[CLSA-2026:1784155512] podman: Fix of 3 CVEs
Type:
security
Severity:
Important
Release date:
2026-07-15 22:45:38 UTC
Description:
- CVE-2026-39835: return an error instead of panicking when the vendored golang.org/x/crypto/ssh CertChecker IsHostAuthority or IsUserAuthority callbacks are nil, preventing a nil-pointer dereference DoS
Updated packages:
  • podman-5.4.0-13.el9_6.tuxcare.els11.x86_64.rpm
    sha:054209e9aa9baad443ca39bb1438cceb8325a22ee94792559d2ccb7cca54df88
  • podman-docker-5.4.0-13.el9_6.tuxcare.els11.noarch.rpm
    sha:527e1824d053b1a79ec7c0a0e505283fedd94522e7f482f74dfedfd3512c9a33
  • podman-plugins-5.4.0-13.el9_6.tuxcare.els11.x86_64.rpm
    sha:552e40f2da3bcaf22067579fc761e615a61b6700192ad2b6365c2c4b9e0c837d
  • podman-remote-5.4.0-13.el9_6.tuxcare.els11.x86_64.rpm
    sha:24f7e4c7d16c65cf9b0c55e38fd66424956bce66a728f7c018eeb1fc1a999105
  • podman-tests-5.4.0-13.el9_6.tuxcare.els11.x86_64.rpm
    sha:97702ca913dbda750866b728a5d2ecd9d7f01550d95d45b0ce93e1141ad30f05
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.