bugzilla.suse.com/1267044"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.aarch64",
"SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.s390x",
"SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.aarch64",
"SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.s390x",
"SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-20T06:52:25Z",
"details": "important"
}
],
"title": "CVE-2026-42502"
},
{
"cve": "CVE-2026-42506",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-42506"
}
],
"notes": [
{
"category": "general",
"text": "Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt to sanitize input HTML before rendering.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.aarch64",
"SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.s390x",
"SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-42506",
"url": "https://www.suse.com/security/cve/CVE-2026-42506"
},
{
"category": "external",
"summary": "SUSE Bug 1267044 for CVE-2026-42506",
"url": "https://bugzilla.suse.com/1267044"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.aarch64",
"SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.s390x",
"SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.aarch64",
"SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.s390x",
"SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-20T06:52:25Z",
"details": "important"
}
],
"title": "CVE-2026-42506"
},
{
"cve": "CVE-2026-42508",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-42508"
}
],
"notes": [
{
"category": "general",
"text": "Previously, a revoked \u0027SignatureKey\u0027 belonging to a CA was not correctly checked for revocation. Now, both the \u0027key\u0027 and \u0027key.SignatureKey\u0027 are checked for @revoked.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.aarch64",
"SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.s390x",
"SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-42508",
"url": "https://www.suse.com/security/cve/CVE-2026-42508"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-42508",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.aarch64",
"SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.s390x",
"SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.aarch64",
"SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.s390x",
"SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-20T06:52:25Z",
"details": "important"
}
],
"title": "CVE-2026-42508"
},
{
"cve": "CVE-2026-46595",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-46595"
}
],
"notes": [
{
"category": "general",
"text": "Previously, CVE-2024-45337 fixed an authorization bypass for misused ssh server configurations; if any other type of callback is passed other than public key, then the source-address validation would be skipped.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.aarch64",
"SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.s390x",
"SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-46595",
"url": "https://www.suse.com/security/cve/CVE-2026-46595"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-46595",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.aarch64",
"SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.s390x",
"SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.aarch64",
"SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.s390x",
"SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-20T06:52:25Z",
"details": "important"
}
],
"title": "CVE-2026-46595"
},
{
"cve": "CVE-2026-46597",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-46597"
}
],
"notes": [
{
"category": "general",
"text": "An incorrectly placed cast from bytes to int allowed for server-side panic in the AES-GCM packet decoder for well-crafted inputs.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.aarch64",
"SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.s390x",
"SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-46597",
"url": "https://www.suse.com/security/cve/CVE-2026-46597"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-46597",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.aarch64",
"SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.s390x",
"SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.aarch64",
"SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.s390x",
"SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-20T06:52:25Z",
"details": "important"
}
],
"title": "CVE-2026-46597"
},
{
"cve": "CVE-2026-46598",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-46598"
}
],
"notes": [
{
"category": "general",
"text": "For certain crafted inputs, a \u0027ed25519.PrivateKey\u0027 was created by casting malformed wire bytes, leading to a panic when used.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.aarch64",
"SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.s390x",
"SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-46598",
"url": "https://www.suse.com/security/cve/CVE-2026-46598"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-46598",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.aarch64",
"SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.s390x",
"SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.aarch64",
"SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.s390x",
"SUSE Linux Enterprise Server 16.0:mcphost-0.34.0-160000.2.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:mcphost-0.34.0-160000.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-20T06:52:25Z",
"details": "important"
}
],
"title": "CVE-2026-46598"
}
]
}
SUSE-SU-2026:22226-1
Vulnerability from csaf_suse - Published: 2026-06-20 06:52 - Updated: 2026-06-20 06:52| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.x86_64 | — |
Vendor Fix
|
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for mcphost",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for mcphost fixes the following issues\n\n- CVE-2026-25680,CVE-2026-25681,CVE-2026-27136,CVE-2026-42502,CVE-2026-42506: golang.org/x/net/html: multiple issues\n when parsing HTML files (bsc#1267109).\n- CVE-2026-33814: golang.org/x/net/http2: infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE\n (bsc#1265730).\n- CVE-2026-39821: golang.org/x/net/idna: failure to reject ASCII-only Punycode-encoded labels allows for validation\n bypass and privilege escalation (bsc#1266572).\n- CVE-2026-39827: Invoking memory leak when rejecting channels can lead to DoS in golang.org/x/crypto/ssh (bsc#1266145).\n- CVE-2026-39828: Invoking bypass of certificate restrictions in golang.org/x/crypto/ssh (bsc#1266145).\n- CVE-2026-39829: Invoking pathological RSA/DSA parameters may cause DoS in golang.org/x/crypto/ssh (bsc#1266145).\n- CVE-2026-39830: Invoking client can cause server deadlock on unexpected responses in golang.org/x/crypto/ssh\n (bsc#1266145).\n- CVE-2026-39831: Invoking bypass of FIDO/U2F security keys physical interaction in golang.org/x/crypto/ssh\n (bsc#1266145).\n- CVE-2026-39832: Invoking agent constraints dropped when forwarding keys in golang.org/x/crypto/ssh/agent\n (bsc#1266145).\n- CVE-2026-39833: Invoking key constraints not enforced in golang.org/x/crypto/ssh/agent (bsc#1266145).\n- CVE-2026-39834: Invoking infinite loop on large channel writes in golang.org/x/crypto/ssh (bsc#1266145).\n- CVE-2026-39835: Invoking server panic during CheckHostKey/Authenticate in golang.org/x/crypto/ssh (bsc#1266145).\n- CVE-2026-42508: Invoking auth bypass via unenforced @revoked status in golang.org/x/crypto/ssh/knownhosts\n (bsc#1266145).\n- CVE-2026-46595: Invoking VerifiedPublicKeyCallback permissions skip enforcement in golang.org/x/crypto/ssh\n (bsc#1266145).\n- CVE-2026-46597: Invoking byte arithmetic causes underflow and panic in golang.org/x/crypto/ssh (bsc#1266145).\n- CVE-2026-46598: Invoking pathological inputs can lead to client panic in golang.org/x/crypto/ssh/agent (bsc#1266145).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SL-Micro-6.2-985",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_22226-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2026:22226-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-202622226-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2026:22226-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2026-June/047482.html"
},
{
"category": "self",
"summary": "SUSE Bug 1265730",
"url": "https://bugzilla.suse.com/1265730"
},
{
"category": "self",
"summary": "SUSE Bug 1266145",
"url": "https://bugzilla.suse.com/1266145"
},
{
"category": "self",
"summary": "SUSE Bug 1266572",
"url": "https://bugzilla.suse.com/1266572"
},
{
"category": "self",
"summary": "SUSE Bug 1267109",
"url": "https://bugzilla.suse.com/1267109"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-25680 page",
"url": "https://www.suse.com/security/cve/CVE-2026-25680/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-25681 page",
"url": "https://www.suse.com/security/cve/CVE-2026-25681/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-27136 page",
"url": "https://www.suse.com/security/cve/CVE-2026-27136/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-33814 page",
"url": "https://www.suse.com/security/cve/CVE-2026-33814/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39821 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39821/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39827 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39827/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39828 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39828/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39829 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39829/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39830 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39830/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39831 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39831/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39832 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39832/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39833 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39833/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39834 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39834/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39835 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39835/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-42502 page",
"url": "https://www.suse.com/security/cve/CVE-2026-42502/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-42506 page",
"url": "https://www.suse.com/security/cve/CVE-2026-42506/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-42508 page",
"url": "https://www.suse.com/security/cve/CVE-2026-42508/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-46595 page",
"url": "https://www.suse.com/security/cve/CVE-2026-46595/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-46597 page",
"url": "https://www.suse.com/security/cve/CVE-2026-46597/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-46598 page",
"url": "https://www.suse.com/security/cve/CVE-2026-46598/"
}
],
"title": "Security update for mcphost",
"tracking": {
"current_release_date": "2026-06-20T06:52:25Z",
"generator": {
"date": "2026-06-20T06:52:25Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2026:22226-1",
"initial_release_date": "2026-06-20T06:52:25Z",
"revision_history": [
{
"date": "2026-06-20T06:52:25Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "mcphost-0.34.0-160000.2.1.aarch64",
"product": {
"name": "mcphost-0.34.0-160000.2.1.aarch64",
"product_id": "mcphost-0.34.0-160000.2.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "mcphost-0.34.0-160000.2.1.ppc64le",
"product": {
"name": "mcphost-0.34.0-160000.2.1.ppc64le",
"product_id": "mcphost-0.34.0-160000.2.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "mcphost-0.34.0-160000.2.1.s390x",
"product": {
"name": "mcphost-0.34.0-160000.2.1.s390x",
"product_id": "mcphost-0.34.0-160000.2.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "mcphost-0.34.0-160000.2.1.x86_64",
"product": {
"name": "mcphost-0.34.0-160000.2.1.x86_64",
"product_id": "mcphost-0.34.0-160000.2.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Micro 6.2",
"product": {
"name": "SUSE Linux Micro 6.2",
"product_id": "SUSE Linux Micro 6.2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sl-micro:6.2"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "mcphost-0.34.0-160000.2.1.aarch64 as component of SUSE Linux Micro 6.2",
"product_id": "SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.aarch64"
},
"product_reference": "mcphost-0.34.0-160000.2.1.aarch64",
"relates_to_product_reference": "SUSE Linux Micro 6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mcphost-0.34.0-160000.2.1.ppc64le as component of SUSE Linux Micro 6.2",
"product_id": "SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.ppc64le"
},
"product_reference": "mcphost-0.34.0-160000.2.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Micro 6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mcphost-0.34.0-160000.2.1.s390x as component of SUSE Linux Micro 6.2",
"product_id": "SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.s390x"
},
"product_reference": "mcphost-0.34.0-160000.2.1.s390x",
"relates_to_product_reference": "SUSE Linux Micro 6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mcphost-0.34.0-160000.2.1.x86_64 as component of SUSE Linux Micro 6.2",
"product_id": "SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.x86_64"
},
"product_reference": "mcphost-0.34.0-160000.2.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-25680",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-25680"
}
],
"notes": [
{
"category": "general",
"text": "Parsing arbitrary HTML can consume excessive CPU time, possibly leading to denial of service.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.aarch64",
"SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.ppc64le",
"SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.s390x",
"SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-25680",
"url": "https://www.suse.com/security/cve/CVE-2026-25680"
},
{
"category": "external",
"summary": "SUSE Bug 1267044 for CVE-2026-25680",
"url": "https://bugzilla.suse.com/1267044"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.aarch64",
"SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.ppc64le",
"SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.s390x",
"SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.aarch64",
"SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.ppc64le",
"SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.s390x",
"SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-20T06:52:25Z",
"details": "important"
}
],
"title": "CVE-2026-25680"
},
{
"cve": "CVE-2026-25681",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-25681"
}
],
"notes": [
{
"category": "general",
"text": "Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt to sanitize input HTML before rendering.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.aarch64",
"SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.ppc64le",
"SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.s390x",
"SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-25681",
"url": "https://www.suse.com/security/cve/CVE-2026-25681"
},
{
"category": "external",
"summary": "SUSE Bug 1267044 for CVE-2026-25681",
"url": "https://bugzilla.suse.com/1267044"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.aarch64",
"SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.ppc64le",
"SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.s390x",
"SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.aarch64",
"SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.ppc64le",
"SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.s390x",
"SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-20T06:52:25Z",
"details": "important"
}
],
"title": "CVE-2026-25681"
},
{
"cve": "CVE-2026-27136",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-27136"
}
],
"notes": [
{
"category": "general",
"text": "Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt to sanitize input HTML before rendering.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.aarch64",
"SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.ppc64le",
"SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.s390x",
"SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-27136",
"url": "https://www.suse.com/security/cve/CVE-2026-27136"
},
{
"category": "external",
"summary": "SUSE Bug 1267044 for CVE-2026-27136",
"url": "https://bugzilla.suse.com/1267044"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.aarch64",
"SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.ppc64le",
"SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.s390x",
"SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.aarch64",
"SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.ppc64le",
"SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.s390x",
"SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-20T06:52:25Z",
"details": "important"
}
],
"title": "CVE-2026-27136"
},
{
"cve": "CVE-2026-33814",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-33814"
}
],
"notes": [
{
"category": "general",
"text": "When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a SETTINGS_MAX_FRAME_SIZE with a value of 0.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.aarch64",
"SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.ppc64le",
"SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.s390x",
"SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-33814",
"url": "https://www.suse.com/security/cve/CVE-2026-33814"
},
{
"category": "external",
"summary": "SUSE Bug 1264506 for CVE-2026-33814",
"url": "https://bugzilla.suse.com/1264506"
},
{
"category": "external",
"summary": "SUSE Bug 1268758 for CVE-2026-33814",
"url": "https://bugzilla.suse.com/1268758"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.aarch64",
"SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.ppc64le",
"SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.s390x",
"SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.aarch64",
"SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.ppc64le",
"SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.s390x",
"SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-20T06:52:25Z",
"details": "important"
}
],
"title": "CVE-2026-33814"
},
{
"cve": "CVE-2026-39821",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39821"
}
],
"notes": [
{
"category": "general",
"text": "The ToASCII and ToUnicode functions incorrectly accept Punycode-encoded labels that decode to an ASCII-only label. For example, ToUnicode(\"xn--example-.com\") incorrectly returns the name \"example.com\" rather than an error. This behavior can lead to privilege escalation in programs using the idna package. For example, a program which performs privilege checks on the ASCII hostname may reject \"example.com\" but permit \"xn--example-.com\". If that program subsequently converts the ASCII hostname to Unicode, it will inadvertently permits access to the Unicode name \"example.com\".",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.aarch64",
"SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.ppc64le",
"SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.s390x",
"SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39821",
"url": "https://www.suse.com/security/cve/CVE-2026-39821"
},
{
"category": "external",
"summary": "SUSE Bug 1266474 for CVE-2026-39821",
"url": "https://bugzilla.suse.com/1266474"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.aarch64",
"SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.ppc64le",
"SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.s390x",
"SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.aarch64",
"SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.ppc64le",
"SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.s390x",
"SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-20T06:52:25Z",
"details": "important"
}
],
"title": "CVE-2026-39821"
},
{
"cve": "CVE-2026-39827",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39827"
}
],
"notes": [
{
"category": "general",
"text": "An authenticated SSH client that repeatedly opened channels which were rejected by the server caused unbounded memory growth, eventually crashing the server process and affecting all connected users. Rejected channels are now properly removed from the connection\u0027s internal state and released for garbage collection.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.aarch64",
"SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.ppc64le",
"SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.s390x",
"SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39827",
"url": "https://www.suse.com/security/cve/CVE-2026-39827"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-39827",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.aarch64",
"SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.ppc64le",
"SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.s390x",
"SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.aarch64",
"SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.ppc64le",
"SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.s390x",
"SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-20T06:52:25Z",
"details": "important"
}
],
"title": "CVE-2026-39827"
},
{
"cve": "CVE-2026-39828",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39828"
}
],
"notes": [
{
"category": "general",
"text": "When an SSH server authentication callback returned PartialSuccessError with non-nil Permissions, those permissions were silently discarded, potentially dropping certificate restrictions such as force-command after a second factor succeeded. Returning non-nil Permissions with PartialSuccessError now results in a connection error.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.aarch64",
"SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.ppc64le",
"SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.s390x",
"SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39828",
"url": "https://www.suse.com/security/cve/CVE-2026-39828"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-39828",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.aarch64",
"SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.ppc64le",
"SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.s390x",
"SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.aarch64",
"SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.ppc64le",
"SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.s390x",
"SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-20T06:52:25Z",
"details": "important"
}
],
"title": "CVE-2026-39828"
},
{
"cve": "CVE-2026-39829",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39829"
}
],
"notes": [
{
"category": "general",
"text": "The RSA and DSA public key parsers did not enforce size limits on key parameters. A crafted public key with an excessively large modulus or DSA parameter could cause several minutes of CPU consumption during signature verification. This could be triggered by unauthenticated clients during public key authentication. RSA moduli are now limited to 8192 bits, and DSA parameters are validated per FIPS 186-2.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.aarch64",
"SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.ppc64le",
"SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.s390x",
"SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39829",
"url": "https://www.suse.com/security/cve/CVE-2026-39829"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-39829",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.aarch64",
"SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.ppc64le",
"SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.s390x",
"SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.aarch64",
"SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.ppc64le",
"SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.s390x",
"SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-20T06:52:25Z",
"details": "important"
}
],
"title": "CVE-2026-39829"
},
{
"cve": "CVE-2026-39830",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39830"
}
],
"notes": [
{
"category": "general",
"text": "A malicious SSH peer could send unsolicited global request responses to fill an internal buffer, blocking the connection\u0027s read loop. The blocked goroutine could not be released by calling Close(), resulting in a resource leak per connection. Unsolicited global responses are now discarded.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.aarch64",
"SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.ppc64le",
"SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.s390x",
"SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39830",
"url": "https://www.suse.com/security/cve/CVE-2026-39830"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-39830",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.aarch64",
"SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.ppc64le",
"SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.s390x",
"SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.aarch64",
"SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.ppc64le",
"SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.s390x",
"SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-20T06:52:25Z",
"details": "important"
}
],
"title": "CVE-2026-39830"
},
{
"cve": "CVE-2026-39831",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39831"
}
],
"notes": [
{
"category": "general",
"text": "The Verify() method for FIDO/U2F security key types (sk-ecdsa-sha2-nistp256@openssh.com, sk-ssh-ed25519@openssh.com) did not check the User Presence flag. Signatures generated without physical touch were accepted, allowing unattended use of a hardware security key. To restore the previous behavior, return a \"no-touch-required\" extension in Permissions.Extensions from PublicKeyCallback.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.aarch64",
"SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.ppc64le",
"SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.s390x",
"SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39831",
"url": "https://www.suse.com/security/cve/CVE-2026-39831"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-39831",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.aarch64",
"SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.ppc64le",
"SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.s390x",
"SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.aarch64",
"SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.ppc64le",
"SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.s390x",
"SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-20T06:52:25Z",
"details": "important"
}
],
"title": "CVE-2026-39831"
},
{
"cve": "CVE-2026-39832",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39832"
}
],
"notes": [
{
"category": "general",
"text": "When adding a key to a remote agent constraint extensions such as restrict-destination-v00@openssh.com were not serialized in the request. Destination restrictions were silently stripped when forwarding keys, allowing unrestricted use of the key on the remote host. The client now serializes all constraint extensions. Additionally, the in-memory keyring returned by NewKeyring() now rejects keys with unsupported constraint extensions instead of silently ignoring them.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.aarch64",
"SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.ppc64le",
"SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.s390x",
"SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39832",
"url": "https://www.suse.com/security/cve/CVE-2026-39832"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-39832",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.aarch64",
"SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.ppc64le",
"SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.s390x",
"SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.aarch64",
"SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.ppc64le",
"SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.s390x",
"SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-20T06:52:25Z",
"details": "important"
}
],
"title": "CVE-2026-39832"
},
{
"cve": "CVE-2026-39833",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39833"
}
],
"notes": [
{
"category": "general",
"text": "The in-memory keyring returned by NewKeyring() silently accepted keys with the ConfirmBeforeUse constraint but never enforced it. The key would sign without any confirmation prompt, with no indication to the caller that the constraint was not in effect. NewKeyring() now returns an error when unsupported constraints are requested.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.aarch64",
"SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.ppc64le",
"SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.s390x",
"SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39833",
"url": "https://www.suse.com/security/cve/CVE-2026-39833"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-39833",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.aarch64",
"SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.ppc64le",
"SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.s390x",
"SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.aarch64",
"SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.ppc64le",
"SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.s390x",
"SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-20T06:52:25Z",
"details": "important"
}
],
"title": "CVE-2026-39833"
},
{
"cve": "CVE-2026-39834",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39834"
}
],
"notes": [
{
"category": "general",
"text": "When writing data larger than 4GB in a single Write call on an SSH channel, an integer overflow in the internal payload size calculation caused the write loop to spin indefinitely, sending empty packets without making progress. The size comparison now uses int64 to prevent truncation.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.aarch64",
"SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.ppc64le",
"SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.s390x",
"SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39834",
"url": "https://www.suse.com/security/cve/CVE-2026-39834"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-39834",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.aarch64",
"SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.ppc64le",
"SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.s390x",
"SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.aarch64",
"SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.ppc64le",
"SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.s390x",
"SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-20T06:52:25Z",
"details": "important"
}
],
"title": "CVE-2026-39834"
},
{
"cve": "CVE-2026-39835",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39835"
}
],
"notes": [
{
"category": "general",
"text": "SSH servers which use CertChecker as a public key callback without setting IsUserAuthority or IsHostAuthority could be caused to panic by a client presenting a certificate. CertChecker now returns an error instead of panicking when these callbacks are nil.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.aarch64",
"SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.ppc64le",
"SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.s390x",
"SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39835",
"url": "https://www.suse.com/security/cve/CVE-2026-39835"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-39835",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.aarch64",
"SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.ppc64le",
"SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.s390x",
"SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.aarch64",
"SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.ppc64le",
"SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.s390x",
"SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-20T06:52:25Z",
"details": "important"
}
],
"title": "CVE-2026-39835"
},
{
"cve": "CVE-2026-42502",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-42502"
}
],
"notes": [
{
"category": "general",
"text": "Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt to sanitize input HTML before rendering.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.aarch64",
"SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.ppc64le",
"SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.s390x",
"SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-42502",
"url": "https://www.suse.com/security/cve/CVE-2026-42502"
},
{
"category": "external",
"summary": "SUSE Bug 1267044 for CVE-2026-42502",
"url": "https://bugzilla.suse.com/1267044"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.aarch64",
"SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.ppc64le",
"SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.s390x",
"SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.aarch64",
"SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.ppc64le",
"SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.s390x",
"SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-20T06:52:25Z",
"details": "important"
}
],
"title": "CVE-2026-42502"
},
{
"cve": "CVE-2026-42506",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-42506"
}
],
"notes": [
{
"category": "general",
"text": "Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt to sanitize input HTML before rendering.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.aarch64",
"SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.ppc64le",
"SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.s390x",
"SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-42506",
"url": "https://www.suse.com/security/cve/CVE-2026-42506"
},
{
"category": "external",
"summary": "SUSE Bug 1267044 for CVE-2026-42506",
"url": "https://bugzilla.suse.com/1267044"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.aarch64",
"SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.ppc64le",
"SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.s390x",
"SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.aarch64",
"SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.ppc64le",
"SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.s390x",
"SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-20T06:52:25Z",
"details": "important"
}
],
"title": "CVE-2026-42506"
},
{
"cve": "CVE-2026-42508",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-42508"
}
],
"notes": [
{
"category": "general",
"text": "Previously, a revoked \u0027SignatureKey\u0027 belonging to a CA was not correctly checked for revocation. Now, both the \u0027key\u0027 and \u0027key.SignatureKey\u0027 are checked for @revoked.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.aarch64",
"SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.ppc64le",
"SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.s390x",
"SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-42508",
"url": "https://www.suse.com/security/cve/CVE-2026-42508"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-42508",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.aarch64",
"SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.ppc64le",
"SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.s390x",
"SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.aarch64",
"SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.ppc64le",
"SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.s390x",
"SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-20T06:52:25Z",
"details": "important"
}
],
"title": "CVE-2026-42508"
},
{
"cve": "CVE-2026-46595",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-46595"
}
],
"notes": [
{
"category": "general",
"text": "Previously, CVE-2024-45337 fixed an authorization bypass for misused ssh server configurations; if any other type of callback is passed other than public key, then the source-address validation would be skipped.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.aarch64",
"SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.ppc64le",
"SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.s390x",
"SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-46595",
"url": "https://www.suse.com/security/cve/CVE-2026-46595"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-46595",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.aarch64",
"SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.ppc64le",
"SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.s390x",
"SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.aarch64",
"SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.ppc64le",
"SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.s390x",
"SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-20T06:52:25Z",
"details": "important"
}
],
"title": "CVE-2026-46595"
},
{
"cve": "CVE-2026-46597",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-46597"
}
],
"notes": [
{
"category": "general",
"text": "An incorrectly placed cast from bytes to int allowed for server-side panic in the AES-GCM packet decoder for well-crafted inputs.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.aarch64",
"SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.ppc64le",
"SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.s390x",
"SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-46597",
"url": "https://www.suse.com/security/cve/CVE-2026-46597"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-46597",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.aarch64",
"SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.ppc64le",
"SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.s390x",
"SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.aarch64",
"SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.ppc64le",
"SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.s390x",
"SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-20T06:52:25Z",
"details": "important"
}
],
"title": "CVE-2026-46597"
},
{
"cve": "CVE-2026-46598",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-46598"
}
],
"notes": [
{
"category": "general",
"text": "For certain crafted inputs, a \u0027ed25519.PrivateKey\u0027 was created by casting malformed wire bytes, leading to a panic when used.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.aarch64",
"SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.ppc64le",
"SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.s390x",
"SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-46598",
"url": "https://www.suse.com/security/cve/CVE-2026-46598"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-46598",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.aarch64",
"SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.ppc64le",
"SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.s390x",
"SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.aarch64",
"SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.ppc64le",
"SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.s390x",
"SUSE Linux Micro 6.2:mcphost-0.34.0-160000.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-20T06:52:25Z",
"details": "important"
}
],
"title": "CVE-2026-46598"
}
]
}
SUSE-SU-2026:22242-1
Vulnerability from csaf_suse - Published: 2026-06-22 09:09 - Updated: 2026-06-22 09:09| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.x86_64 | — |
Vendor Fix
|
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for google-osconfig-agent",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for google-osconfig-agent fixes the following issues\n\n- CVE-2023-45288: golang.org/x/net/http2: close connections when receiving too many headers (bsc#1236533).\n- CVE-2025-47911: golang.org/x/net/html: various algorithms with quadratic complexity when parsing HTML documents\n (bsc#1251453).\n- CVE-2025-58190: golang.org/x/net/html: excessive memory consumption by `html.ParseFragment` when processing specially\n crafted input (bsc#1251704).\n- CVE-2026-33186: google.golang.org/grpc: authorization bypass due to improper validation of the HTTP/2 :path pseudo-\n header (bsc#1260264).\n- CVE-2026-33814: golang.org/x/net/http2: infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE\n (bsc#1265762).\n- CVE-2026-34986: github.com/go-jose/go-jose/v4: crafted JWE input with a missing encrypted key can lead to a denial of\n service (bsc#1262926).\n- CVE-2026-39821: golang.org/x/net/idna: failure to reject ASCII-only Punycode-encoded labels allows for validation\n bypass and privilege escalation (bsc#1266603).\n- CVE-2026-39827: Invoking memory leak when rejecting channels can lead to DoS in golang.org/x/crypto/ssh (bsc#1266171).\n- CVE-2026-39828: Invoking bypass of certificate restrictions in golang.org/x/crypto/ssh (bsc#1266171).\n- CVE-2026-39829: Invoking pathological RSA/DSA parameters may cause DoS in golang.org/x/crypto/ssh (bsc#1266171).\n- CVE-2026-39830: Invoking client can cause server deadlock on unexpected responses in golang.org/x/crypto/ssh\n (bsc#1266171).\n- CVE-2026-39831: Invoking bypass of FIDO/U2F security keys physical interaction in golang.org/x/crypto/ssh\n (bsc#1266171).\n- CVE-2026-39832: Invoking agent constraints dropped when forwarding keys in golang.org/x/crypto/ssh/agent \n (bsc#1266171).\n- CVE-2026-39833: Invoking key constraints not enforced in golang.org/x/crypto/ssh/agent (bsc#1266171).\n- CVE-2026-39834: Invoking infinite loop on large channel writes in golang.org/x/crypto/ssh (bsc#1266171).\n- CVE-2026-39835: Invoking server panic during CheckHostKey/Authenticate in golang.org/x/crypto/ssh (bsc#1266171).\n- CVE-2026-42508: Invoking auth bypass via unenforced @revoked status in golang.org/x/crypto/ssh/knownhosts\n (bsc#1266171).\n- CVE-2026-46595: Invoking VerifiedPublicKeyCallback permissions skip enforcement in golang.org/x/crypto/ssh\n (bsc#1266171).\n- CVE-2026-46597: Invoking byte arithmetic causes underflow and panic in golang.org/x/crypto/ssh (bsc#1266171).\n- CVE-2026-46598: Invoking pathological inputs can lead to client panic in golang.org/x/crypto/ssh/agent (bsc#1266171).\n- CVE-2026-41506: github.com/go-git/go-git/v5: HTTP authentication credential leak when following redirects during\n smart-HTTP clone and fetch operations (bsc#1264923).\n\nChanges for google-osconfig-agent:\n\n- Update to version 20260615.01\n * Upgrade golang.org/x/crypto \u0026 golang.org/x/net (#1006)\n- from version 20260615.00\n * Add unit tests for ospatch_apt_upgrade.go (#938)\n- Update to version 20260611.00\n * Add unit tests for policies/policies.go PART 5 (#998)\n- from version 20260610.00\n * Add unit tests for policies/policies.go PART 4 (#997)\n- from version 20260609.02\n * squash commits (#936)\n- from version 20260609.01\n * Add unit tests for policies/policies.go PART 3 (#996)\n- from version 20260609.00\n * Add unit tests for policies/policies.go PART 2 (#991)\n- from version 20260602.01\n * Align format of dates and timestamp collected across Windows packages (#973)\n- from version 20260602.00\n * Add unit tests for config/config,go (#979)\n- from version 20260528.00\n * Bump github.com/containerd/containerd (#990)\n- from version 20260521.00\n * Cover agentconfig functionality by unit tests (#925)\n- from version 20260520.04\n * Add unit tests for policies/googet.go (#961)\n * Bump github.com/go-git/go-git/v5 (#987)\n- from version 20260520.02\n * Add unit tests for policies/yum.go (#952)\n * Add unit tests for policies/apt.go PART 3 (#951)\n- from version 20260520.00\n * Add unit tests for policies/zypper.go (#953)\n- from version 20260519.00\n * Add unit tests for policies/policies.go PART 1 (#949)\n- from version 20260513.01\n * Bump github.com/go-git/go-git/v5 (#981), this also updates\n golang.org/x/net to v0.53.0 (bsc#1265762, CVE-2026-33814)\n- from version 20260513.00\n * upgrade a few packages (#980)\n- from version 20260512.02\n * Add/improve unit tests for agentendpoint/exec_task.go (#933)\n- from version 20260512.01\n * Cover google_update.go by unit tests (#941)\n- from version 20260512.00\n * Change zone for arm64 builds because of stockout (#978)\n- Update to version 20260511.00\n * switch to t2a-standard-2 on ARM package build (#977)\n- from version 20260505.03\n * Cover zypper_patch by unit tests (#958)\n- from version 20260505.02\n * Remove unused functions DisableAutoUpdates (#970)\n- from version 20260505.01\n * Bump go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc (#966)\n- from version 20260505.00\n * Upgrade a few dependencies across the repo (#968)\n + github.com/go-git/go-git/v5 5.16.2-\u003e5.18.0 (bsc#1264923, CVE-2026-41506)\n + github.com/go-jose/go-jose/v4 4.1.3-\u003e4.1.4 (bsc#1262926, CVE-2026-34986)\n + github.com/go-viper/mapstructure/v2 2.3.0-\u003e2.4.0\n + go.opentelemetry.io/otel 1.40.0-\u003e1.41.0\n + go.opentelemetry.io/otel/sdk 1.39.0-\u003e1.43.0\n- from version 20260504.01\n * bump github.com/docker/cli to 29.2.0 (#962)\n- from version 20260504.00\n * Bump github.com/opencontainers/selinux (#960)\n- Update to version 20260428.00\n * Add/improve unit tests for agentendpoint/agentendpoint.go (#930)\n- from version 20260427.03\n * Cover config/file.go by unit tests (#935)\n- from version 20260422.01\n * Cover patch_linux.go by unit tests (#932)\n- from version 20260422.00\n * upgrade grpc package in main package and e2e tests (#959)\n (bsc#1260264, CVE-2026-33186)\n- from version 20260417.04\n * Bump OSV-Scalibr version to v0.4.3 (#956)\n- from version 20260417.03\n * Add unit tests for updates_linux.go (#937)\n- from version 20260417.02\n * Add zone to CreateDisk step (#955)\n- from version 20260417.01\n * Change disk type for deb11 (#954)\n- from version 20260417.00\n * Add unit tests for policies/apt.go PART 1 (#950)\n- from version 20260410.02\n * Add unit tests for packages/pty_linux.go (#943)\n- from version 20260410.01\n * fix disk type for arm workflows (#948)\n- from version 20260410.00\n * Change machine type for arm based workflows (#946)\n- Update to version 20260330.00\n * bump timeouts for all workflows (#940)\n- from version 20260326.00\n * Cover exec_resource.go by unit tests (#934)\n- from version 20260318.00\n * Integrate OSConfig agent with ReportVmInventory (#923)\n- from version 20260313.02\n * remove cacheonly flag from yum upgrade (#924)\n- from version 20260313.01\n * conditions python version override (#927)\n- from version 20260313.00\n * Fix presubmits by explicitly set python version for rpm based systems (#926)\n- from version 20260311.00\n * Bump osconfig version (#922)\n- from version 20260309.02\n * Extend OSV scalibr extractor (#921)\n- from version 20260309.01\n * upgrade golang.org/x/crypto and it\u0027s transitive deps (#918)\n- from version 20260309.00\n * Add purl to pkg info (#920)\n- from version 20260306.00\n * Add \u0027Type\u0027 field to PkgInfo (#919)\n- from version 20260303.01\n * Upgrade go.opentelemetry.io/otel/sdk (#913)\n- from version 20260303.00\n * Bump github.com/vbatts/tar-split from 0.11.5 to 0.12.2 (#908)\n- from version 20260302.00\n * Bump github.com/spdx/tools-golang from 0.5.3 to 0.5.7 (#906)\n- from version 20260126.00\n * Bump go.opentelemetry.io/otel/sdk from 1.38.0 to 1.39.0 (#905)\n * Bump github.com/sirupsen/logrus (#894)\n- Update to version 20260119.00\n * Bump cloud.google.com/go/storage from 1.56.0 to 1.58.0 (#899)\n- Update to version 20251230.00\n * chore: Migrate gsutil usage to gcloud storage (#904)\n- from version 20251223.00\n * fix e2e tests for report inventory (#903)\n- from version 20251222.01\n * Revert \"Bump cloud.google.com/go/longrunning from 0.6.3 to 0.7.0 (#882)\" (#902)\n- from version 20251222.00\n * Bump golang to the new version (#900)\n- from version 20251218.00\n * add new CODEOWNERS (#901)\n- from version 20251217.00\n * Bump cloud.google.com/go/longrunning from 0.6.3 to 0.7.0 (#882)\n- Bump the golang compiler version to 1.24.5\n- Update to version 20251202.00\n * Revert \"Bump github.com/spdx/tools-golang from 0.5.3 to 0.5.5 (#887)\" (#893)\n- Update to version 20251201.00\n * Revert \"Bump github.com/containerd/containerd (#890)\" (#892)\n- Update to version 20251126.00\n * Bump github.com/containerd/containerd (#890)\n * Bump github.com/spdx/tools-golang from 0.5.3 to 0.5.5 (#887)\n- Update to version 20251028.00\n * Bump go.opentelemetry.io/otel/sdk/metric from 1.35.0 to 1.38.0 (#886)\n * Bump github.com/tidwall/pretty from 1.2.0 to 1.2.1 (#880)\n- from version 20251023.02\n * Create multiple_os.yaml (#883)\n- from version 20251023.00\n * Bump github.com/docker/go-connections from 0.4.0 to 0.6.0 (#877)\n * Add test runner for e2e tests (#876)\n- Update to version 20250925.00\n * Bump cloud.google.com/go/auth/oauth2adapt from 0.2.7 to 0.2.8 (#870)\n * Bump google.golang.org/protobuf from 1.36.6 to 1.36.9 (#874)\n * Bump go.opentelemetry.io/otel from 1.35.0 to 1.38.0 (#872)\n * Bump github.com/golang/glog from 1.2.4 to 1.2.5 (#830)\n- Update to version 20250902.01\n * Bump github.com/googleapis/enterprise-certificate-proxy (#829)\n- from version 20250902.00\n * update github.com/go-jose/go-jose/v4 (#869)\n * Upgrade scalibr and other deps (#866)\n- from version 20250901.00\n * Fix possibility of path traversal for zip and tar archival (#868)\n- from version 20250825.00\n * set CODEOWNERS file as required by org (#863)\n- from version 20250819.00\n * Fix/rhel10 build centos image (#860)\n- from version 20250814.00\n * Fix/rhel10 build image (#859)\n- from version 20250813.00\n * Fix: Add RHEL 10 support to RPM startup script (#858)\n- from version 20250811.00\n * Remove old/sles-15-sp4-sap as image is deprecated (#857)\n- Update to version 20250806.00\n * Fixed JSON identifier for the universe domain (#855)\n- from version 20250729.00\n * Bump github.com/google/s2a-go from 0.1.8 to 0.1.9 (#828)\n- from version 20250725.02\n * Update utils.go (#854)\n * Upgrade golang.org/x/oauth2 package to the latest. (#853)\n * Bump golang.org/x/time from 0.9.0 to 0.12.0 (#839)\n- from version 20250725.01\n * Bump golang.org/x/oauth2 (#848)\n * Port fix for debian 11 to goo package manager. (#852)\n- from version 20250725.00\n * Update Golang version in common.sh and skip backports\n repo for debian 11 (#850)\n- from version 20250723.01\n * Add workflows to build package for el10 (#849)\n- from version 20250721.00\n * Make OS Config agent TPC aware (#846)\n- from version 20250718.00\n * Create workflows for new Debian 13. (#847)\n- Update to version 20250703.00\n * Fix sles images (#844)\n- from version 20250702.00\n * Remove rhel-sap 8-4 add rhel-sap 8-10 (#843)\n- from version 20250701.00\n * Bump the go_modules group across 1 directory with 2 updates (#840)\n- Update to version 20250606.00\n * Change base docker images Google\u0027s official base images. (#838)\n- Update to version 20250523.01\n * Add a simple no-op OS policy for user testing (#837)\n- from version 20250523.00\n * Introduce scalibr inventory extractor for dpkg/rpm/cos\n os/filesystem extractors (linux) (#834)\n * Trace GetInstalledPackages memory levels (#835)\n- from version 20250520.00\n- Update to version 20250513.00\n * Fix rpm extractor, handle (none) value correctly. (#833)\n- from version 20250512.01\n * Bump github.com/envoyproxy/go-control-plane from 0.13.1 to 0.13.4 (#816)\n- from version 20250512.00\n * Bump golang.org/x/net from 0.39.0 to 0.40.0 (#819)\n- from version 20250508.01\n * cosmetic refactoring to osinfo package (#826)\n- from version 20250508.00\n * Refactor /inventory with dependency injection (#825)\n * Add debian, ubuntu (InstalledDebPackages) snapshots (#821)\n * cover packages_linux.go file with tests (#824)\n * Add debian (10,11,12) GetPackageUpdates output snapshots (#822)\n- from version 20250507.00\n * Add InstalledRPMPackages snapshot tests (#823)\n- from version 20250506.02\n * Yum tests: simplify initialization of exit errors (#820)\n- from version 20250506.01\n * Improve test coverage for gem package manager (#818)\n- from version 20250506.00\n * after go/x/crypto update 0.32.0 -\u003e 0.37.0 (#817)\n- from version 20250505.01\n * Improve packages package coverage (#814)\n * Bump golang.org/x/net from 0.34.0 to 0.39.0 (#807)\n- from version 20250505.00\n * Bump golang.org/x/crypto from 0.32.0 to 0.37.0 (#806)\n- from version 20250430.00\n * Snapshot YumUpdates (GetPackageUpdates) output (#813)\n- from version 20250428.00\n * Snapshot ZypperPatches, ZypperUpdates (GetPackageUpdates) output\n for sles 12, 15 testdata (#812)\n- from version 20250423.00\n * Introduce MatchSnapshot large test results matcher function, snapshot\n apt-deb GetPackageUpdates (#811)\n- from version 20250416.02\n * defaultSleeper: tolerate 10% difference to reduce test flakiness (#810)\n * Add output of some packagemanagers to the testdata (#808)\n- from version 20250416.01\n * Refactor OS Info package (#809)\n- from version 20250416.00\n * Report RPM inventory as YUM instead of empty SoftwarePackage\n when neither Zypper nor YUM are installed. (#805)\n- from version 20250414.00\n * Update hash computation algorithm (#799)\n- Update to version 20250320.00\n * Bump github.com/envoyproxy/protoc-gen-validate from 1.1.0 to 1.2.1 (#797)\n- from version 20250318.00\n * Bump go.opentelemetry.io/otel/sdk/metric from 1.32.0 to 1.35.0 (#793)\n- from version 20250317.02\n * Bump cel.dev/expr from 0.18.0 to 0.22.0 (#792)\n * Bump github.com/golang/glog from 1.2.3 to 1.2.4 in the go_modules group (#785)\n- from version 20250317.01\n * Bump cloud.google.com/go/logging from 1.12.0 to 1.13.0 (#774)\n- from version 20250317.00\n * Add tests for retryutil package. (#795)\n- from version 20250306.00\n * Update OWNERS (#794)\n- from version 20250206.01\n * Use separate counters for pre- and post-patch reboots. (#788)\n- from version 20250206.00\n * Update owners (#789)\n- from version 20250203.00\n * Fix the vet errors for contants in logging (#786)\n- from version 20250122.00\n * change available package check (#783)\n- from version 20250121.00\n * Fix Inventory reporting e2e tests. (#782)\n- from version 20250120.00\n * fix e2e tests (#781)\n- Add -buildmode=pie to go build command line (bsc#1239948)\n- from version 20240501.00 (bsc#1236533, CVE-2023-45288)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLE-Micro-6.0-764",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_22242-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2026:22242-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-202622242-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2026:22242-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2026-June/047622.html"
},
{
"category": "self",
"summary": "SUSE Bug 1210938",
"url": "https://bugzilla.suse.com/1210938"
},
{
"category": "self",
"summary": "SUSE Bug 1236533",
"url": "https://bugzilla.suse.com/1236533"
},
{
"category": "self",
"summary": "SUSE Bug 1239948",
"url": "https://bugzilla.suse.com/1239948"
},
{
"category": "self",
"summary": "SUSE Bug 1244304",
"url": "https://bugzilla.suse.com/1244304"
},
{
"category": "self",
"summary": "SUSE Bug 1244503",
"url": "https://bugzilla.suse.com/1244503"
},
{
"category": "self",
"summary": "SUSE Bug 1251453",
"url": "https://bugzilla.suse.com/1251453"
},
{
"category": "self",
"summary": "SUSE Bug 1251704",
"url": "https://bugzilla.suse.com/1251704"
},
{
"category": "self",
"summary": "SUSE Bug 1260264",
"url": "https://bugzilla.suse.com/1260264"
},
{
"category": "self",
"summary": "SUSE Bug 1262926",
"url": "https://bugzilla.suse.com/1262926"
},
{
"category": "self",
"summary": "SUSE Bug 1264923",
"url": "https://bugzilla.suse.com/1264923"
},
{
"category": "self",
"summary": "SUSE Bug 1265762",
"url": "https://bugzilla.suse.com/1265762"
},
{
"category": "self",
"summary": "SUSE Bug 1266171",
"url": "https://bugzilla.suse.com/1266171"
},
{
"category": "self",
"summary": "SUSE Bug 1266603",
"url": "https://bugzilla.suse.com/1266603"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-45288 page",
"url": "https://www.suse.com/security/cve/CVE-2023-45288/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-45339 page",
"url": "https://www.suse.com/security/cve/CVE-2024-45339/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22868 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22868/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-47911 page",
"url": "https://www.suse.com/security/cve/CVE-2025-47911/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-58190 page",
"url": "https://www.suse.com/security/cve/CVE-2025-58190/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-33186 page",
"url": "https://www.suse.com/security/cve/CVE-2026-33186/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-33814 page",
"url": "https://www.suse.com/security/cve/CVE-2026-33814/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-34986 page",
"url": "https://www.suse.com/security/cve/CVE-2026-34986/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39821 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39821/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39827 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39827/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39828 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39828/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39829 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39829/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39830 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39830/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39831 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39831/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39832 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39832/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39833 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39833/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39834 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39834/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39835 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39835/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-41506 page",
"url": "https://www.suse.com/security/cve/CVE-2026-41506/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-42508 page",
"url": "https://www.suse.com/security/cve/CVE-2026-42508/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-46595 page",
"url": "https://www.suse.com/security/cve/CVE-2026-46595/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-46597 page",
"url": "https://www.suse.com/security/cve/CVE-2026-46597/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-46598 page",
"url": "https://www.suse.com/security/cve/CVE-2026-46598/"
}
],
"title": "Security update for google-osconfig-agent",
"tracking": {
"current_release_date": "2026-06-22T09:09:04Z",
"generator": {
"date": "2026-06-22T09:09:04Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2026:22242-1",
"initial_release_date": "2026-06-22T09:09:04Z",
"revision_history": [
{
"date": "2026-06-22T09:09:04Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "google-osconfig-agent-20260615.01-1.1.aarch64",
"product": {
"name": "google-osconfig-agent-20260615.01-1.1.aarch64",
"product_id": "google-osconfig-agent-20260615.01-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "google-osconfig-agent-20260615.01-1.1.s390x",
"product": {
"name": "google-osconfig-agent-20260615.01-1.1.s390x",
"product_id": "google-osconfig-agent-20260615.01-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "google-osconfig-agent-20260615.01-1.1.x86_64",
"product": {
"name": "google-osconfig-agent-20260615.01-1.1.x86_64",
"product_id": "google-osconfig-agent-20260615.01-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Micro 6.0",
"product": {
"name": "SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sl-micro:6.0"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "google-osconfig-agent-20260615.01-1.1.aarch64 as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.aarch64"
},
"product_reference": "google-osconfig-agent-20260615.01-1.1.aarch64",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "google-osconfig-agent-20260615.01-1.1.s390x as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.s390x"
},
"product_reference": "google-osconfig-agent-20260615.01-1.1.s390x",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "google-osconfig-agent-20260615.01-1.1.x86_64 as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.x86_64"
},
"product_reference": "google-osconfig-agent-20260615.01-1.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-45288",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-45288"
}
],
"notes": [
{
"category": "general",
"text": "An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request\u0027s headers exceed MaxHeaderBytes, no memory is allocated to store the excess headers, but they are still parsed. This permits an attacker to cause an HTTP/2 endpoint to read arbitrary amounts of header data, all associated with a request which is going to be rejected. These headers can include Huffman-encoded data which is significantly more expensive for the receiver to decode than for an attacker to send. The fix sets a limit on the amount of excess header frames we will process before closing a connection.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.aarch64",
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.s390x",
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-45288",
"url": "https://www.suse.com/security/cve/CVE-2023-45288"
},
{
"category": "external",
"summary": "SUSE Bug 1221400 for CVE-2023-45288",
"url": "https://bugzilla.suse.com/1221400"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.aarch64",
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.s390x",
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.aarch64",
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.s390x",
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-22T09:09:04Z",
"details": "moderate"
}
],
"title": "CVE-2023-45288"
},
{
"cve": "CVE-2024-45339",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-45339"
}
],
"notes": [
{
"category": "general",
"text": "When logs are written to a widely-writable directory (the default), an unprivileged attacker may predict a privileged process\u0027s log file path and pre-create a symbolic link to a sensitive file in its place. When that privileged process runs, it will follow the planted symlink and overwrite that sensitive file. To fix that, glog now causes the program to exit (with status code 2) when it finds that the configured log file already exists.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.aarch64",
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.s390x",
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-45339",
"url": "https://www.suse.com/security/cve/CVE-2024-45339"
},
{
"category": "external",
"summary": "SUSE Bug 1236541 for CVE-2024-45339",
"url": "https://bugzilla.suse.com/1236541"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.aarch64",
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.s390x",
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.aarch64",
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.s390x",
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-22T09:09:04Z",
"details": "important"
}
],
"title": "CVE-2024-45339"
},
{
"cve": "CVE-2025-22868",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22868"
}
],
"notes": [
{
"category": "general",
"text": "An attacker can pass a malicious malformed token which causes unexpected memory to be consumed during parsing.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.aarch64",
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.s390x",
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22868",
"url": "https://www.suse.com/security/cve/CVE-2025-22868"
},
{
"category": "external",
"summary": "SUSE Bug 1239185 for CVE-2025-22868",
"url": "https://bugzilla.suse.com/1239185"
},
{
"category": "external",
"summary": "SUSE Bug 1239186 for CVE-2025-22868",
"url": "https://bugzilla.suse.com/1239186"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.aarch64",
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.s390x",
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.aarch64",
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.s390x",
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-22T09:09:04Z",
"details": "important"
}
],
"title": "CVE-2025-22868"
},
{
"cve": "CVE-2025-47911",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-47911"
}
],
"notes": [
{
"category": "general",
"text": "The html.Parse function in golang.org/x/net/html has quadratic parsing complexity when processing certain inputs, which can lead to denial of service (DoS) if an attacker provides specially crafted HTML content.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.aarch64",
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.s390x",
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-47911",
"url": "https://www.suse.com/security/cve/CVE-2025-47911"
},
{
"category": "external",
"summary": "SUSE Bug 1251308 for CVE-2025-47911",
"url": "https://bugzilla.suse.com/1251308"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.aarch64",
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.s390x",
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.aarch64",
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.s390x",
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-22T09:09:04Z",
"details": "moderate"
}
],
"title": "CVE-2025-47911"
},
{
"cve": "CVE-2025-58190",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-58190"
}
],
"notes": [
{
"category": "general",
"text": "The html.Parse function in golang.org/x/net/html has an infinite parsing loop when processing certain inputs, which can lead to denial of service (DoS) if an attacker provides specially crafted HTML content.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.aarch64",
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.s390x",
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-58190",
"url": "https://www.suse.com/security/cve/CVE-2025-58190"
},
{
"category": "external",
"summary": "SUSE Bug 1251309 for CVE-2025-58190",
"url": "https://bugzilla.suse.com/1251309"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.aarch64",
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.s390x",
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.aarch64",
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.s390x",
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-22T09:09:04Z",
"details": "moderate"
}
],
"title": "CVE-2025-58190"
},
{
"cve": "CVE-2026-33186",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-33186"
}
],
"notes": [
{
"category": "general",
"text": "gRPC-Go is the Go language implementation of gRPC. Versions prior to 1.79.3 have an authorization bypass resulting from improper input validation of the HTTP/2 `:path` pseudo-header. The gRPC-Go server was too lenient in its routing logic, accepting requests where the `:path` omitted the mandatory leading slash (e.g., `Service/Method` instead of `/Service/Method`). While the server successfully routed these requests to the correct handler, authorization interceptors (including the official `grpc/authz` package) evaluated the raw, non-canonical path string. Consequently, \"deny\" rules defined using canonical paths (starting with `/`) failed to match the incoming request, allowing it to bypass the policy if a fallback \"allow\" rule was present. This affects gRPC-Go servers that use path-based authorization interceptors, such as the official RBAC implementation in `google.golang.org/grpc/authz` or custom interceptors relying on `info.FullMethod` or `grpc.Method(ctx)`; AND that have a security policy contains specific \"deny\" rules for canonical paths but allows other requests by default (a fallback \"allow\" rule). The vulnerability is exploitable by an attacker who can send raw HTTP/2 frames with malformed `:path` headers directly to the gRPC server. The fix in version 1.79.3 ensures that any request with a `:path` that does not start with a leading slash is immediately rejected with a `codes.Unimplemented` error, preventing it from reaching authorization interceptors or handlers with a non-canonical path string. While upgrading is the most secure and recommended path, users can mitigate the vulnerability using one of the following methods: Use a validating interceptor (recommended mitigation); infrastructure-level normalization; and/or policy hardening.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.aarch64",
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.s390x",
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-33186",
"url": "https://www.suse.com/security/cve/CVE-2026-33186"
},
{
"category": "external",
"summary": "SUSE Bug 1260085 for CVE-2026-33186",
"url": "https://bugzilla.suse.com/1260085"
},
{
"category": "external",
"summary": "SUSE Bug 1268676 for CVE-2026-33186",
"url": "https://bugzilla.suse.com/1268676"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.aarch64",
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.s390x",
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.aarch64",
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.s390x",
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-22T09:09:04Z",
"details": "important"
}
],
"title": "CVE-2026-33186"
},
{
"cve": "CVE-2026-33814",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-33814"
}
],
"notes": [
{
"category": "general",
"text": "When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a SETTINGS_MAX_FRAME_SIZE with a value of 0.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.aarch64",
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.s390x",
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-33814",
"url": "https://www.suse.com/security/cve/CVE-2026-33814"
},
{
"category": "external",
"summary": "SUSE Bug 1264506 for CVE-2026-33814",
"url": "https://bugzilla.suse.com/1264506"
},
{
"category": "external",
"summary": "SUSE Bug 1268758 for CVE-2026-33814",
"url": "https://bugzilla.suse.com/1268758"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.aarch64",
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.s390x",
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.aarch64",
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.s390x",
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-22T09:09:04Z",
"details": "important"
}
],
"title": "CVE-2026-33814"
},
{
"cve": "CVE-2026-34986",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-34986"
}
],
"notes": [
{
"category": "general",
"text": "Go JOSE provides an implementation of the Javascript Object Signing and Encryption set of standards in Go, including support for JSON Web Encryption (JWE), JSON Web Signature (JWS), and JSON Web Token (JWT) standards. Prior to 4.1.4 and 3.0.5, decrypting a JSON Web Encryption (JWE) object will panic if the alg field indicates a key wrapping algorithm (one ending in KW, with the exception of A128GCMKW, A192GCMKW, and A256GCMKW) and the encrypted_key field is empty. The panic happens when cipher.KeyUnwrap() in key_wrap.go attempts to allocate a slice with a zero or negative length based on the length of the encrypted_key. This code path is reachable from ParseEncrypted() / ParseEncryptedJSON() / ParseEncryptedCompact() followed by Decrypt() on the resulting object. Note that the parse functions take a list of accepted key algorithms. If the accepted key algorithms do not include any key wrapping algorithms, parsing will fail and the application will be unaffected. This panic is also reachable by calling cipher.KeyUnwrap() directly with any ciphertext parameter less than 16 bytes long, but calling this function directly is less common. Panics can lead to denial of service. This vulnerability is fixed in 4.1.4 and 3.0.5.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.aarch64",
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.s390x",
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-34986",
"url": "https://www.suse.com/security/cve/CVE-2026-34986"
},
{
"category": "external",
"summary": "SUSE Bug 1262805 for CVE-2026-34986",
"url": "https://bugzilla.suse.com/1262805"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.aarch64",
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.s390x",
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.aarch64",
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.s390x",
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-22T09:09:04Z",
"details": "important"
}
],
"title": "CVE-2026-34986"
},
{
"cve": "CVE-2026-39821",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39821"
}
],
"notes": [
{
"category": "general",
"text": "The ToASCII and ToUnicode functions incorrectly accept Punycode-encoded labels that decode to an ASCII-only label. For example, ToUnicode(\"xn--example-.com\") incorrectly returns the name \"example.com\" rather than an error. This behavior can lead to privilege escalation in programs using the idna package. For example, a program which performs privilege checks on the ASCII hostname may reject \"example.com\" but permit \"xn--example-.com\". If that program subsequently converts the ASCII hostname to Unicode, it will inadvertently permits access to the Unicode name \"example.com\".",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.aarch64",
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.s390x",
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39821",
"url": "https://www.suse.com/security/cve/CVE-2026-39821"
},
{
"category": "external",
"summary": "SUSE Bug 1266474 for CVE-2026-39821",
"url": "https://bugzilla.suse.com/1266474"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.aarch64",
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.s390x",
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.aarch64",
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.s390x",
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-22T09:09:04Z",
"details": "important"
}
],
"title": "CVE-2026-39821"
},
{
"cve": "CVE-2026-39827",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39827"
}
],
"notes": [
{
"category": "general",
"text": "An authenticated SSH client that repeatedly opened channels which were rejected by the server caused unbounded memory growth, eventually crashing the server process and affecting all connected users. Rejected channels are now properly removed from the connection\u0027s internal state and released for garbage collection.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.aarch64",
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.s390x",
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39827",
"url": "https://www.suse.com/security/cve/CVE-2026-39827"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-39827",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.aarch64",
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.s390x",
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.aarch64",
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.s390x",
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-22T09:09:04Z",
"details": "important"
}
],
"title": "CVE-2026-39827"
},
{
"cve": "CVE-2026-39828",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39828"
}
],
"notes": [
{
"category": "general",
"text": "When an SSH server authentication callback returned PartialSuccessError with non-nil Permissions, those permissions were silently discarded, potentially dropping certificate restrictions such as force-command after a second factor succeeded. Returning non-nil Permissions with PartialSuccessError now results in a connection error.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.aarch64",
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.s390x",
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39828",
"url": "https://www.suse.com/security/cve/CVE-2026-39828"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-39828",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.aarch64",
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.s390x",
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.aarch64",
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.s390x",
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-22T09:09:04Z",
"details": "important"
}
],
"title": "CVE-2026-39828"
},
{
"cve": "CVE-2026-39829",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39829"
}
],
"notes": [
{
"category": "general",
"text": "The RSA and DSA public key parsers did not enforce size limits on key parameters. A crafted public key with an excessively large modulus or DSA parameter could cause several minutes of CPU consumption during signature verification. This could be triggered by unauthenticated clients during public key authentication. RSA moduli are now limited to 8192 bits, and DSA parameters are validated per FIPS 186-2.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.aarch64",
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.s390x",
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39829",
"url": "https://www.suse.com/security/cve/CVE-2026-39829"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-39829",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.aarch64",
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.s390x",
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.aarch64",
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.s390x",
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-22T09:09:04Z",
"details": "important"
}
],
"title": "CVE-2026-39829"
},
{
"cve": "CVE-2026-39830",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39830"
}
],
"notes": [
{
"category": "general",
"text": "A malicious SSH peer could send unsolicited global request responses to fill an internal buffer, blocking the connection\u0027s read loop. The blocked goroutine could not be released by calling Close(), resulting in a resource leak per connection. Unsolicited global responses are now discarded.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.aarch64",
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.s390x",
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39830",
"url": "https://www.suse.com/security/cve/CVE-2026-39830"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-39830",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.aarch64",
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.s390x",
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.aarch64",
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.s390x",
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-22T09:09:04Z",
"details": "important"
}
],
"title": "CVE-2026-39830"
},
{
"cve": "CVE-2026-39831",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39831"
}
],
"notes": [
{
"category": "general",
"text": "The Verify() method for FIDO/U2F security key types (sk-ecdsa-sha2-nistp256@openssh.com, sk-ssh-ed25519@openssh.com) did not check the User Presence flag. Signatures generated without physical touch were accepted, allowing unattended use of a hardware security key. To restore the previous behavior, return a \"no-touch-required\" extension in Permissions.Extensions from PublicKeyCallback.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.aarch64",
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.s390x",
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39831",
"url": "https://www.suse.com/security/cve/CVE-2026-39831"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-39831",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.aarch64",
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.s390x",
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.aarch64",
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.s390x",
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-22T09:09:04Z",
"details": "important"
}
],
"title": "CVE-2026-39831"
},
{
"cve": "CVE-2026-39832",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39832"
}
],
"notes": [
{
"category": "general",
"text": "When adding a key to a remote agent constraint extensions such as restrict-destination-v00@openssh.com were not serialized in the request. Destination restrictions were silently stripped when forwarding keys, allowing unrestricted use of the key on the remote host. The client now serializes all constraint extensions. Additionally, the in-memory keyring returned by NewKeyring() now rejects keys with unsupported constraint extensions instead of silently ignoring them.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.aarch64",
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.s390x",
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39832",
"url": "https://www.suse.com/security/cve/CVE-2026-39832"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-39832",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.aarch64",
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.s390x",
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.aarch64",
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.s390x",
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-22T09:09:04Z",
"details": "important"
}
],
"title": "CVE-2026-39832"
},
{
"cve": "CVE-2026-39833",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39833"
}
],
"notes": [
{
"category": "general",
"text": "The in-memory keyring returned by NewKeyring() silently accepted keys with the ConfirmBeforeUse constraint but never enforced it. The key would sign without any confirmation prompt, with no indication to the caller that the constraint was not in effect. NewKeyring() now returns an error when unsupported constraints are requested.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.aarch64",
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.s390x",
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39833",
"url": "https://www.suse.com/security/cve/CVE-2026-39833"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-39833",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.aarch64",
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.s390x",
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.aarch64",
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.s390x",
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-22T09:09:04Z",
"details": "important"
}
],
"title": "CVE-2026-39833"
},
{
"cve": "CVE-2026-39834",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39834"
}
],
"notes": [
{
"category": "general",
"text": "When writing data larger than 4GB in a single Write call on an SSH channel, an integer overflow in the internal payload size calculation caused the write loop to spin indefinitely, sending empty packets without making progress. The size comparison now uses int64 to prevent truncation.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.aarch64",
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.s390x",
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39834",
"url": "https://www.suse.com/security/cve/CVE-2026-39834"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-39834",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.aarch64",
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.s390x",
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.aarch64",
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.s390x",
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-22T09:09:04Z",
"details": "important"
}
],
"title": "CVE-2026-39834"
},
{
"cve": "CVE-2026-39835",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39835"
}
],
"notes": [
{
"category": "general",
"text": "SSH servers which use CertChecker as a public key callback without setting IsUserAuthority or IsHostAuthority could be caused to panic by a client presenting a certificate. CertChecker now returns an error instead of panicking when these callbacks are nil.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.aarch64",
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.s390x",
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39835",
"url": "https://www.suse.com/security/cve/CVE-2026-39835"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-39835",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.aarch64",
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.s390x",
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.aarch64",
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.s390x",
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-22T09:09:04Z",
"details": "important"
}
],
"title": "CVE-2026-39835"
},
{
"cve": "CVE-2026-41506",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-41506"
}
],
"notes": [
{
"category": "general",
"text": "go-git is an extensible git implementation library written in pure Go. Prior to versions 5.18.0 and 6.0.0-alpha.2, go-git may leak HTTP authentication credentials when following redirects during smart-HTTP clone and fetch operations. This issue has been patched in versions 5.18.0 and 6.0.0-alpha.2.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.aarch64",
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.s390x",
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-41506",
"url": "https://www.suse.com/security/cve/CVE-2026-41506"
},
{
"category": "external",
"summary": "SUSE Bug 1264854 for CVE-2026-41506",
"url": "https://bugzilla.suse.com/1264854"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.aarch64",
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.s390x",
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.aarch64",
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.s390x",
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-22T09:09:04Z",
"details": "moderate"
}
],
"title": "CVE-2026-41506"
},
{
"cve": "CVE-2026-42508",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-42508"
}
],
"notes": [
{
"category": "general",
"text": "Previously, a revoked \u0027SignatureKey\u0027 belonging to a CA was not correctly checked for revocation. Now, both the \u0027key\u0027 and \u0027key.SignatureKey\u0027 are checked for @revoked.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.aarch64",
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.s390x",
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-42508",
"url": "https://www.suse.com/security/cve/CVE-2026-42508"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-42508",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.aarch64",
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.s390x",
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.aarch64",
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.s390x",
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-22T09:09:04Z",
"details": "important"
}
],
"title": "CVE-2026-42508"
},
{
"cve": "CVE-2026-46595",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-46595"
}
],
"notes": [
{
"category": "general",
"text": "Previously, CVE-2024-45337 fixed an authorization bypass for misused ssh server configurations; if any other type of callback is passed other than public key, then the source-address validation would be skipped.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.aarch64",
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.s390x",
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-46595",
"url": "https://www.suse.com/security/cve/CVE-2026-46595"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-46595",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.aarch64",
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.s390x",
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.aarch64",
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.s390x",
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-22T09:09:04Z",
"details": "important"
}
],
"title": "CVE-2026-46595"
},
{
"cve": "CVE-2026-46597",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-46597"
}
],
"notes": [
{
"category": "general",
"text": "An incorrectly placed cast from bytes to int allowed for server-side panic in the AES-GCM packet decoder for well-crafted inputs.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.aarch64",
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.s390x",
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-46597",
"url": "https://www.suse.com/security/cve/CVE-2026-46597"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-46597",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.aarch64",
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.s390x",
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.aarch64",
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.s390x",
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-22T09:09:04Z",
"details": "important"
}
],
"title": "CVE-2026-46597"
},
{
"cve": "CVE-2026-46598",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-46598"
}
],
"notes": [
{
"category": "general",
"text": "For certain crafted inputs, a \u0027ed25519.PrivateKey\u0027 was created by casting malformed wire bytes, leading to a panic when used.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.aarch64",
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.s390x",
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-46598",
"url": "https://www.suse.com/security/cve/CVE-2026-46598"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-46598",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.aarch64",
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.s390x",
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.aarch64",
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.s390x",
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-22T09:09:04Z",
"details": "important"
}
],
"title": "CVE-2026-46598"
}
]
}
SUSE-SU-2026:22249-1
Vulnerability from csaf_suse - Published: 2026-06-22 09:04 - Updated: 2026-06-22 09:04| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.x86_64 | — |
Vendor Fix
|
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for google-osconfig-agent",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for google-osconfig-agent fixes the following issues\n\n- CVE-2023-45288: golang.org/x/net/http2: close connections when receiving too many headers.\n- CVE-2025-47911: golang.org/x/net/html: various algorithms with quadratic complexity when parsing HTML documents\n (bsc#1251453).\n- CVE-2025-58190: golang.org/x/net/html: excessive memory consumption by `html.ParseFragment` when processing specially\n crafted input (bsc#1251704).\n- CVE-2026-33186: google.golang.org/grpc: authorization bypass due to improper validation of the HTTP/2 :path pseudo-\n header (bsc#1260264).\n- CVE-2026-33814: golang.org/x/net/http2: infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE\n (bsc#1265762).\n- CVE-2026-34986: github.com/go-jose/go-jose/v4: crafted JWE input with a missing encrypted key can lead to a denial of\n service (bsc#1262926).\n- CVE-2026-39821: golang.org/x/net/idna: failure to reject ASCII-only Punycode-encoded labels allows for validation\n bypass and privilege escalation (bsc#1266603).\n- CVE-2026-39827: Invoking memory leak when rejecting channels can lead to DoS in golang.org/x/crypto/ssh (bsc#1266171).\n- CVE-2026-39828: Invoking bypass of certificate restrictions in golang.org/x/crypto/ssh (bsc#1266171).\n- CVE-2026-39829: Invoking pathological RSA/DSA parameters may cause DoS in golang.org/x/crypto/ssh (bsc#1266171).\n- CVE-2026-39830: Invoking client can cause server deadlock on unexpected responses in golang.org/x/crypto/ssh\n (bsc#1266171).\n- CVE-2026-39831: Invoking bypass of FIDO/U2F security keys physical interaction in golang.org/x/crypto/ssh\n (bsc#1266171).\n- CVE-2026-39832: Invoking agent constraints dropped when forwarding keys in golang.org/x/crypto/ssh/agent\n (bsc#1266171).\n- CVE-2026-39833: Invoking key constraints not enforced in golang.org/x/crypto/ssh/agent (bsc#1266171).\n- CVE-2026-39834: Invoking infinite loop on large channel writes in golang.org/x/crypto/ssh (bsc#1266171).\n- CVE-2026-39835: Invoking server panic during CheckHostKey/Authenticate in golang.org/x/crypto/ssh (bsc#1266171).\n- CVE-2026-42508: Invoking auth bypass via unenforced @revoked status in golang.org/x/crypto/ssh/knownhosts\n (bsc#1266171).\n- CVE-2026-46595: Invoking VerifiedPublicKeyCallback permissions skip enforcement in golang.org/x/crypto/ssh\n (bsc#1266171).\n- CVE-2026-46597: Invoking byte arithmetic causes underflow and panic in golang.org/x/crypto/ssh (bsc#1266171).\n- CVE-2026-46598: Invoking pathological inputs can lead to client panic in golang.org/x/crypto/ssh/agent (bsc#1266171).\n - CVE-2026-41506: github.com/go-git/go-git/v5: HTTP authentication credential leak when following redirects during\n smart-HTTP clone and fetch operations (bsc#1264923).\n\nChanges for google-osconfig-agent:\n\n- Update to version 20260615.01\n * Upgrade golang.org/x/crypto \u0026 golang.org/x/net (#1006)\n- from version 20260615.00\n * Add unit tests for ospatch_apt_upgrade.go (#938)\n- Update to version 20260611.00\n * Add unit tests for policies/policies.go PART 5 (#998)\n- from version 20260610.00\n * Add unit tests for policies/policies.go PART 4 (#997)\n- from version 20260609.02\n * squash commits (#936)\n- from version 20260609.01\n * Add unit tests for policies/policies.go PART 3 (#996)\n- from version 20260609.00\n * Add unit tests for policies/policies.go PART 2 (#991)\n- from version 20260602.01\n * Align format of dates and timestamp collected across Windows packages (#973)\n- from version 20260602.00\n * Add unit tests for config/config,go (#979)\n- from version 20260528.00\n * Bump github.com/containerd/containerd (#990)\n- from version 20260521.00\n * Cover agentconfig functionality by unit tests (#925)\n- from version 20260520.04\n * Add unit tests for policies/googet.go (#961)\n * Bump github.com/go-git/go-git/v5 (#987)\n- from version 20260520.02\n * Add unit tests for policies/yum.go (#952)\n * Add unit tests for policies/apt.go PART 3 (#951)\n- from version 20260520.00\n * Add unit tests for policies/zypper.go (#953)\n- from version 20260519.00\n * Add unit tests for policies/policies.go PART 1 (#949)\n- from version 20260513.01\n * Bump github.com/go-git/go-git/v5 (#981), this also updates\n golang.org/x/net to v0.53.0 (bsc#1265762, CVE-2026-33814)\n- from version 20260513.00\n * upgrade a few packages (#980)\n- from version 20260512.02\n * Add/improve unit tests for agentendpoint/exec_task.go (#933)\n- from version 20260512.01\n * Cover google_update.go by unit tests (#941)\n- from version 20260512.00\n * Change zone for arm64 builds because of stockout (#978)\n- Update to version 20260511.00\n * switch to t2a-standard-2 on ARM package build (#977)\n- from version 20260505.03\n * Cover zypper_patch by unit tests (#958)\n- from version 20260505.02\n * Remove unused functions DisableAutoUpdates (#970)\n- from version 20260505.01\n * Bump go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc (#966)\n- from version 20260505.00\n * Upgrade a few dependencies across the repo (#968)\n + github.com/go-git/go-git/v5 5.16.2-\u003e5.18.0 (bsc#1264923, CVE-2026-41506)\n + github.com/go-jose/go-jose/v4 4.1.3-\u003e4.1.4 (bsc#1262926, CVE-2026-34986)\n + github.com/go-viper/mapstructure/v2 2.3.0-\u003e2.4.0\n + go.opentelemetry.io/otel 1.40.0-\u003e1.41.0\n + go.opentelemetry.io/otel/sdk 1.39.0-\u003e1.43.0\n- from version 20260504.01\n * bump github.com/docker/cli to 29.2.0 (#962)\n- from version 20260504.00\n * Bump github.com/opencontainers/selinux (#960)\n- Update to version 20260428.00\n * Add/improve unit tests for agentendpoint/agentendpoint.go (#930)\n- from version 20260427.03\n * Cover config/file.go by unit tests (#935)\n- from version 20260422.01\n * Cover patch_linux.go by unit tests (#932)\n- from version 20260422.00\n * upgrade grpc package in main package and e2e tests (#959)\n (bsc#1260264, CVE-2026-33186)\n- from version 20260417.04\n * Bump OSV-Scalibr version to v0.4.3 (#956)\n- from version 20260417.03\n * Add unit tests for updates_linux.go (#937)\n- from version 20260417.02\n * Add zone to CreateDisk step (#955)\n- from version 20260417.01\n * Change disk type for deb11 (#954)\n- from version 20260417.00\n * Add unit tests for policies/apt.go PART 1 (#950)\n- from version 20260410.02\n * Add unit tests for packages/pty_linux.go (#943)\n- from version 20260410.01\n * fix disk type for arm workflows (#948)\n- from version 20260410.00\n * Change machine type for arm based workflows (#946)\n- Update to version 20260330.00\n * bump timeouts for all workflows (#940)\n- from version 20260326.00\n * Cover exec_resource.go by unit tests (#934)\n- from version 20260318.00\n * Integrate OSConfig agent with ReportVmInventory (#923)\n- from version 20260313.02\n * remove cacheonly flag from yum upgrade (#924)\n- from version 20260313.01\n * conditions python version override (#927)\n- from version 20260313.00\n * Fix presubmits by explicitly set python version for rpm based systems (#926)\n- from version 20260311.00\n * Bump osconfig version (#922)\n- from version 20260309.02\n * Extend OSV scalibr extractor (#921)\n- from version 20260309.01\n * upgrade golang.org/x/crypto and it\u0027s transitive deps (#918)\n- from version 20260309.00\n * Add purl to pkg info (#920)\n- from version 20260306.00\n * Add \u0027Type\u0027 field to PkgInfo (#919)\n- from version 20260303.01\n * Upgrade go.opentelemetry.io/otel/sdk (#913)\n- from version 20260303.00\n * Bump github.com/vbatts/tar-split from 0.11.5 to 0.12.2 (#908)\n- from version 20260302.00\n * Bump github.com/spdx/tools-golang from 0.5.3 to 0.5.7 (#906)\n- from version 20260126.00\n * Bump go.opentelemetry.io/otel/sdk from 1.38.0 to 1.39.0 (#905)\n * Bump github.com/sirupsen/logrus (#894)\n- Update to version 20260119.00\n * Bump cloud.google.com/go/storage from 1.56.0 to 1.58.0 (#899)\n- Update to version 20251230.00\n * chore: Migrate gsutil usage to gcloud storage (#904)\n- from version 20251223.00\n * fix e2e tests for report inventory (#903)\n- from version 20251222.01\n * Revert \"Bump cloud.google.com/go/longrunning from 0.6.3 to 0.7.0 (#882)\" (#902)\n- from version 20251222.00\n * Bump golang to the new version (#900)\n- from version 20251218.00\n * add new CODEOWNERS (#901)\n- from version 20251217.00\n * Bump cloud.google.com/go/longrunning from 0.6.3 to 0.7.0 (#882)\n- Bump the golang compiler version to 1.24.5\n- Update to version 20251202.00\n * Revert \"Bump github.com/spdx/tools-golang from 0.5.3 to 0.5.5 (#887)\" (#893)\n- Update to version 20251201.00\n * Revert \"Bump github.com/containerd/containerd (#890)\" (#892)\n- Update to version 20251126.00\n * Bump github.com/containerd/containerd (#890)\n * Bump github.com/spdx/tools-golang from 0.5.3 to 0.5.5 (#887)\n- Update to version 20251028.00\n * Bump go.opentelemetry.io/otel/sdk/metric from 1.35.0 to 1.38.0 (#886)\n * Bump github.com/tidwall/pretty from 1.2.0 to 1.2.1 (#880)\n- from version 20251023.02\n * Create multiple_os.yaml (#883)\n- from version 20251023.00\n * Bump github.com/docker/go-connections from 0.4.0 to 0.6.0 (#877)\n * Add test runner for e2e tests (#876)\n- Update to version 20250925.00\n * Bump cloud.google.com/go/auth/oauth2adapt from 0.2.7 to 0.2.8 (#870)\n * Bump google.golang.org/protobuf from 1.36.6 to 1.36.9 (#874)\n * Bump go.opentelemetry.io/otel from 1.35.0 to 1.38.0 (#872)\n * Bump github.com/golang/glog from 1.2.4 to 1.2.5 (#830)\n- Update to version 20250902.01\n * Bump github.com/googleapis/enterprise-certificate-proxy (#829)\n- from version 20250902.00\n * update github.com/go-jose/go-jose/v4 (#869)\n * Upgrade scalibr and other deps (#866)\n- from version 20250901.00\n * Fix possibility of path traversal for zip and tar archival (#868)\n- from version 20250825.00\n * set CODEOWNERS file as required by org (#863)\n- from version 20250819.00\n * Fix/rhel10 build centos image (#860)\n- from version 20250814.00\n * Fix/rhel10 build image (#859)\n- from version 20250813.00\n * Fix: Add RHEL 10 support to RPM startup script (#858)\n- from version 20250811.00\n * Remove old/sles-15-sp4-sap as image is deprecated (#857)\n- Update to version 20250806.00\n * Fixed JSON identifier for the universe domain (#855)\n- from version 20250729.00\n * Bump github.com/google/s2a-go from 0.1.8 to 0.1.9 (#828)\n- from version 20250725.02\n * Update utils.go (#854)\n * Upgrade golang.org/x/oauth2 package to the latest. (#853)\n * Bump golang.org/x/time from 0.9.0 to 0.12.0 (#839)\n- from version 20250725.01\n * Bump golang.org/x/oauth2 (#848)\n * Port fix for debian 11 to goo package manager. (#852)\n- from version 20250725.00\n * Update Golang version in common.sh and skip backports\n repo for debian 11 (#850)\n- from version 20250723.01\n * Add workflows to build package for el10 (#849)\n- from version 20250721.00\n * Make OS Config agent TPC aware (#846)\n- from version 20250718.00\n * Create workflows for new Debian 13. (#847)\n- Update to version 20250703.00\n * Fix sles images (#844)\n- from version 20250702.00\n * Remove rhel-sap 8-4 add rhel-sap 8-10 (#843)\n- from version 20250701.00\n * Bump the go_modules group across 1 directory with 2 updates (#840)\n- Update to version 20250606.00\n * Change base docker images Google\u0027s official base images. (#838)\n- Update to version 20250523.01\n * Add a simple no-op OS policy for user testing (#837)\n- from version 20250523.00\n * Introduce scalibr inventory extractor for dpkg/rpm/cos\n os/filesystem extractors (linux) (#834)\n * Trace GetInstalledPackages memory levels (#835)\n- from version 20250520.00\n- Update to version 20250513.00\n * Fix rpm extractor, handle (none) value correctly. (#833)\n- from version 20250512.01\n * Bump github.com/envoyproxy/go-control-plane from 0.13.1 to 0.13.4 (#816)\n- from version 20250512.00\n * Bump golang.org/x/net from 0.39.0 to 0.40.0 (#819)\n- from version 20250508.01\n * cosmetic refactoring to osinfo package (#826)\n- from version 20250508.00\n * Refactor /inventory with dependency injection (#825)\n * Add debian, ubuntu (InstalledDebPackages) snapshots (#821)\n * cover packages_linux.go file with tests (#824)\n * Add debian (10,11,12) GetPackageUpdates output snapshots (#822)\n- from version 20250507.00\n * Add InstalledRPMPackages snapshot tests (#823)\n- from version 20250506.02\n * Yum tests: simplify initialization of exit errors (#820)\n- from version 20250506.01\n * Improve test coverage for gem package manager (#818)\n- from version 20250506.00\n * after go/x/crypto update 0.32.0 -\u003e 0.37.0 (#817)\n- from version 20250505.01\n * Improve packages package coverage (#814)\n * Bump golang.org/x/net from 0.34.0 to 0.39.0 (#807)\n- from version 20250505.00\n * Bump golang.org/x/crypto from 0.32.0 to 0.37.0 (#806)\n- from version 20250430.00\n * Snapshot YumUpdates (GetPackageUpdates) output (#813)\n- from version 20250428.00\n * Snapshot ZypperPatches, ZypperUpdates (GetPackageUpdates) output\n for sles 12, 15 testdata (#812)\n- from version 20250423.00\n * Introduce MatchSnapshot large test results matcher function, snapshot\n apt-deb GetPackageUpdates (#811)\n- from version 20250416.02\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLE-Micro-6.1-587",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_22249-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2026:22249-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-202622249-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2026:22249-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2026-June/047615.html"
},
{
"category": "self",
"summary": "SUSE Bug 1210938",
"url": "https://bugzilla.suse.com/1210938"
},
{
"category": "self",
"summary": "SUSE Bug 1251453",
"url": "https://bugzilla.suse.com/1251453"
},
{
"category": "self",
"summary": "SUSE Bug 1251704",
"url": "https://bugzilla.suse.com/1251704"
},
{
"category": "self",
"summary": "SUSE Bug 1260264",
"url": "https://bugzilla.suse.com/1260264"
},
{
"category": "self",
"summary": "SUSE Bug 1262926",
"url": "https://bugzilla.suse.com/1262926"
},
{
"category": "self",
"summary": "SUSE Bug 1264923",
"url": "https://bugzilla.suse.com/1264923"
},
{
"category": "self",
"summary": "SUSE Bug 1265762",
"url": "https://bugzilla.suse.com/1265762"
},
{
"category": "self",
"summary": "SUSE Bug 1266171",
"url": "https://bugzilla.suse.com/1266171"
},
{
"category": "self",
"summary": "SUSE Bug 1266603",
"url": "https://bugzilla.suse.com/1266603"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-45288 page",
"url": "https://www.suse.com/security/cve/CVE-2023-45288/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22868 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22868/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-47911 page",
"url": "https://www.suse.com/security/cve/CVE-2025-47911/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-58190 page",
"url": "https://www.suse.com/security/cve/CVE-2025-58190/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-33186 page",
"url": "https://www.suse.com/security/cve/CVE-2026-33186/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-33814 page",
"url": "https://www.suse.com/security/cve/CVE-2026-33814/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-34986 page",
"url": "https://www.suse.com/security/cve/CVE-2026-34986/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39821 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39821/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39827 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39827/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39828 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39828/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39829 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39829/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39830 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39830/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39831 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39831/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39832 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39832/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39833 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39833/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39834 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39834/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39835 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39835/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-41506 page",
"url": "https://www.suse.com/security/cve/CVE-2026-41506/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-42508 page",
"url": "https://www.suse.com/security/cve/CVE-2026-42508/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-46595 page",
"url": "https://www.suse.com/security/cve/CVE-2026-46595/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-46597 page",
"url": "https://www.suse.com/security/cve/CVE-2026-46597/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-46598 page",
"url": "https://www.suse.com/security/cve/CVE-2026-46598/"
}
],
"title": "Security update for google-osconfig-agent",
"tracking": {
"current_release_date": "2026-06-22T09:04:46Z",
"generator": {
"date": "2026-06-22T09:04:46Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2026:22249-1",
"initial_release_date": "2026-06-22T09:04:46Z",
"revision_history": [
{
"date": "2026-06-22T09:04:46Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "google-osconfig-agent-20260615.01-slfo.1.1_1.1.aarch64",
"product": {
"name": "google-osconfig-agent-20260615.01-slfo.1.1_1.1.aarch64",
"product_id": "google-osconfig-agent-20260615.01-slfo.1.1_1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "google-osconfig-agent-20260615.01-slfo.1.1_1.1.ppc64le",
"product": {
"name": "google-osconfig-agent-20260615.01-slfo.1.1_1.1.ppc64le",
"product_id": "google-osconfig-agent-20260615.01-slfo.1.1_1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "google-osconfig-agent-20260615.01-slfo.1.1_1.1.s390x",
"product": {
"name": "google-osconfig-agent-20260615.01-slfo.1.1_1.1.s390x",
"product_id": "google-osconfig-agent-20260615.01-slfo.1.1_1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "google-osconfig-agent-20260615.01-slfo.1.1_1.1.x86_64",
"product": {
"name": "google-osconfig-agent-20260615.01-slfo.1.1_1.1.x86_64",
"product_id": "google-osconfig-agent-20260615.01-slfo.1.1_1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Micro 6.1",
"product": {
"name": "SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sl-micro:6.1"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "google-osconfig-agent-20260615.01-slfo.1.1_1.1.aarch64 as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.aarch64"
},
"product_reference": "google-osconfig-agent-20260615.01-slfo.1.1_1.1.aarch64",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "google-osconfig-agent-20260615.01-slfo.1.1_1.1.ppc64le as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.ppc64le"
},
"product_reference": "google-osconfig-agent-20260615.01-slfo.1.1_1.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "google-osconfig-agent-20260615.01-slfo.1.1_1.1.s390x as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.s390x"
},
"product_reference": "google-osconfig-agent-20260615.01-slfo.1.1_1.1.s390x",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "google-osconfig-agent-20260615.01-slfo.1.1_1.1.x86_64 as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.x86_64"
},
"product_reference": "google-osconfig-agent-20260615.01-slfo.1.1_1.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-45288",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-45288"
}
],
"notes": [
{
"category": "general",
"text": "An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request\u0027s headers exceed MaxHeaderBytes, no memory is allocated to store the excess headers, but they are still parsed. This permits an attacker to cause an HTTP/2 endpoint to read arbitrary amounts of header data, all associated with a request which is going to be rejected. These headers can include Huffman-encoded data which is significantly more expensive for the receiver to decode than for an attacker to send. The fix sets a limit on the amount of excess header frames we will process before closing a connection.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-45288",
"url": "https://www.suse.com/security/cve/CVE-2023-45288"
},
{
"category": "external",
"summary": "SUSE Bug 1221400 for CVE-2023-45288",
"url": "https://bugzilla.suse.com/1221400"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-22T09:04:46Z",
"details": "moderate"
}
],
"title": "CVE-2023-45288"
},
{
"cve": "CVE-2025-22868",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22868"
}
],
"notes": [
{
"category": "general",
"text": "An attacker can pass a malicious malformed token which causes unexpected memory to be consumed during parsing.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22868",
"url": "https://www.suse.com/security/cve/CVE-2025-22868"
},
{
"category": "external",
"summary": "SUSE Bug 1239185 for CVE-2025-22868",
"url": "https://bugzilla.suse.com/1239185"
},
{
"category": "external",
"summary": "SUSE Bug 1239186 for CVE-2025-22868",
"url": "https://bugzilla.suse.com/1239186"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-22T09:04:46Z",
"details": "important"
}
],
"title": "CVE-2025-22868"
},
{
"cve": "CVE-2025-47911",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-47911"
}
],
"notes": [
{
"category": "general",
"text": "The html.Parse function in golang.org/x/net/html has quadratic parsing complexity when processing certain inputs, which can lead to denial of service (DoS) if an attacker provides specially crafted HTML content.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-47911",
"url": "https://www.suse.com/security/cve/CVE-2025-47911"
},
{
"category": "external",
"summary": "SUSE Bug 1251308 for CVE-2025-47911",
"url": "https://bugzilla.suse.com/1251308"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-22T09:04:46Z",
"details": "moderate"
}
],
"title": "CVE-2025-47911"
},
{
"cve": "CVE-2025-58190",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-58190"
}
],
"notes": [
{
"category": "general",
"text": "The html.Parse function in golang.org/x/net/html has an infinite parsing loop when processing certain inputs, which can lead to denial of service (DoS) if an attacker provides specially crafted HTML content.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-58190",
"url": "https://www.suse.com/security/cve/CVE-2025-58190"
},
{
"category": "external",
"summary": "SUSE Bug 1251309 for CVE-2025-58190",
"url": "https://bugzilla.suse.com/1251309"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-22T09:04:46Z",
"details": "moderate"
}
],
"title": "CVE-2025-58190"
},
{
"cve": "CVE-2026-33186",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-33186"
}
],
"notes": [
{
"category": "general",
"text": "gRPC-Go is the Go language implementation of gRPC. Versions prior to 1.79.3 have an authorization bypass resulting from improper input validation of the HTTP/2 `:path` pseudo-header. The gRPC-Go server was too lenient in its routing logic, accepting requests where the `:path` omitted the mandatory leading slash (e.g., `Service/Method` instead of `/Service/Method`). While the server successfully routed these requests to the correct handler, authorization interceptors (including the official `grpc/authz` package) evaluated the raw, non-canonical path string. Consequently, \"deny\" rules defined using canonical paths (starting with `/`) failed to match the incoming request, allowing it to bypass the policy if a fallback \"allow\" rule was present. This affects gRPC-Go servers that use path-based authorization interceptors, such as the official RBAC implementation in `google.golang.org/grpc/authz` or custom interceptors relying on `info.FullMethod` or `grpc.Method(ctx)`; AND that have a security policy contains specific \"deny\" rules for canonical paths but allows other requests by default (a fallback \"allow\" rule). The vulnerability is exploitable by an attacker who can send raw HTTP/2 frames with malformed `:path` headers directly to the gRPC server. The fix in version 1.79.3 ensures that any request with a `:path` that does not start with a leading slash is immediately rejected with a `codes.Unimplemented` error, preventing it from reaching authorization interceptors or handlers with a non-canonical path string. While upgrading is the most secure and recommended path, users can mitigate the vulnerability using one of the following methods: Use a validating interceptor (recommended mitigation); infrastructure-level normalization; and/or policy hardening.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-33186",
"url": "https://www.suse.com/security/cve/CVE-2026-33186"
},
{
"category": "external",
"summary": "SUSE Bug 1260085 for CVE-2026-33186",
"url": "https://bugzilla.suse.com/1260085"
},
{
"category": "external",
"summary": "SUSE Bug 1268676 for CVE-2026-33186",
"url": "https://bugzilla.suse.com/1268676"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-22T09:04:46Z",
"details": "important"
}
],
"title": "CVE-2026-33186"
},
{
"cve": "CVE-2026-33814",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-33814"
}
],
"notes": [
{
"category": "general",
"text": "When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a SETTINGS_MAX_FRAME_SIZE with a value of 0.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-33814",
"url": "https://www.suse.com/security/cve/CVE-2026-33814"
},
{
"category": "external",
"summary": "SUSE Bug 1264506 for CVE-2026-33814",
"url": "https://bugzilla.suse.com/1264506"
},
{
"category": "external",
"summary": "SUSE Bug 1268758 for CVE-2026-33814",
"url": "https://bugzilla.suse.com/1268758"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-22T09:04:46Z",
"details": "important"
}
],
"title": "CVE-2026-33814"
},
{
"cve": "CVE-2026-34986",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-34986"
}
],
"notes": [
{
"category": "general",
"text": "Go JOSE provides an implementation of the Javascript Object Signing and Encryption set of standards in Go, including support for JSON Web Encryption (JWE), JSON Web Signature (JWS), and JSON Web Token (JWT) standards. Prior to 4.1.4 and 3.0.5, decrypting a JSON Web Encryption (JWE) object will panic if the alg field indicates a key wrapping algorithm (one ending in KW, with the exception of A128GCMKW, A192GCMKW, and A256GCMKW) and the encrypted_key field is empty. The panic happens when cipher.KeyUnwrap() in key_wrap.go attempts to allocate a slice with a zero or negative length based on the length of the encrypted_key. This code path is reachable from ParseEncrypted() / ParseEncryptedJSON() / ParseEncryptedCompact() followed by Decrypt() on the resulting object. Note that the parse functions take a list of accepted key algorithms. If the accepted key algorithms do not include any key wrapping algorithms, parsing will fail and the application will be unaffected. This panic is also reachable by calling cipher.KeyUnwrap() directly with any ciphertext parameter less than 16 bytes long, but calling this function directly is less common. Panics can lead to denial of service. This vulnerability is fixed in 4.1.4 and 3.0.5.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-34986",
"url": "https://www.suse.com/security/cve/CVE-2026-34986"
},
{
"category": "external",
"summary": "SUSE Bug 1262805 for CVE-2026-34986",
"url": "https://bugzilla.suse.com/1262805"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-22T09:04:46Z",
"details": "important"
}
],
"title": "CVE-2026-34986"
},
{
"cve": "CVE-2026-39821",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39821"
}
],
"notes": [
{
"category": "general",
"text": "The ToASCII and ToUnicode functions incorrectly accept Punycode-encoded labels that decode to an ASCII-only label. For example, ToUnicode(\"xn--example-.com\") incorrectly returns the name \"example.com\" rather than an error. This behavior can lead to privilege escalation in programs using the idna package. For example, a program which performs privilege checks on the ASCII hostname may reject \"example.com\" but permit \"xn--example-.com\". If that program subsequently converts the ASCII hostname to Unicode, it will inadvertently permits access to the Unicode name \"example.com\".",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39821",
"url": "https://www.suse.com/security/cve/CVE-2026-39821"
},
{
"category": "external",
"summary": "SUSE Bug 1266474 for CVE-2026-39821",
"url": "https://bugzilla.suse.com/1266474"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-22T09:04:46Z",
"details": "important"
}
],
"title": "CVE-2026-39821"
},
{
"cve": "CVE-2026-39827",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39827"
}
],
"notes": [
{
"category": "general",
"text": "An authenticated SSH client that repeatedly opened channels which were rejected by the server caused unbounded memory growth, eventually crashing the server process and affecting all connected users. Rejected channels are now properly removed from the connection\u0027s internal state and released for garbage collection.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39827",
"url": "https://www.suse.com/security/cve/CVE-2026-39827"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-39827",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-22T09:04:46Z",
"details": "important"
}
],
"title": "CVE-2026-39827"
},
{
"cve": "CVE-2026-39828",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39828"
}
],
"notes": [
{
"category": "general",
"text": "When an SSH server authentication callback returned PartialSuccessError with non-nil Permissions, those permissions were silently discarded, potentially dropping certificate restrictions such as force-command after a second factor succeeded. Returning non-nil Permissions with PartialSuccessError now results in a connection error.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39828",
"url": "https://www.suse.com/security/cve/CVE-2026-39828"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-39828",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-22T09:04:46Z",
"details": "important"
}
],
"title": "CVE-2026-39828"
},
{
"cve": "CVE-2026-39829",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39829"
}
],
"notes": [
{
"category": "general",
"text": "The RSA and DSA public key parsers did not enforce size limits on key parameters. A crafted public key with an excessively large modulus or DSA parameter could cause several minutes of CPU consumption during signature verification. This could be triggered by unauthenticated clients during public key authentication. RSA moduli are now limited to 8192 bits, and DSA parameters are validated per FIPS 186-2.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39829",
"url": "https://www.suse.com/security/cve/CVE-2026-39829"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-39829",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-22T09:04:46Z",
"details": "important"
}
],
"title": "CVE-2026-39829"
},
{
"cve": "CVE-2026-39830",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39830"
}
],
"notes": [
{
"category": "general",
"text": "A malicious SSH peer could send unsolicited global request responses to fill an internal buffer, blocking the connection\u0027s read loop. The blocked goroutine could not be released by calling Close(), resulting in a resource leak per connection. Unsolicited global responses are now discarded.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39830",
"url": "https://www.suse.com/security/cve/CVE-2026-39830"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-39830",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-22T09:04:46Z",
"details": "important"
}
],
"title": "CVE-2026-39830"
},
{
"cve": "CVE-2026-39831",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39831"
}
],
"notes": [
{
"category": "general",
"text": "The Verify() method for FIDO/U2F security key types (sk-ecdsa-sha2-nistp256@openssh.com, sk-ssh-ed25519@openssh.com) did not check the User Presence flag. Signatures generated without physical touch were accepted, allowing unattended use of a hardware security key. To restore the previous behavior, return a \"no-touch-required\" extension in Permissions.Extensions from PublicKeyCallback.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39831",
"url": "https://www.suse.com/security/cve/CVE-2026-39831"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-39831",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-22T09:04:46Z",
"details": "important"
}
],
"title": "CVE-2026-39831"
},
{
"cve": "CVE-2026-39832",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39832"
}
],
"notes": [
{
"category": "general",
"text": "When adding a key to a remote agent constraint extensions such as restrict-destination-v00@openssh.com were not serialized in the request. Destination restrictions were silently stripped when forwarding keys, allowing unrestricted use of the key on the remote host. The client now serializes all constraint extensions. Additionally, the in-memory keyring returned by NewKeyring() now rejects keys with unsupported constraint extensions instead of silently ignoring them.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39832",
"url": "https://www.suse.com/security/cve/CVE-2026-39832"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-39832",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-22T09:04:46Z",
"details": "important"
}
],
"title": "CVE-2026-39832"
},
{
"cve": "CVE-2026-39833",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39833"
}
],
"notes": [
{
"category": "general",
"text": "The in-memory keyring returned by NewKeyring() silently accepted keys with the ConfirmBeforeUse constraint but never enforced it. The key would sign without any confirmation prompt, with no indication to the caller that the constraint was not in effect. NewKeyring() now returns an error when unsupported constraints are requested.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39833",
"url": "https://www.suse.com/security/cve/CVE-2026-39833"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-39833",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-22T09:04:46Z",
"details": "important"
}
],
"title": "CVE-2026-39833"
},
{
"cve": "CVE-2026-39834",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39834"
}
],
"notes": [
{
"category": "general",
"text": "When writing data larger than 4GB in a single Write call on an SSH channel, an integer overflow in the internal payload size calculation caused the write loop to spin indefinitely, sending empty packets without making progress. The size comparison now uses int64 to prevent truncation.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39834",
"url": "https://www.suse.com/security/cve/CVE-2026-39834"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-39834",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-22T09:04:46Z",
"details": "important"
}
],
"title": "CVE-2026-39834"
},
{
"cve": "CVE-2026-39835",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39835"
}
],
"notes": [
{
"category": "general",
"text": "SSH servers which use CertChecker as a public key callback without setting IsUserAuthority or IsHostAuthority could be caused to panic by a client presenting a certificate. CertChecker now returns an error instead of panicking when these callbacks are nil.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39835",
"url": "https://www.suse.com/security/cve/CVE-2026-39835"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-39835",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-22T09:04:46Z",
"details": "important"
}
],
"title": "CVE-2026-39835"
},
{
"cve": "CVE-2026-41506",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-41506"
}
],
"notes": [
{
"category": "general",
"text": "go-git is an extensible git implementation library written in pure Go. Prior to versions 5.18.0 and 6.0.0-alpha.2, go-git may leak HTTP authentication credentials when following redirects during smart-HTTP clone and fetch operations. This issue has been patched in versions 5.18.0 and 6.0.0-alpha.2.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-41506",
"url": "https://www.suse.com/security/cve/CVE-2026-41506"
},
{
"category": "external",
"summary": "SUSE Bug 1264854 for CVE-2026-41506",
"url": "https://bugzilla.suse.com/1264854"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-22T09:04:46Z",
"details": "moderate"
}
],
"title": "CVE-2026-41506"
},
{
"cve": "CVE-2026-42508",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-42508"
}
],
"notes": [
{
"category": "general",
"text": "Previously, a revoked \u0027SignatureKey\u0027 belonging to a CA was not correctly checked for revocation. Now, both the \u0027key\u0027 and \u0027key.SignatureKey\u0027 are checked for @revoked.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-42508",
"url": "https://www.suse.com/security/cve/CVE-2026-42508"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-42508",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-22T09:04:46Z",
"details": "important"
}
],
"title": "CVE-2026-42508"
},
{
"cve": "CVE-2026-46595",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-46595"
}
],
"notes": [
{
"category": "general",
"text": "Previously, CVE-2024-45337 fixed an authorization bypass for misused ssh server configurations; if any other type of callback is passed other than public key, then the source-address validation would be skipped.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-46595",
"url": "https://www.suse.com/security/cve/CVE-2026-46595"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-46595",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-22T09:04:46Z",
"details": "important"
}
],
"title": "CVE-2026-46595"
},
{
"cve": "CVE-2026-46597",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-46597"
}
],
"notes": [
{
"category": "general",
"text": "An incorrectly placed cast from bytes to int allowed for server-side panic in the AES-GCM packet decoder for well-crafted inputs.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-46597",
"url": "https://www.suse.com/security/cve/CVE-2026-46597"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-46597",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-22T09:04:46Z",
"details": "important"
}
],
"title": "CVE-2026-46597"
},
{
"cve": "CVE-2026-46598",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-46598"
}
],
"notes": [
{
"category": "general",
"text": "For certain crafted inputs, a \u0027ed25519.PrivateKey\u0027 was created by casting malformed wire bytes, leading to a panic when used.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-46598",
"url": "https://www.suse.com/security/cve/CVE-2026-46598"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-46598",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-22T09:04:46Z",
"details": "important"
}
],
"title": "CVE-2026-46598"
}
]
}
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.