Important: Red Hat Security Advisory: osbuild-composer security update

An update for osbuild-composer is now available for Red Hat Enterprise Linux 9.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

ROOT-APP-GOBINARY-CVE-2026-33186 CVE-2026-33186 in rootio-google.golang.org/grpc - Patched by Root

Root has patched CVE-2026-33186 in the rootio-google.golang.org/grpc package for Root:Go. Multiple fixed versions available...

openSUSE 16 Security Update : elemental-toolkit (openSUSE-SU-2026:20921-1)

The remote openSUSE 16 host has a package installed that is affected by a vulnerability as referenced in the openSUSE- SU-2026:20921-1 advisory. This update for elemental-toolkit fixes the following issue - CVE-2026-33186: google.golang.org/grpc: authorization bypass due to improper validation of...

SUSE-SU-2026:2347-1 Security update for google-osconfig-agent

This update for google-osconfig-agent fixes the following issue - CVE-2026-33186: google.golang.org/grpc: authorization bypass due to improper validation of the HTTP/2: path pseudo- header bsc1260264...

Security update for google-osconfig-agent

This update for google-osconfig-agent fixes the following issue CVE-2026-33186: google.golang.org/grpc: authorization bypass due to improper validation of the HTTP/2: path pseudo- header bsc1260264. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like...

SUSE-SU-2026:22065-1 Security update for elemental-toolkit

This update for elemental-toolkit fixes the following issue - CVE-2026-33186: google.golang.org/grpc: authorization bypass due to improper validation of the HTTP/2 :path pseudo- header bsc1260277. Changes for elemental-toolkit: - Update to version 2.1.6: Bump golang.org/x/net to v0.55.0 bsc126716...

SUSE-SU-2026:22075-1 Security update for elemental-operator

This update for elemental-operator fixes the following issue - CVE-2026-33186: google.golang.org/grpc: authorization bypass due to improper validation of the HTTP/2 :path pseudo- header bsc1260277. Changes for elemental-operator: - Changes on top of v1.7.5: 41f54076 Fix reference in labels 3bdb93...

SUSE-SU-2026:22074-1 Security update for elemental-toolkit

This update for elemental-toolkit fixes the following issue - CVE-2026-33186: google.golang.org/grpc: authorization bypass due to improper validation of the HTTP/2 :path pseudo- header bsc1260277. Changes for elemental-toolkit: - Update to v2.2.9: 0e33b2bc Bump golang.org/x/net to v0.55.0...

Security update for elemental-system-agent (important)

openSUSE security update: security update for elemental-system-agent ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20924-1 Rating: important References: bsc1260277 Cross-References: CVE-2026-33186 CVSS scores: CVE-2026-33186 SUSE : 8.1...

Security update for elemental-toolkit (important)

openSUSE security update: security update for elemental-toolkit ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20921-1 Rating: important References: bsc1251679 bsc1260277 bsc1266187 bsc1267168 Cross-References: CVE-2026-33186 CVSS scores:...

OPENSUSE-SU-2026:20924-1 Security update for elemental-system-agent

This update for elemental-system-agent fixes the following issue - CVE-2026-33186: google.golang.org/grpc: authorization bypass due to improper validation of the HTTP/2: path pseudo- header bsc1260277. Changes: - Update to version 0.3.16: setup for immutable releases 274 align system-agent image...

RLSA-2026:22450 Important: osbuild-composer security update

A service for building customized OS artifacts, such as VM images and OSTree commits, that uses osbuild under the hood. Besides building images for local usage, it can also upload images directly to cloud. It is compatible with composer-cli and cockpit-composer clients. Security Fixes: golang:...

RockyLinux 9 : image-builder (RLSA-2026:23228)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:23228 advisory. golang: net/url: Memory exhaustion in query parameter parsing in net/url CVE-2025-61726 crypto/tls: Unexpected session resumption in crypto/tls...

Important: Red Hat Security Advisory: image-builder security update

An update for image-builder is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

Important: Red Hat Security Advisory: OpenShift Container Platform 4.20.24 security and extras update

Red Hat OpenShift Container Platform release 4.20.24 is now available with updates to packages and images that fix several bugs. This release includes a security update for Red Hat OpenShift Container Platform 4.20. Red Hat Product Security has rated this update as having a security impact of...

Important: Red Hat Security Advisory: OpenShift Container Platform 4.21.18 security and extras update

Red Hat OpenShift Container Platform release 4.21.18 is now available with updates to packages and images that fix several bugs. This release includes a security update for Red Hat OpenShift Container Platform 4.21. Red Hat Product Security has rated this update as having a security impact of...

SUSE SLES12 Security Update : google-guest-agent (SUSE-SU-2026:2101-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2026:2101-1 advisory. This update for google-guest-agent fixes the following issue - CVE-2026-33186: google.golang.org/grpc: authorization bypass due to improper...

openSUSE 16 Security Update : google-osconfig-agent (openSUSE-SU-2026:20815-1)

The remote openSUSE 16 host has a package installed that is affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20815-1 advisory. This update for google-osconfig-agent fixes the following issues - CVE-2023-45288: golang.org/x/net/http2: close connections when receiving too...

RHCOS 4 : Red Hat build of MicroShift 4.16.63 (RHSA-2026:20436)

The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:20436 advisory. - google.golang.org/grpc/grpc-go: google.golang.org/grpc/authz: gRPC-Go: Authorization bypass due to improper HTTP/2 path validation...

SUSE-SU-2026:2101-1 Security update for google-guest-agent

This update for google-guest-agent fixes the following issue - CVE-2026-33186: google.golang.org/grpc: authorization bypass due to improper validation of the HTTP/2: path pseudo- header bsc1260264...