Release date:
2026-06-30 09:36:27 UTC
Description:
- CVE-2026-39829: fix DoS in vendored golang.org/x/crypto/ssh public-key
parsing (cap RSA moduli at 8192 bits, validate DSA parameters per
FIPS 186-2); affects both el9_2 and el9_6
- CVE-2026-32281: rebuild el9_6 against golang >= 1.25.7-1.el9_6.tuxcare.els7
to fix DoS in crypto/x509 policy validation (Go >= 1.24 only; el9_2 builds
with Go 1.22.9 and is not affected)
Updated packages:
-
buildah-1.39.6-1.el9_6.tuxcare.els9.x86_64.rpm
sha:e5b9683a59648ea536e58665355a7405c83a1d1d06969221d55e5f1a54e04dd0
-
buildah-tests-1.39.6-1.el9_6.tuxcare.els9.x86_64.rpm
sha:a14086c0e18402eb55423080460e486833a64f90d4323d0bf47ff0b656306375
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.