4 matches found
SUSE-SU-2026:22424-1 Security update for containerd
This update for containerd fixes the following issues - CVE-2026-33814: golang.org/x/net/http2: infinite loop in HTTP/2 transport when given bad SETTINGSMAXFRAMESIZE bsc1265794. - CVE-2026-34986: github.com/go-jose/go-jose/v3: crafted JWE input with a missing encrypted key can lead to a denial of...
OPENSUSE-SU-2026:21084-1 Security update for distribution
This update for distribution fixes the following issues - CVE-2026-33814: golang.org/x/net/http2: infinite loop in HTTP/2 transport when given bad SETTINGSMAXFRAMESIZE bsc1265788. - CVE-2026-39821: golang.org/x/net/idna: failure to reject ASCII-only Punycode-encoded labels allows for validation...
Invoking failure to reject ASCII-only Punycode-encoded labels in golang.org/x/net/idna
...
CVE-2026-39821 Invoking failure to reject ASCII-only Punycode-encoded labels in golang.org/x/net/idna
The ToASCII and ToUnicode functions incorrectly accept Punycode-encoded labels that decode to an ASCII-only label. For example, ToUnicode"xn--example-.com" incorrectly returns the name "example.com" rather than an error. This behavior can lead to privilege escalation in programs using the idna...