CLSA-2026-1772624338 grafana-pcp: Fix of CVE-2025-68121

rebuild with newer golang version 1.22.9-1.el92.tuxcare.els6 to fix the following CVE's - CVE-2025-68121: fix TLS session resumption bypass by preventing shared auto-rotated ticket keys in Config and validating full certificate chain expiry...

CLSA-2026-1772456031 runc: Fix of 3 CVEs

rebuild with newer golang version 1.22.9-1.el92.tuxcare.els6 to fix the following CVE's - CVE-2025-68121: fix TLS session resumption bypass by preventing shared auto-rotated ticket keys in Config and validating full certificate chain expiry - CVE-2025-61726: limit parsed URL query parameters to...

CLSA-2025-1765824979 go-rpm-macros: Fix of CVE-2025-47906

Rebuild with golang = 1.22.9-1.el92.tuxcare.els2 to address CVE-2025-47906...

PT-2023-21168 · Envoy · Envoy

Name of the Vulnerable Software and Affected Versions: Envoy versions prior to 1.26.0 Envoy versions prior to 1.25.3 Envoy versions prior to 1.24.4 Envoy versions prior to 1.23.6 Envoy versions prior to 1.22.9 Description: The Lua filter in Envoy is vulnerable to denial of service. Attackers can...

UpdraftPlus < 1.22.9 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape the updraftinterval parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting XSS vulnerability. https://example.com//wp-admin/options-general.php?page=updraftplus&updraftinterval"confirm1...