14 matches found
Important: Red Hat Security Advisory: rhc security update
An update for rhc is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...
golang-github-openprinting-ipp-usb security update
An update is available for golang-github-openprinting-ipp-usb. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list HTTP reverse proxy, backed by IPP-over-USB...
Important: Red Hat Security Advisory: opentelemetry-collector security update
An update for opentelemetry-collector is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
Amazon Linux 2 : soci-snapshotter, --advisory ALAS2DOCKER-2026-131 (ALASDOCKER-2026-131)
The version of soci-snapshotter installed on the remote host is prior to 0.14.1-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2DOCKER-2026-131 advisory. Parsing arbitrary HTML can consume excessive CPU time, possibly leading to denial of service. CVE-2026-2568...
OPENSUSE-SU-2026:20976-1 Security update for go1.26
This update for go1.26 fixes the following issues Update to go1.26.4 bsc1255111: - CVE-2026-27145: crypto/x509: split candidate hostname only once bsc1267450. - CVE-2026-42504: mime: quadratic complexity in WordDecoder.DecodeHeader bsc1267442. - CVE-2026-42507: net/textproto: arbitrary input are...
SUSE-SU-2026:22155-1 Security update for go1.25
This update for go1.25 fixes the following issues Update to go1.25.11 bsc1244485: - CVE-2026-27145: crypto/x509: split candidate hostname only once bsc1267450. - CVE-2026-42504: mime: quadratic complexity in WordDecoder.DecodeHeader bsc1267442. - CVE-2026-42507: net/textproto: arbitrary input are...
SUSE-SU-2026:22154-1 Security update for go1.26
This update for go1.26 fixes the following issues Update to go1.26.4 bsc1255111: - CVE-2026-27145: crypto/x509: split candidate hostname only once bsc1267450. - CVE-2026-42504: mime: quadratic complexity in WordDecoder.DecodeHeader bsc1267442. - CVE-2026-42507: net/textproto: arbitrary input are...
Security update for go1.26
This update for go1.26 fixes the following issues Update to go1.26.4 bsc1255111: CVE-2026-27145: crypto/x509: split candidate hostname only once bsc1267450. CVE-2026-42504: mime: quadratic complexity in WordDecoder.DecodeHeader bsc1267442. CVE-2026-42507: net/textproto: arbitrary input are includ...
SUSE-SU-2026:2327-1 Security update for go1.26
This update for go1.26 fixes the following issues Update to go1.26.4 bsc1255111: - CVE-2026-27145: crypto/x509: split candidate hostname only once bsc1267450. - CVE-2026-42504: mime: quadratic complexity in WordDecoder.DecodeHeader bsc1267442. - CVE-2026-42507: net/textproto: arbitrary input are...
CLEANSTART-2026-BP69037 Security fixes for CVE-2026-27145, CVE-2026-39824, CVE-2026-42504, CVE-2026-42507 applied in versions: 1.0.10-r4, 1.0.10-r5
Multiple security vulnerabilities affect the wait-for-port package. These issues are resolved in later releases. See references for individual vulnerability details...
CVE-2026-27145 vulnerabilities
Vulnerabilities for packages: crossplane-provider-azure-servicefabric, nri-postgresql-fips, aws-flb-firehose-fips, osv-scanner, docker-credential-acr-env, secrets-store-csi-driver, nsc-fips, porch, amazon-k8s-cni, dragonfly-operator-fips, atlas, dcgm-exporter, logstash, paranoia, consul-k8s,...
CVE-2026-27145
creationtimestamp| type| source ---|---|--- 2026-06-03 09:00:04+00:00| seen| Telegram/5i-pTes7Ja8Uhuw9wP6auiAd2fWyZYO3DYvaqIbmREm4 2026-06-03 12:00:59+00:00| seen| https://bsky.app/profile/lambdawatchdog.bsky.social/post/3mnf2r6hlix2f 2026-06-09 12:00:55+00:00| seen|...
CVE-2026-27145
x509.Certificate.VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name SAN entries. This caused strings.Splithost, "." to execute repeatedly on the same input hostname. With a large DNS SAN list, verification costs scaled quadratically based on the number...
UBUNTU-CVE-2026-27145
x509.Certificate.VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name SAN entries. This caused strings.Splithost, "." to execute repeatedly on the same input hostname. With a large DNS SAN list, verification costs scaled quadratically based on the number...