[CLSA-2026:1784132479] buildah: Fix of 2 CVEs
Type:
security
Severity:
Important
Release date:
2026-07-15 16:21:32 UTC
Description:
- CVE-2026-39835: return an error instead of panicking when the SSH CertChecker IsHostAuthority/IsUserAuthority callbacks are unset, in the vendored golang.org/x/crypto/ssh
Updated packages:
  • buildah-1.39.6-1.el9_6.tuxcare.els11.x86_64.rpm
    sha:68a4abb954168b28a41a3d2685ddaa4b0108462c5a2928bdd4d5eb054a2727b8
  • buildah-tests-1.39.6-1.el9_6.tuxcare.els11.x86_64.rpm
    sha:3954d3388d3be0b331619c6c5ca7f4ab9f683b046d551e1a1f21c8a1be586303
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.