Release date:
2026-06-30 09:05:51 UTC
Description:
- CVE-2026-39829: fix DoS in vendored golang.org/x/crypto/ssh public-key
parsing (cap RSA moduli at 8192 bits, validate DSA parameters per
FIPS 186-2); affects both el9_2 and el9_6
- CVE-2026-32281: rebuild el9_6 against golang >= 1.25.7-1.el9_6.tuxcare.els7
to fix DoS in crypto/x509 policy validation (Go >= 1.24 only; el9_2 builds
with Go 1.22.9 and is not affected)
Updated packages:
-
buildah-1.39.6-1.el9_2.tuxcare.els9.x86_64.rpm
sha:f6442b4bd30bdf88616a068eb9db9d30abffdeed9a0999ecddc09944818223f3
-
buildah-tests-1.39.6-1.el9_2.tuxcare.els9.x86_64.rpm
sha:df4292a94c48cfa93c3097f33678ec34e9db5b5e86a2c530b91b6482aa48ecfa
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.