[CLSA-2026:1782810335] buildah: Fix of CVE-2026-39829
Type:
security
Severity:
Important
Release date:
2026-06-30 09:05:51 UTC
Description:
- CVE-2026-39829: fix DoS in vendored golang.org/x/crypto/ssh public-key parsing (cap RSA moduli at 8192 bits, validate DSA parameters per FIPS 186-2); affects both el9_2 and el9_6 - CVE-2026-32281: rebuild el9_6 against golang >= 1.25.7-1.el9_6.tuxcare.els7 to fix DoS in crypto/x509 policy validation (Go >= 1.24 only; el9_2 builds with Go 1.22.9 and is not affected)
CVEs fixed:
Updated packages:
  • buildah-1.39.6-1.el9_2.tuxcare.els9.x86_64.rpm
    sha:f6442b4bd30bdf88616a068eb9db9d30abffdeed9a0999ecddc09944818223f3
  • buildah-tests-1.39.6-1.el9_2.tuxcare.els9.x86_64.rpm
    sha:df4292a94c48cfa93c3097f33678ec34e9db5b5e86a2c530b91b6482aa48ecfa
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.