52 matches found
Security update for google-osconfig-agent (important)
openSUSE security update: security update for google-osconfig-agent ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:21210-1 Rating: important References: bsc1210938 bsc1251453 bsc1251704 bsc1260264 bsc1262926 bsc1264923 bsc1265762 bsc1266171...
SUSE-SU-2026:2493-1 Security update for containerized-data-importer
This update for containerized-data-importer fixes the following issues: - Security: re-vendor Go dependencies to address CVEs tracked against containerized-data-importer backport of upstream PR 4110, post-v1.65.0. Fixed by this update: google.golang.org/grpc 1.65.0 - 1.79.3: bsc1260295...
Security update for yq (important)
openSUSE security update: security update for yq ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20892-1 Rating: important References: bsc1241719 bsc1251339 bsc1251540 bsc1266248 bsc1267053 bsc1267199 Cross-References: CVE-2024-45338 CVE-2025-22872...
CLEANSTART-2026-TD06078 Security fixes for CVE-2025-47911, CVE-2025-58190, CVE-2025-61726, CVE-2025-61728, CVE-2025-61730, CVE-2025-68121, CVE-2026-32280, CVE-2026-32281, CVE-2026-32289, CVE-2026-33811, CVE-2026-33814, CVE-2026-39817, CVE-2026-39819, CVE-2026-39820, CVE-2026-39823, CVE-2026-39825, CVE-2026-39826, CVE-2026-39836, CVE-2026-42499, CVE-2026-42501 applied in versions: 2.4.0-r0, 2.4.0-r3, 2.5.0-r0, 2.5.0-r1
Multiple security vulnerabilities affect the spark-operator package. These issues are resolved in later releases. See references for individual vulnerability details...
CLEANSTART-2026-YQ26872 Security fixes for CVE-2025-47911, CVE-2025-47913, CVE-2025-47914, CVE-2025-58181, CVE-2025-58190, CVE-2026-1229, CVE-2026-24051, CVE-2026-34986, CVE-2026-39984, ghsa-78h2-9frx-2jm8, ghsa-pmwq-pjrm-6p5r, ghsa-xm5m-wgh2-rrg3 applied in versions: 0.13.1-r0, 0.15.1-r0
Multiple security vulnerabilities affect the policy-controller-fips package. These issues are resolved in later releases. See references for individual vulnerability details...
USN-8089-3 adsys, juju-core, lxd vulnerabilities
USN-8089-1 fixed vulnerabilities in Go Networking. This update provides the corresponding update to code vendored in LXD, ADSys, and Juju Core. Original advisory details: Bahruz Jabiyev, Tommaso Innocenti, Anthony Gavazzi, Steven Sprecher, and Kaan Onarlioglu discovered that servers using Go...
CLEANSTART-2026-HX97842 Security fixes for CVE-2025-47911, CVE-2025-47913, CVE-2025-47914, CVE-2025-54410, CVE-2025-58181, CVE-2025-58190, CVE-2025-61727, CVE-2025-61729, CVE-2025-68121, CVE-2026-1229, CVE-2026-24051, CVE-2026-25679, CVE-2026-26958, CVE-2026-27139, CVE-2026-27142, CVE-2026-33186 applied in versions: 2.2.2-r6, 2.3.2-r4, 2.4.4-r2, 2.5.0-r0, 2.5.0-r1
Multiple security vulnerabilities affect the openbao-fips package. These issues are resolved in later releases. See references for individual vulnerability details...
CVE-2025-58190 affecting package dasel for versions less than 2.8.1-3
CVE-2025-58190 affecting package dasel for versions less than 2.8.1-3. A patched version of the package is available...
CVE-2025-58190 affecting package influxdb for versions less than 2.7.5-13
CVE-2025-58190 affecting package influxdb for versions less than 2.7.5-13. A patched version of the package is available...
CVE-2025-58190 affecting package sriov-network-device-plugin for versions less than 3.7.0-5
CVE-2025-58190 affecting package sriov-network-device-plugin for versions less than 3.7.0-5. A patched version of the package is available...
CVE-2025-58190 affecting package kubernetes for versions less than 1.28.4-25
CVE-2025-58190 affecting package kubernetes for versions less than 1.28.4-25. A patched version of the package is available...
CVE-2025-58190 affecting package cert-manager for versions less than 1.11.2-27
CVE-2025-58190 affecting package cert-manager for versions less than 1.11.2-27. A patched version of the package is available...
Amazon Linux 2 : ecs-init, --advisory ALAS2ECS-2026-097 (ALASECS-2026-097)
The version of ecs-init installed on the remote host is prior to 1.101.3-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2ECS-2026-097 advisory. The html.Parse function in golang.org/x/net/html has quadratic parsing complexity when processing certain inputs, whi...
Security update for apptainer
This update for apptainer fixes the following issues: CVE-2025-58190: Fixed a HTML parser misimplementation of a part of the HTML specification for table related tags. bsc1258048. CVE-2025-47911: Fixed an issue where the HTML parser takes a very long time or even never returns. bsc1258047. Patch...
Amazon Linux 2023 : ecs-init (ALAS2023-2026-1443)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1443 advisory. The html.Parse function in golang.org/x/net/html has quadratic parsing complexity when processing certain inputs, which can lead to denial of service DoS if an attacker provides specially...
CVE-2025-58190 vulnerabilities
Vulnerabilities for packages: aws-load-balancer-controller, k3s, k8s-device-plugin, wuzz, runc, gitness, cilium-envoy, fuse-overlayfs-snapshotter...
CVE-2025-58190
The html.Parse function in golang.org/x/net/html has an infinite parsing loop when processing certain inputs, which can lead to denial of service DoS if an attacker provides specially crafted HTML content...
AZL-76851 CVE-2025-58190 affecting package cri-tools for versions less than 1.29.0-9
The html.Parse function in golang.org/x/net/html has an infinite parsing loop when processing certain inputs, which can lead to denial of service DoS if an attacker provides specially crafted HTML content...
AZL-77021 CVE-2025-58190 affecting package kubevirt 1.6.3-3
The html.Parse function in golang.org/x/net/html has an infinite parsing loop when processing certain inputs, which can lead to denial of service DoS if an attacker provides specially crafted HTML content...
AZL-76790 CVE-2025-58190 affecting package azl-otel-collector 0.127.0-1
The html.Parse function in golang.org/x/net/html has an infinite parsing loop when processing certain inputs, which can lead to denial of service DoS if an attacker provides specially crafted HTML content...