Security update for kubo (moderate)

openSUSE Security Update: Security update for kubo Announcement ID: openSUSE-SU-2026:0135-1 Rating: moderate References: 1241776 1251419 1251613 1253857 1261818 Cross-References: CVE-2025-22872 CVE-2025-47911 CVE-2025-58181 CVE-2025-58190 CVE-2026-35480 CVSS scores: CVE-2025-22872 SUSE: 6.3...

kubo-0.40.1-1.1 on GA media (moderate)

kubo-0.40.1-1.1 on GA media Announcement ID: openSUSE-SU-2026:10543-1 Rating: moderate Cross-References: CVE-2025-58181 CVE-2025-58190 CVE-2026-35480 CVSS scores: CVE-2025-58181 SUSE : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2025-58181 SUSE : 6.9...

OPENSUSE-SU-2026:10543-1 kubo-0.40.1-1.1 on GA media

These are all security issues fixed in the kubo-0.40.1-1.1 package on the GA media of openSUSE Tumbleweed...

CLEANSTART-2026-NZ97711 gRPC-Go is the Go language implementation of gRPC

Security vulnerability affects the kubo package. gRPC-Go is the Go language implementation of gRPC...

GHSA-8FJ7-8H3W-XWFM vulnerabilities

Vulnerabilities for packages: telegraf, ollama, wolfictl, pulumi-language-dotnet, flux-operator, terraform-provider-aws, opentelemetry-collector, datadog-agent, flux-kustomize-controller, k3s, chezmoi, cilium-cli, crossplane-provider-aws-sns, crossplane-provider-aws-elasticache, zot, goreleaser,...

CVE-2026-27141 vulnerabilities

Vulnerabilities for packages: telegraf, ollama, wolfictl, pulumi-language-dotnet, flux-operator, terraform-provider-aws, opentelemetry-collector, datadog-agent, flux-kustomize-controller, k3s, chezmoi, cilium-cli, crossplane-provider-aws-sns, crossplane-provider-aws-elasticache, zot, goreleaser,...

GHSA-8FJ7-8H3W-XWFM vulnerabilities

Vulnerabilities for packages: tempo-fips, crossplane-provider-aws-wafv2, trivy, polaris-fips, datadog-agent, contour, caddy, livekit-cli, gitlab-runner, crossplane-provider-aws-cloudwatchlogs-fips, crossplane-provider-aws-route53-fips, opa, crossplane-provider-aws-elasticache, opa-fips-envoy,...

CVE-2026-27141 vulnerabilities

Vulnerabilities for packages: tempo-fips, crossplane-provider-aws-wafv2, trivy, polaris-fips, datadog-agent, contour, caddy, livekit-cli, gitlab-runner, crossplane-provider-aws-cloudwatchlogs-fips, crossplane-provider-aws-route53-fips, opa, crossplane-provider-aws-elasticache, opa-fips-envoy,...

CVE-2025-61728 vulnerabilities

Vulnerabilities for packages: reports-server, cert-manager-cmctl, kube-logging-logging-operator, loki, scorecard, runc, ingress-nginx-controller, ferretdb, aactl, elastic-agent, google-osconfig-agent, kube-state-metrics, external-dns, flux-fips, redis-operator-fips, k8sgateway,...

CVE-2025-59530 vulnerabilities

Vulnerabilities for packages: k8sgateway, kubo, ipfs-cluster, traefik, kargo, q, kyverno-policy-reporter-ui, k3s, frp, kubernetes-dns-node-cache, spegel, caddy, teleport, dkron...

GHSA-47M2-4CR7-MHCW vulnerabilities

Vulnerabilities for packages: k8sgateway, kubo, ipfs-cluster, traefik, kargo, q, kyverno-policy-reporter-ui, k3s, frp, kubernetes-dns-node-cache, spegel, caddy, teleport, dkron...

GHSA-47M2-4CR7-MHCW vulnerabilities

Vulnerabilities for packages: spegel, ipfs-cluster-fips, caddy, k3s, caddy-fips, dkron, ipfs-cluster, syncthing, eks-distro, spegel-fips, kubernetes-dns-node-cache, k8sgateway, traefik, coredns-fips, eks-distro-fips, k8sgateway-fips, q, kargo, dkron-fips, kyverno-policy-reporter-ui-fips, kubo,...

CVE-2025-59530 vulnerabilities

Vulnerabilities for packages: spegel, ipfs-cluster-fips, caddy, k3s, caddy-fips, dkron, ipfs-cluster, syncthing, eks-distro, spegel-fips, kubernetes-dns-node-cache, k8sgateway, traefik, coredns-fips, eks-distro-fips, k8sgateway-fips, q, kargo, dkron-fips, kyverno-policy-reporter-ui-fips, kubo,...

Security update for kubo (moderate)

openSUSE Security Update: Security update for kubo Announcement ID: openSUSE-SU-2025:0347-1 Rating: moderate References: 1241776 Cross-References: CVE-2025-22872 CVSS scores: CVE-2025-22872 SUSE: 6.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L Affected Products: openSUSE...

Security update for kubo (moderate)

openSUSE Security Update: Security update for kubo Announcement ID: openSUSE-SU-2025:0288-1 Rating: moderate References: 1241776 Cross-References: CVE-2025-22872 CVSS scores: CVE-2025-22872 SUSE: 6.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L Affected Products: openSUSE...

OPENSUSE-SU-2025:15147-1 kubo-0.35.0-1.1 on GA media

These are all security issues fixed in the kubo-0.35.0-1.1 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2025:14626-1 kubo-0.32.1-1.1 on GA media

These are all security issues fixed in the kubo-0.32.1-1.1 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2024:13845-1 kubo-0.27.0-2.1 on GA media

These are all security issues fixed in the kubo-0.27.0-2.1 package on the GA media of openSUSE Tumbleweed...

GHSA-QVQG-6RP8-4P9H github.com/ipfs/kubo affected by DOS Bitswap unbounded persistent memory leak

Impact An attacker is able allocate arbitrarily many bytes in the Bitswap server by sending many WANTBLOCK and or WANTHAVE requests which are queued in an unbounded queue, with allocations that persist even if the connection is closed. This affects users accepting or connecting untrusted...

github.com/ipfs/kubo affected by DOS Bitswap unbounded persistent memory leak

Impact An attacker is able allocate arbitrarily many bytes in the Bitswap server by sending many WANTBLOCK and or WANTHAVE requests which are queued in an unbounded queue, with allocations that persist even if the connection is closed. This affects users accepting or connecting untrusted...