SUSE-SU-2026:22053-1 Security update for elemental-system-agent

This update for elemental-system-agent fixes the following issue - CVE-2026-33186: google.golang.org/grpc: authorization bypass due to improper validation of the HTTP/2: path pseudo- header bsc1260277. Changes: - Update to version 0.3.16: setup for immutable releases 274 align system-agent image...

Security update 5.1.3 for Multi-Linux Manager Client Tools

This update fixes the following issues: golang-github-lusitaniae-apacheexporter: Internal changes to fix build issues with no impact for customers golang-github-prometheus-prometheus: Security issues fixed: CVE-2026-27606: Fixed arbitrary file write via path traversal in rollup bsc1258893 Bumped...

SUSE-SU-2026:1524-1 Security update 5.1.3 for Multi-Linux Manager Client Tools

This update fixes the following issues: golang-github-lusitaniae-apacheexporter: - Internal changes to fix build issues with no impact for customers golang-github-prometheus-prometheus: - Security issues fixed: CVE-2026-27606: Fixed arbitrary file write via path traversal in rollup bsc1258893 +...

Design/Logic Flaw

When gRPC HTTP2 stack raised a header size exceeded error, it skipped parsing the rest of the HPACK frame. This caused any HPACK table mutations to also be skipped, resulting in a desynchronization of HPACK tables between sender and receiver. If leveraged, say, between a proxy and a backend, this...