305 matches found
Security update for google-guest-agent (important)
openSUSE security update: security update for google-guest-agent ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:21069-1 Rating: important References: bsc1243254 bsc1243505 bsc1260264 bsc1266171 bsc1266603 Cross-References: CVE-2026-33186...
EUVD-2026-39595
A server-side request forgery SSRF flaw was found in KubeVirt's virt-api port-forward handler. When processing a port-forward request to a VirtualMachineInstance VMI, virt-api reads the target IP from vmi.Status.Interfaces0.IP and passes it directly to net.Dial without validation. For VMIs using...
CVE-2026-13318
A server-side request forgery SSRF flaw was found in KubeVirt's virt-api port-forward handler. When processing a port-forward request to a VirtualMachineInstance VMI, virt-api reads the target IP from vmi.Status.Interfaces0.IP and passes it directly to net.Dial without validation. For VMIs using...
SUSE SLES15 Security Update : google-guest-agent (SUSE-SU-2026:2612-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2612-1 advisory. This update for google-guest-agent fixes the following issues Security issues: - CVE-2026-39821: Update golang.org/x/net/idna...
SUSE SLES12 Security Update : google-guest-agent (SUSE-SU-2026:2581-1)
The remote SUSE Linux SLES12 / SLESSAP12 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2581-1 advisory. - CVE-2026-39827: Update golang.org/x/crypto dependency bsc1266171. - CVE-2026-39828: Update golang.org/x/crypto dependency...
CVE-2026-13318 Virt-api-rhel9: kubevirt: kubevirt: ssrf in virt-api port-forward via unvalidated guest-agent-reported ip
A server-side request forgery SSRF flaw was found in KubeVirt's virt-api port-forward handler. When processing a port-forward request to a VirtualMachineInstance VMI, virt-api reads the target IP from vmi.Status.Interfaces0.IP and passes it directly to net.Dial without validation. For VMIs using...
CVE-2026-13318
KubeVirt exposes an SSRF in virt-api port-forward: when handling a port-forward to a VirtualMachineInstance, virt-api reads vmi.Status.Interfaces[0].IP and dials it without validation. For VMIs using non-masquerade networks (bridge or secondary-only), this IP is supplied by the in-guest QEMU agen...
CVE-2026-13318
A server-side request forgery SSRF flaw was found in KubeVirt's virt-api port-forward handler. When processing a port-forward request to a VirtualMachineInstance VMI, virt-api reads the target IP from vmi.Status.Interfaces0.IP and passes it directly to net.Dial without validation. For VMIs using...
SUSE-SU-2026:2612-1 Security update for google-guest-agent
This update for google-guest-agent fixes the following issues Security issues: - CVE-2026-39821: Update golang.org/x/net/idna dependency bsc1266603. - CVE-2026-39827: Update golang.org/x/crypto dependency bsc1266171. - CVE-2026-39828: Update golang.org/x/crypto dependency bsc1266171. -...
SUSE-SU-2026:2581-1 Security update for google-guest-agent
This update for google-guest-agent fixes the following issues: - CVE-2026-39827: Update golang.org/x/crypto dependency bsc1266171. - CVE-2026-39828: Update golang.org/x/crypto dependency bsc1266171. - CVE-2026-39829: Update golang.org/x/crypto dependency bsc1266171. - CVE-2026-39830: Update...
USN-8447-3: Google Guest Agent vulnerabilities
USN-8447-1 fixed vulnerabilities in Go Cryptography. This update provides the corresponding updates for Go Cryptography code embedded in Google Guest Agent. Original advisory details: It was discovered that Go Cryptography did not properly handle SSH global request responses. A remote attacker...
USN-8447-3 google-guest-agent vulnerabilities
USN-8447-1 fixed vulnerabilities in Go Cryptography. This update provides the corresponding updates for Go Cryptography code embedded in Google Guest Agent. Original advisory details: It was discovered that Go Cryptography did not properly handle SSH global request responses. A remote attacker...
SUSE SLES16 Security Update : google-guest-agent (SUSE-SU-2026:22128-1)
The remote SUSE Linux SLES16 / SLESSAP16 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:22128-1 advisory. Changes in google-guest-agent: Update to version 20260430.00 Update OWNERS 609 Update THIRDPARTYLICENSES to be package specific...
Astra Linux – Vulnerability in libvirt
qemu/qemudriver.c in libvirt before version 6.0.0 improperly handles the handling of a monitor job during a query to a guest agent. This allows attackers to cause a denial of service API blockage...
OPENSUSE-SU-2026:20969-1 Security update for google-guest-agent
This update for google-guest-agent fixes the following issues: Changes in google-guest-agent: Update to version 20260430.00 Update OWNERS 609 Update THIRDPARTYLICENSES to be package specific location. 608 Update dependencies and go version to 1.26.2 607 bsc1265762, CVE-2026-33814 Bump...
SUSE-SU-2026:22128-1 Security update for google-guest-agent
This update for google-guest-agent fixes the following issues: Changes in google-guest-agent: Update to version 20260430.00 Update OWNERS 609 Update THIRDPARTYLICENSES to be package specific location. 608 Update dependencies and go version to 1.26.2 607 bsc1265762, CVE-2026-33814 Bump...
OPENSUSE-SU-2026:11031-1 google-guest-agent-20260529.00-2.1 on GA media
These are all security issues fixed in the google-guest-agent-20260529.00-2.1 package on the GA media of openSUSE Tumbleweed...
SUSE SLES15 Security Update : qemu (SUSE-SU-2026:2388-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2388-1 advisory. Security fixes: - CVE-2026-2243: incorrect bounds check leads to heap out-of-bounds read and a 12-byte information leak when...
Security update for qemu
This update for qemu fixes the following issues: Security fixes: CVE-2026-2243: incorrect bounds check leads to heap out-of-bounds read and a 12-byte information leak when processing specially crafted VMDK files bsc1258509. CVE-2026-3842: hyperv/syndbg: missing mapped-length guard after...
SUSE-SU-2026:22133-1 Security update for google-guest-agent
This update for google-guest-agent fixes the following issues: Update to version 20260430.00: Update dependencies and go version to 1.26.2 607 bsc1265762, CVE-2026-33814 Bump github.com/go-jose/go-jose/v4 from 4.1.3 to 4.1.4 604 bsc1260264, CVE-2026-33186 Backport oslogin changes for sles16 to...