Security update for go1.26

This update for go1.26 fixes the following issues Update to go1.26.4 bsc1255111: CVE-2026-27145: crypto/x509: split candidate hostname only once bsc1267450. CVE-2026-42504: mime: quadratic complexity in WordDecoder.DecodeHeader bsc1267442. CVE-2026-42507: net/textproto: arbitrary input are includ...

SUSE-SU-2026:2327-1 Security update for go1.26

This update for go1.26 fixes the following issues Update to go1.26.4 bsc1255111: - CVE-2026-27145: crypto/x509: split candidate hostname only once bsc1267450. - CVE-2026-42504: mime: quadratic complexity in WordDecoder.DecodeHeader bsc1267442. - CVE-2026-42507: net/textproto: arbitrary input are...

CVE-2026-27145 vulnerabilities

Vulnerabilities for packages: crossplane-provider-azure-notificationhubs, datadog-agent, influxd, crossplane-provider-azure-managedidentity, kube-bench, opa, ingress-nginx-controller, crossplane-provider-aws-guardduty, postgres-operator-fips, docker-machine-driver-harvester,...

CVE-2026-27145

creationtimestamp| type| source ---|---|--- 2026-06-03 09:00:04+00:00| seen| Telegram/5i-pTes7Ja8Uhuw9wP6auiAd2fWyZYO3DYvaqIbmREm4 2026-06-03 12:00:59+00:00| seen| https://bsky.app/profile/lambdawatchdog.bsky.social/post/3mnf2r6hlix2f 2026-06-09 12:00:55+00:00| seen|...

CVE-2026-27145

x509.Certificate.VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name SAN entries. This caused strings.Splithost, "." to execute repeatedly on the same input hostname. With a large DNS SAN list, verification costs scaled quadratically based on the number...

UBUNTU-CVE-2026-27145

x509.Certificate.VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name SAN entries. This caused strings.Splithost, "." to execute repeatedly on the same input hostname. With a large DNS SAN list, verification costs scaled quadratically based on the number...