4 matches found
Important: Red Hat Security Advisory: rhc security update
An update for rhc is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...
OPENSUSE-SU-2026:20976-1 Security update for go1.26
This update for go1.26 fixes the following issues Update to go1.26.4 bsc1255111: - CVE-2026-27145: crypto/x509: split candidate hostname only once bsc1267450. - CVE-2026-42504: mime: quadratic complexity in WordDecoder.DecodeHeader bsc1267442. - CVE-2026-42507: net/textproto: arbitrary input are...
CVE-2026-27145 vulnerabilities
Vulnerabilities for packages: crossplane-provider-azure-servicefabric, nri-postgresql-fips, aws-flb-firehose-fips, osv-scanner, docker-credential-acr-env, secrets-store-csi-driver, nsc-fips, porch, amazon-k8s-cni, dragonfly-operator-fips, atlas, dcgm-exporter, logstash, paranoia, consul-k8s,...
UBUNTU-CVE-2026-27145
x509.Certificate.VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name SAN entries. This caused strings.Splithost, "." to execute repeatedly on the same input hostname. With a large DNS SAN list, verification costs scaled quadratically based on the number...