[CLSA-2026:1784133121] buildah: Fix of 2 CVEs
Type:
security
Severity:
Important
Release date:
2026-07-15 16:32:15 UTC
Description:
- CVE-2026-39835: return an error instead of panicking when the SSH CertChecker IsHostAuthority/IsUserAuthority callbacks are unset, in the vendored golang.org/x/crypto/ssh
Updated packages:
  • buildah-1.39.6-1.el9_2.tuxcare.els11.x86_64.rpm
    sha:addb7942387bd539d0d9264b9ec8570fd5a6d56ac93804d0a82626a48a9c2623
  • buildah-tests-1.39.6-1.el9_2.tuxcare.els11.x86_64.rpm
    sha:c639b728d6b6b5c19e2330b55e60f484ad76467e9b49c43377c2e4dca33957b2
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.