Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2025-68121 (GCVE-0-2025-68121)
Vulnerability from cvelistv5 – Published: 2026-02-05 17:48 – Updated: 2026-04-29 13:29
VLAI
EPSS
Title
Unexpected session resumption in crypto/tls
Summary
During session resumption in crypto/tls, if the underlying Config has its ClientCAs or RootCAs fields mutated between the initial handshake and the resumed handshake, the resumed handshake may succeed when it should have failed. This may happen when a user calls Config.Clone and mutates the returned Config, or uses Config.GetConfigForClient. This can cause a client to resume a session with a server that it would not have resumed with during the initial handshake, or cause a server to resume a session with a client that it would not have resumed with during the initial handshake.
Severity
9.1 (Critical)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-295 - Improper Certificate Validation
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Go standard library | crypto/tls |
Affected:
0 , < 1.24.13
(semver)
Affected: 1.25.0-0 , < 1.25.7 (semver) Affected: 1.26.0-rc.1 , < 1.26.0-rc.3 (semver) |
Credits
Coia Prant (github.com/rbqvq)
Go Security Team
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-68121",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-29T03:55:46.305385Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-295",
"description": "CWE-295 Improper Certificate Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-29T13:29:25.582Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://pkg.go.dev",
"defaultStatus": "unaffected",
"packageName": "crypto/tls",
"product": "crypto/tls",
"programRoutines": [
{
"name": "Conn.handshakeContext"
},
{
"name": "Conn.Handshake"
},
{
"name": "Conn.HandshakeContext"
},
{
"name": "Conn.Read"
},
{
"name": "Conn.Write"
},
{
"name": "Dial"
},
{
"name": "DialWithDialer"
},
{
"name": "Dialer.Dial"
},
{
"name": "Dialer.DialContext"
},
{
"name": "QUICConn.Start"
}
],
"vendor": "Go standard library",
"versions": [
{
"lessThan": "1.24.13",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "1.25.7",
"status": "affected",
"version": "1.25.0-0",
"versionType": "semver"
},
{
"lessThan": "1.26.0-rc.3",
"status": "affected",
"version": "1.26.0-rc.1",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Coia Prant (github.com/rbqvq)"
},
{
"lang": "en",
"value": "Go Security Team"
}
],
"descriptions": [
{
"lang": "en",
"value": "During session resumption in crypto/tls, if the underlying Config has its ClientCAs or RootCAs fields mutated between the initial handshake and the resumed handshake, the resumed handshake may succeed when it should have failed. This may happen when a user calls Config.Clone and mutates the returned Config, or uses Config.GetConfigForClient. This can cause a client to resume a session with a server that it would not have resumed with during the initial handshake, or cause a server to resume a session with a client that it would not have resumed with during the initial handshake."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-295: Improper Certificate Validation",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-05T17:48:44.141Z",
"orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
"shortName": "Go"
},
"references": [
{
"url": "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk"
},
{
"url": "https://go.dev/cl/737700"
},
{
"url": "https://go.dev/issue/77217"
},
{
"url": "https://pkg.go.dev/vuln/GO-2026-4337"
}
],
"title": "Unexpected session resumption in crypto/tls"
}
},
"cveMetadata": {
"assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
"assignerShortName": "Go",
"cveId": "CVE-2025-68121",
"datePublished": "2026-02-05T17:48:44.141Z",
"dateReserved": "2025-12-15T16:48:04.451Z",
"dateUpdated": "2026-04-29T13:29:25.582Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2025-68121",
"date": "2026-06-27",
"epss": "0.00765",
"percentile": "0.50834"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2025-68121\",\"sourceIdentifier\":\"security@golang.org\",\"published\":\"2026-02-05T18:16:10.857\",\"lastModified\":\"2026-04-29T14:16:16.170\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"During session resumption in crypto/tls, if the underlying Config has its ClientCAs or RootCAs fields mutated between the initial handshake and the resumed handshake, the resumed handshake may succeed when it should have failed. This may happen when a user calls Config.Clone and mutates the returned Config, or uses Config.GetConfigForClient. This can cause a client to resume a session with a server that it would not have resumed with during the initial handshake, or cause a server to resume a session with a client that it would not have resumed with during the initial handshake.\"},{\"lang\":\"es\",\"value\":\"Durante la reanudaci\u00f3n de la sesi\u00f3n en crypto/tls, si la Config subyacente tiene sus campos ClientCAs o RootCAs mutados entre el handshake inicial y el handshake reanudado, el handshake reanudado puede tener \u00e9xito cuando deber\u00eda haber fallado. Esto puede ocurrir cuando un usuario llama a Config.Clone y muta la Config devuelta, o usa Config.GetConfigForClient. Esto puede hacer que un cliente reanude una sesi\u00f3n con un servidor con el que no la habr\u00eda reanudado durante el handshake inicial, o hacer que un servidor reanude una sesi\u00f3n con un cliente con el que no la habr\u00eda reanudado durante el handshake inicial.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\",\"baseScore\":10.0,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":6.0},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N\",\"baseScore\":9.1,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":5.2}]},\"weaknesses\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-295\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.24.13\",\"matchCriteriaId\":\"9FEE539A-EDC2-4044-A38C-5A0FDF567509\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.25.0\",\"versionEndExcluding\":\"1.25.7\",\"matchCriteriaId\":\"B275853C-E253-485B-B469-31D1A7383965\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:golang:go:1.26.0:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"E529A0EC-B944-4E2F-B26A-2A9F31AFF240\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:golang:go:1.26.0:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"553D6D90-140E-4A54-86A3-00E66AC30F3C\"}]}]}],\"references\":[{\"url\":\"https://go.dev/cl/737700\",\"source\":\"security@golang.org\",\"tags\":[\"Patch\"]},{\"url\":\"https://go.dev/issue/77217\",\"source\":\"security@golang.org\",\"tags\":[\"Exploit\",\"Issue Tracking\"]},{\"url\":\"https://groups.google.com/g/golang-announce/c/K09ubi9FQFk\",\"source\":\"security@golang.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://pkg.go.dev/vuln/GO-2026-4337\",\"source\":\"security@golang.org\",\"tags\":[\"Vendor Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 9.1, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"CRITICAL\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-68121\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-04-29T03:55:46.305385Z\"}}}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-295\", \"description\": \"CWE-295 Improper Certificate Validation\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-02-06T15:32:38.457Z\"}}], \"cna\": {\"title\": \"Unexpected session resumption in crypto/tls\", \"credits\": [{\"lang\": \"en\", \"value\": \"Coia Prant (github.com/rbqvq)\"}, {\"lang\": \"en\", \"value\": \"Go Security Team\"}], \"affected\": [{\"vendor\": \"Go standard library\", \"product\": \"crypto/tls\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"1.24.13\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"1.25.0-0\", \"lessThan\": \"1.25.7\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"1.26.0-rc.1\", \"lessThan\": \"1.26.0-rc.3\", \"versionType\": \"semver\"}], \"packageName\": \"crypto/tls\", \"collectionURL\": \"https://pkg.go.dev\", \"defaultStatus\": \"unaffected\", \"programRoutines\": [{\"name\": \"Conn.handshakeContext\"}, {\"name\": \"Conn.Handshake\"}, {\"name\": \"Conn.HandshakeContext\"}, {\"name\": \"Conn.Read\"}, {\"name\": \"Conn.Write\"}, {\"name\": \"Dial\"}, {\"name\": \"DialWithDialer\"}, {\"name\": \"Dialer.Dial\"}, {\"name\": \"Dialer.DialContext\"}, {\"name\": \"QUICConn.Start\"}]}], \"references\": [{\"url\": \"https://groups.google.com/g/golang-announce/c/K09ubi9FQFk\"}, {\"url\": \"https://go.dev/cl/737700\"}, {\"url\": \"https://go.dev/issue/77217\"}, {\"url\": \"https://pkg.go.dev/vuln/GO-2026-4337\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"During session resumption in crypto/tls, if the underlying Config has its ClientCAs or RootCAs fields mutated between the initial handshake and the resumed handshake, the resumed handshake may succeed when it should have failed. This may happen when a user calls Config.Clone and mutates the returned Config, or uses Config.GetConfigForClient. This can cause a client to resume a session with a server that it would not have resumed with during the initial handshake, or cause a server to resume a session with a client that it would not have resumed with during the initial handshake.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"description\": \"CWE-295: Improper Certificate Validation\"}]}], \"providerMetadata\": {\"orgId\": \"1bb62c36-49e3-4200-9d77-64a1400537cc\", \"shortName\": \"Go\", \"dateUpdated\": \"2026-02-05T17:48:44.141Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2025-68121\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-04-29T13:29:25.582Z\", \"dateReserved\": \"2025-12-15T16:48:04.451Z\", \"assignerOrgId\": \"1bb62c36-49e3-4200-9d77-64a1400537cc\", \"datePublished\": \"2026-02-05T17:48:44.141Z\", \"assignerShortName\": \"Go\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
OPENSUSE-SU-2026:20220-1
Vulnerability from csaf_opensuse - Published: 2026-02-13 11:53 - Updated: 2026-02-13 11:53Summary
Security update for go1.24
Severity
Critical
Notes
Title of the patch: Security update for go1.24
Description of the patch: This update for go1.24 fixes the following issues:
Update to version 1.24.13.
Security issues fixed:
- CVE-2025-61732: cmd/go: discrepancy between Go and C/C++ comment parsing allows for C code smuggling (bsc#1257692).
- CVE-2025-68121: crypto/tls: Config.Clone copies automatically generated session ticket keys, session resumption does
not account for the expiration of full certificate chain (bsc#1256818).
- CVE-2025-68119: cmd/go: unexpected code execution when invoking toolchain (bsc1256820).
Other updates and bugfixes:
- version update to 1.24.13:
* go#77323 crypto/x509: single-label excluded DNS name constraints incorrectly match all wildcard SANs
* go#77424 crypto/tls: CL 737700 broke session resumption on macOS
Patchnames: openSUSE-Leap-16.0-270
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
9.6 (Critical)
Affected products
Recommended
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:go1.24-1.24.13-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-1.24.13-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-1.24.13-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-1.24.13-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-doc-1.24.13-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-doc-1.24.13-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-doc-1.24.13-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-doc-1.24.13-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-libstd-1.24.13-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-libstd-1.24.13-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-race-1.24.13-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-race-1.24.13-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-race-1.24.13-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-race-1.24.13-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
Affected products
Recommended
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:go1.24-1.24.13-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-1.24.13-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-1.24.13-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-1.24.13-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-doc-1.24.13-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-doc-1.24.13-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-doc-1.24.13-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-doc-1.24.13-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-libstd-1.24.13-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-libstd-1.24.13-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-race-1.24.13-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-race-1.24.13-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-race-1.24.13-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-race-1.24.13-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.4 (High)
Affected products
Recommended
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:go1.24-1.24.13-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-1.24.13-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-1.24.13-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-1.24.13-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-doc-1.24.13-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-doc-1.24.13-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-doc-1.24.13-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-doc-1.24.13-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-libstd-1.24.13-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-libstd-1.24.13-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-race-1.24.13-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-race-1.24.13-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-race-1.24.13-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-race-1.24.13-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
15 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "critical"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for go1.24",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for go1.24 fixes the following issues:\n\nUpdate to version 1.24.13.\n\nSecurity issues fixed:\n\n- CVE-2025-61732: cmd/go: discrepancy between Go and C/C++ comment parsing allows for C code smuggling (bsc#1257692).\n- CVE-2025-68121: crypto/tls: Config.Clone copies automatically generated session ticket keys, session resumption does\n not account for the expiration of full certificate chain (bsc#1256818).\n- CVE-2025-68119: cmd/go: unexpected code execution when invoking toolchain (bsc1256820).\n\nOther updates and bugfixes:\n\n- version update to 1.24.13:\n\n * go#77323 crypto/x509: single-label excluded DNS name constraints incorrectly match all wildcard SANs\n * go#77424 crypto/tls: CL 737700 broke session resumption on macOS\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Leap-16.0-270",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2026_20220-1.json"
},
{
"category": "self",
"summary": "SUSE Bug 1236217",
"url": "https://bugzilla.suse.com/1236217"
},
{
"category": "self",
"summary": "SUSE Bug 1256818",
"url": "https://bugzilla.suse.com/1256818"
},
{
"category": "self",
"summary": "SUSE Bug 1256820",
"url": "https://bugzilla.suse.com/1256820"
},
{
"category": "self",
"summary": "SUSE Bug 1257692",
"url": "https://bugzilla.suse.com/1257692"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-61732 page",
"url": "https://www.suse.com/security/cve/CVE-2025-61732/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68119 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68119/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68121 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68121/"
}
],
"title": "Security update for go1.24",
"tracking": {
"current_release_date": "2026-02-13T11:53:30Z",
"generator": {
"date": "2026-02-13T11:53:30Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2026:20220-1",
"initial_release_date": "2026-02-13T11:53:30Z",
"revision_history": [
{
"date": "2026-02-13T11:53:30Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "go1.24-1.24.13-160000.1.1.aarch64",
"product": {
"name": "go1.24-1.24.13-160000.1.1.aarch64",
"product_id": "go1.24-1.24.13-160000.1.1.aarch64"
}
},
{
"category": "product_version",
"name": "go1.24-doc-1.24.13-160000.1.1.aarch64",
"product": {
"name": "go1.24-doc-1.24.13-160000.1.1.aarch64",
"product_id": "go1.24-doc-1.24.13-160000.1.1.aarch64"
}
},
{
"category": "product_version",
"name": "go1.24-libstd-1.24.13-160000.1.1.aarch64",
"product": {
"name": "go1.24-libstd-1.24.13-160000.1.1.aarch64",
"product_id": "go1.24-libstd-1.24.13-160000.1.1.aarch64"
}
},
{
"category": "product_version",
"name": "go1.24-race-1.24.13-160000.1.1.aarch64",
"product": {
"name": "go1.24-race-1.24.13-160000.1.1.aarch64",
"product_id": "go1.24-race-1.24.13-160000.1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "go1.24-1.24.13-160000.1.1.ppc64le",
"product": {
"name": "go1.24-1.24.13-160000.1.1.ppc64le",
"product_id": "go1.24-1.24.13-160000.1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "go1.24-doc-1.24.13-160000.1.1.ppc64le",
"product": {
"name": "go1.24-doc-1.24.13-160000.1.1.ppc64le",
"product_id": "go1.24-doc-1.24.13-160000.1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "go1.24-race-1.24.13-160000.1.1.ppc64le",
"product": {
"name": "go1.24-race-1.24.13-160000.1.1.ppc64le",
"product_id": "go1.24-race-1.24.13-160000.1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "go1.24-1.24.13-160000.1.1.s390x",
"product": {
"name": "go1.24-1.24.13-160000.1.1.s390x",
"product_id": "go1.24-1.24.13-160000.1.1.s390x"
}
},
{
"category": "product_version",
"name": "go1.24-doc-1.24.13-160000.1.1.s390x",
"product": {
"name": "go1.24-doc-1.24.13-160000.1.1.s390x",
"product_id": "go1.24-doc-1.24.13-160000.1.1.s390x"
}
},
{
"category": "product_version",
"name": "go1.24-race-1.24.13-160000.1.1.s390x",
"product": {
"name": "go1.24-race-1.24.13-160000.1.1.s390x",
"product_id": "go1.24-race-1.24.13-160000.1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "go1.24-1.24.13-160000.1.1.x86_64",
"product": {
"name": "go1.24-1.24.13-160000.1.1.x86_64",
"product_id": "go1.24-1.24.13-160000.1.1.x86_64"
}
},
{
"category": "product_version",
"name": "go1.24-doc-1.24.13-160000.1.1.x86_64",
"product": {
"name": "go1.24-doc-1.24.13-160000.1.1.x86_64",
"product_id": "go1.24-doc-1.24.13-160000.1.1.x86_64"
}
},
{
"category": "product_version",
"name": "go1.24-libstd-1.24.13-160000.1.1.x86_64",
"product": {
"name": "go1.24-libstd-1.24.13-160000.1.1.x86_64",
"product_id": "go1.24-libstd-1.24.13-160000.1.1.x86_64"
}
},
{
"category": "product_version",
"name": "go1.24-race-1.24.13-160000.1.1.x86_64",
"product": {
"name": "go1.24-race-1.24.13-160000.1.1.x86_64",
"product_id": "go1.24-race-1.24.13-160000.1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 16.0",
"product": {
"name": "openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0"
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.24-1.24.13-160000.1.1.aarch64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:go1.24-1.24.13-160000.1.1.aarch64"
},
"product_reference": "go1.24-1.24.13-160000.1.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.24-1.24.13-160000.1.1.ppc64le as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:go1.24-1.24.13-160000.1.1.ppc64le"
},
"product_reference": "go1.24-1.24.13-160000.1.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.24-1.24.13-160000.1.1.s390x as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:go1.24-1.24.13-160000.1.1.s390x"
},
"product_reference": "go1.24-1.24.13-160000.1.1.s390x",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.24-1.24.13-160000.1.1.x86_64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:go1.24-1.24.13-160000.1.1.x86_64"
},
"product_reference": "go1.24-1.24.13-160000.1.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.24-doc-1.24.13-160000.1.1.aarch64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:go1.24-doc-1.24.13-160000.1.1.aarch64"
},
"product_reference": "go1.24-doc-1.24.13-160000.1.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.24-doc-1.24.13-160000.1.1.ppc64le as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:go1.24-doc-1.24.13-160000.1.1.ppc64le"
},
"product_reference": "go1.24-doc-1.24.13-160000.1.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.24-doc-1.24.13-160000.1.1.s390x as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:go1.24-doc-1.24.13-160000.1.1.s390x"
},
"product_reference": "go1.24-doc-1.24.13-160000.1.1.s390x",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.24-doc-1.24.13-160000.1.1.x86_64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:go1.24-doc-1.24.13-160000.1.1.x86_64"
},
"product_reference": "go1.24-doc-1.24.13-160000.1.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.24-libstd-1.24.13-160000.1.1.aarch64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:go1.24-libstd-1.24.13-160000.1.1.aarch64"
},
"product_reference": "go1.24-libstd-1.24.13-160000.1.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.24-libstd-1.24.13-160000.1.1.x86_64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:go1.24-libstd-1.24.13-160000.1.1.x86_64"
},
"product_reference": "go1.24-libstd-1.24.13-160000.1.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.24-race-1.24.13-160000.1.1.aarch64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:go1.24-race-1.24.13-160000.1.1.aarch64"
},
"product_reference": "go1.24-race-1.24.13-160000.1.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.24-race-1.24.13-160000.1.1.ppc64le as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:go1.24-race-1.24.13-160000.1.1.ppc64le"
},
"product_reference": "go1.24-race-1.24.13-160000.1.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.24-race-1.24.13-160000.1.1.s390x as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:go1.24-race-1.24.13-160000.1.1.s390x"
},
"product_reference": "go1.24-race-1.24.13-160000.1.1.s390x",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.24-race-1.24.13-160000.1.1.x86_64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:go1.24-race-1.24.13-160000.1.1.x86_64"
},
"product_reference": "go1.24-race-1.24.13-160000.1.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 16.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-61732",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-61732"
}
],
"notes": [
{
"category": "general",
"text": "A discrepancy between how Go and C/C++ comments were parsed allowed for code smuggling into the resulting cgo binary.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:go1.24-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-doc-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-doc-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-doc-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-doc-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-libstd-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-libstd-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-race-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-race-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-race-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-race-1.24.13-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-61732",
"url": "https://www.suse.com/security/cve/CVE-2025-61732"
},
{
"category": "external",
"summary": "SUSE Bug 1257692 for CVE-2025-61732",
"url": "https://bugzilla.suse.com/1257692"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:go1.24-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-doc-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-doc-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-doc-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-doc-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-libstd-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-libstd-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-race-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-race-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-race-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-race-1.24.13-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:go1.24-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-doc-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-doc-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-doc-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-doc-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-libstd-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-libstd-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-race-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-race-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-race-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-race-1.24.13-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-13T11:53:30Z",
"details": "critical"
}
],
"title": "CVE-2025-61732"
},
{
"cve": "CVE-2025-68119",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68119"
}
],
"notes": [
{
"category": "general",
"text": "Downloading and building modules with malicious version strings can cause local code execution. On systems with Mercurial (hg) installed, downloading modules from non-standard sources (e.g., custom domains) can cause unexpected code execution due to how external VCS commands are constructed. This issue can also be triggered by providing a malicious version string to the toolchain. On systems with Git installed, downloading and building modules with malicious version strings can allow an attacker to write to arbitrary files on the filesystem. This can only be triggered by explicitly providing the malicious version strings to the toolchain and does not affect usage of @latest or bare module paths.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:go1.24-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-doc-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-doc-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-doc-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-doc-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-libstd-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-libstd-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-race-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-race-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-race-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-race-1.24.13-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68119",
"url": "https://www.suse.com/security/cve/CVE-2025-68119"
},
{
"category": "external",
"summary": "SUSE Bug 1256820 for CVE-2025-68119",
"url": "https://bugzilla.suse.com/1256820"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:go1.24-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-doc-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-doc-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-doc-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-doc-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-libstd-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-libstd-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-race-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-race-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-race-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-race-1.24.13-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:go1.24-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-doc-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-doc-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-doc-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-doc-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-libstd-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-libstd-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-race-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-race-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-race-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-race-1.24.13-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-13T11:53:30Z",
"details": "important"
}
],
"title": "CVE-2025-68119"
},
{
"cve": "CVE-2025-68121",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68121"
}
],
"notes": [
{
"category": "general",
"text": "During session resumption in crypto/tls, if the underlying Config has its ClientCAs or RootCAs fields mutated between the initial handshake and the resumed handshake, the resumed handshake may succeed when it should have failed. This may happen when a user calls Config.Clone and mutates the returned Config, or uses Config.GetConfigForClient. This can cause a client to resume a session with a server that it would not have resumed with during the initial handshake, or cause a server to resume a session with a client that it would not have resumed with during the initial handshake.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:go1.24-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-doc-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-doc-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-doc-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-doc-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-libstd-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-libstd-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-race-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-race-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-race-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-race-1.24.13-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68121",
"url": "https://www.suse.com/security/cve/CVE-2025-68121"
},
{
"category": "external",
"summary": "SUSE Bug 1256818 for CVE-2025-68121",
"url": "https://bugzilla.suse.com/1256818"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:go1.24-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-doc-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-doc-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-doc-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-doc-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-libstd-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-libstd-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-race-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-race-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-race-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-race-1.24.13-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:go1.24-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-doc-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-doc-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-doc-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-doc-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-libstd-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-libstd-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-race-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-race-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-race-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-race-1.24.13-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-13T11:53:30Z",
"details": "important"
}
],
"title": "CVE-2025-68121"
}
]
}
OPENSUSE-SU-2026:20301-1
Vulnerability from csaf_opensuse - Published: 2026-03-03 09:04 - Updated: 2026-03-03 09:04Summary
Security update for go1.25-openssl
Severity
Important
Notes
Title of the patch: Security update for go1.25-openssl
Description of the patch: This update for go1.25-openssl fixes the following issues:
- Update to version 1.25.7 (jsc#SLE-18320)
- CVE-2025-61730: crypto/tls: handshake messages may be processed at the incorrect encryption level (bsc#1256821)
- CVE-2025-68119: cmd/go: unexpected code execution when invoking toolchain (bsc#1256820)
- CVE-2025-61731: cmd/go: bypass of flag sanitization can lead to arbitrary code execution (bsc#1256819)
- CVE-2025-61726: net/http: memory exhaustion in Request.ParseForm (bsc#1256817)
- CVE-2025-61728: archive/zip: denial of service when parsing arbitrary ZIP archives (bsc#1256816)
- CVE-2025-68121: crypto/tls: Config.Clone copies automatically generated session ticket keys, session resumption does not account for the expiration of full certificate chain (bsc#1256818)
- CVE-2025-61729: crypto/x509: excessive resource consumption in printing error string for host certificate validation (bsc#1254431)
- CVE-2025-61727: crypto/x509: excluded subdomain constraint doesn't preclude wildcard SA (bsc#1254430)
- CVE-2025-58189: crypto/tls: ALPN negotiation error contains attacker controlled information (bsc#1251255)
- CVE-2025-61725: net/mail: excessive CPU consumption in ParseAddress (bsc#1251253)
- CVE-2025-58188: crypto/x509: panic when validating certificates with DSA public keys (bsc#1251260)
- CVE-2025-58185: encoding/asn1: pre-allocating memory when parsing DER payload can cause memory exhaustion (bsc#1251258)
- CVE-2025-58186: net/http: lack of limit when parsing cookies can cause memory exhaustion (bsc#1251259)
- CVE-2025-61723: encoding/pem: quadratic complexity when parsing some invalid inputs (bsc#1251256)
- CVE-2025-58183: archive/tar: unbounded allocation when parsing GNU sparse map (bsc#1251261)
- CVE-2025-47912: net/url: insufficient validation of bracketed IPv6 hostnames (bsc#1251257)
- CVE-2025-58187: crypto/x509: quadratic complexity when checking name constraints (bsc#1251254)
- CVE-2025-61724: net/textproto: excessive CPU consumption in Reader.ReadResponse (bsc#1251262)
Patchnames: openSUSE-Leap-16.0-339
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
8.2 (High)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.3 (Medium)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.3 (Medium)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.3 (Medium)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
4 (Medium)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.3 (Medium)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.3 (Medium)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.5 (Medium)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.5 (Medium)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
5.5 (Medium)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.4 (High)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
79 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for go1.25-openssl",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for go1.25-openssl fixes the following issues:\n\n- Update to version 1.25.7 (jsc#SLE-18320)\n- CVE-2025-61730: crypto/tls: handshake messages may be processed at the incorrect encryption level (bsc#1256821)\n- CVE-2025-68119: cmd/go: unexpected code execution when invoking toolchain (bsc#1256820)\n- CVE-2025-61731: cmd/go: bypass of flag sanitization can lead to arbitrary code execution (bsc#1256819)\n- CVE-2025-61726: net/http: memory exhaustion in Request.ParseForm (bsc#1256817)\n- CVE-2025-61728: archive/zip: denial of service when parsing arbitrary ZIP archives (bsc#1256816)\n- CVE-2025-68121: crypto/tls: Config.Clone copies automatically generated session ticket keys, session resumption does not account for the expiration of full certificate chain (bsc#1256818)\n- CVE-2025-61729: crypto/x509: excessive resource consumption in printing error string for host certificate validation (bsc#1254431)\n- CVE-2025-61727: crypto/x509: excluded subdomain constraint doesn\u0027t preclude wildcard SA (bsc#1254430)\n- CVE-2025-58189: crypto/tls: ALPN negotiation error contains attacker controlled information (bsc#1251255)\n- CVE-2025-61725: net/mail: excessive CPU consumption in ParseAddress (bsc#1251253)\n- CVE-2025-58188: crypto/x509: panic when validating certificates with DSA public keys (bsc#1251260)\n- CVE-2025-58185: encoding/asn1: pre-allocating memory when parsing DER payload can cause memory exhaustion (bsc#1251258)\n- CVE-2025-58186: net/http: lack of limit when parsing cookies can cause memory exhaustion (bsc#1251259)\n- CVE-2025-61723: encoding/pem: quadratic complexity when parsing some invalid inputs (bsc#1251256)\n- CVE-2025-58183: archive/tar: unbounded allocation when parsing GNU sparse map (bsc#1251261)\n- CVE-2025-47912: net/url: insufficient validation of bracketed IPv6 hostnames (bsc#1251257)\n- CVE-2025-58187: crypto/x509: quadratic complexity when checking name constraints (bsc#1251254)\n- CVE-2025-61724: net/textproto: excessive CPU consumption in Reader.ReadResponse (bsc#1251262)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Leap-16.0-339",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2026_20301-1.json"
},
{
"category": "self",
"summary": "SUSE Bug 1244485",
"url": "https://bugzilla.suse.com/1244485"
},
{
"category": "self",
"summary": "SUSE Bug 1245878",
"url": "https://bugzilla.suse.com/1245878"
},
{
"category": "self",
"summary": "SUSE Bug 1249985",
"url": "https://bugzilla.suse.com/1249985"
},
{
"category": "self",
"summary": "SUSE Bug 1251253",
"url": "https://bugzilla.suse.com/1251253"
},
{
"category": "self",
"summary": "SUSE Bug 1251254",
"url": "https://bugzilla.suse.com/1251254"
},
{
"category": "self",
"summary": "SUSE Bug 1251255",
"url": "https://bugzilla.suse.com/1251255"
},
{
"category": "self",
"summary": "SUSE Bug 1251256",
"url": "https://bugzilla.suse.com/1251256"
},
{
"category": "self",
"summary": "SUSE Bug 1251257",
"url": "https://bugzilla.suse.com/1251257"
},
{
"category": "self",
"summary": "SUSE Bug 1251258",
"url": "https://bugzilla.suse.com/1251258"
},
{
"category": "self",
"summary": "SUSE Bug 1251259",
"url": "https://bugzilla.suse.com/1251259"
},
{
"category": "self",
"summary": "SUSE Bug 1251260",
"url": "https://bugzilla.suse.com/1251260"
},
{
"category": "self",
"summary": "SUSE Bug 1251261",
"url": "https://bugzilla.suse.com/1251261"
},
{
"category": "self",
"summary": "SUSE Bug 1251262",
"url": "https://bugzilla.suse.com/1251262"
},
{
"category": "self",
"summary": "SUSE Bug 1254227",
"url": "https://bugzilla.suse.com/1254227"
},
{
"category": "self",
"summary": "SUSE Bug 1254430",
"url": "https://bugzilla.suse.com/1254430"
},
{
"category": "self",
"summary": "SUSE Bug 1254431",
"url": "https://bugzilla.suse.com/1254431"
},
{
"category": "self",
"summary": "SUSE Bug 1256816",
"url": "https://bugzilla.suse.com/1256816"
},
{
"category": "self",
"summary": "SUSE Bug 1256817",
"url": "https://bugzilla.suse.com/1256817"
},
{
"category": "self",
"summary": "SUSE Bug 1256818",
"url": "https://bugzilla.suse.com/1256818"
},
{
"category": "self",
"summary": "SUSE Bug 1256819",
"url": "https://bugzilla.suse.com/1256819"
},
{
"category": "self",
"summary": "SUSE Bug 1256820",
"url": "https://bugzilla.suse.com/1256820"
},
{
"category": "self",
"summary": "SUSE Bug 1256821",
"url": "https://bugzilla.suse.com/1256821"
},
{
"category": "self",
"summary": "SUSE Bug 1257486",
"url": "https://bugzilla.suse.com/1257486"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-47912 page",
"url": "https://www.suse.com/security/cve/CVE-2025-47912/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-58183 page",
"url": "https://www.suse.com/security/cve/CVE-2025-58183/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-58185 page",
"url": "https://www.suse.com/security/cve/CVE-2025-58185/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-58186 page",
"url": "https://www.suse.com/security/cve/CVE-2025-58186/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-58187 page",
"url": "https://www.suse.com/security/cve/CVE-2025-58187/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-58188 page",
"url": "https://www.suse.com/security/cve/CVE-2025-58188/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-58189 page",
"url": "https://www.suse.com/security/cve/CVE-2025-58189/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-61723 page",
"url": "https://www.suse.com/security/cve/CVE-2025-61723/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-61724 page",
"url": "https://www.suse.com/security/cve/CVE-2025-61724/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-61725 page",
"url": "https://www.suse.com/security/cve/CVE-2025-61725/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-61726 page",
"url": "https://www.suse.com/security/cve/CVE-2025-61726/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-61727 page",
"url": "https://www.suse.com/security/cve/CVE-2025-61727/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-61728 page",
"url": "https://www.suse.com/security/cve/CVE-2025-61728/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-61729 page",
"url": "https://www.suse.com/security/cve/CVE-2025-61729/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-61730 page",
"url": "https://www.suse.com/security/cve/CVE-2025-61730/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-61731 page",
"url": "https://www.suse.com/security/cve/CVE-2025-61731/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68119 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68119/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68121 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68121/"
}
],
"title": "Security update for go1.25-openssl",
"tracking": {
"current_release_date": "2026-03-03T09:04:46Z",
"generator": {
"date": "2026-03-03T09:04:46Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2026:20301-1",
"initial_release_date": "2026-03-03T09:04:46Z",
"revision_history": [
{
"date": "2026-03-03T09:04:46Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "go1.25-openssl-1.25.7-160000.1.1.aarch64",
"product": {
"name": "go1.25-openssl-1.25.7-160000.1.1.aarch64",
"product_id": "go1.25-openssl-1.25.7-160000.1.1.aarch64"
}
},
{
"category": "product_version",
"name": "go1.25-openssl-doc-1.25.7-160000.1.1.aarch64",
"product": {
"name": "go1.25-openssl-doc-1.25.7-160000.1.1.aarch64",
"product_id": "go1.25-openssl-doc-1.25.7-160000.1.1.aarch64"
}
},
{
"category": "product_version",
"name": "go1.25-openssl-race-1.25.7-160000.1.1.aarch64",
"product": {
"name": "go1.25-openssl-race-1.25.7-160000.1.1.aarch64",
"product_id": "go1.25-openssl-race-1.25.7-160000.1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "go1.25-openssl-1.25.7-160000.1.1.ppc64le",
"product": {
"name": "go1.25-openssl-1.25.7-160000.1.1.ppc64le",
"product_id": "go1.25-openssl-1.25.7-160000.1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "go1.25-openssl-doc-1.25.7-160000.1.1.ppc64le",
"product": {
"name": "go1.25-openssl-doc-1.25.7-160000.1.1.ppc64le",
"product_id": "go1.25-openssl-doc-1.25.7-160000.1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "go1.25-openssl-race-1.25.7-160000.1.1.ppc64le",
"product": {
"name": "go1.25-openssl-race-1.25.7-160000.1.1.ppc64le",
"product_id": "go1.25-openssl-race-1.25.7-160000.1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "go1.25-openssl-1.25.7-160000.1.1.s390x",
"product": {
"name": "go1.25-openssl-1.25.7-160000.1.1.s390x",
"product_id": "go1.25-openssl-1.25.7-160000.1.1.s390x"
}
},
{
"category": "product_version",
"name": "go1.25-openssl-doc-1.25.7-160000.1.1.s390x",
"product": {
"name": "go1.25-openssl-doc-1.25.7-160000.1.1.s390x",
"product_id": "go1.25-openssl-doc-1.25.7-160000.1.1.s390x"
}
},
{
"category": "product_version",
"name": "go1.25-openssl-race-1.25.7-160000.1.1.s390x",
"product": {
"name": "go1.25-openssl-race-1.25.7-160000.1.1.s390x",
"product_id": "go1.25-openssl-race-1.25.7-160000.1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "go1.25-openssl-1.25.7-160000.1.1.x86_64",
"product": {
"name": "go1.25-openssl-1.25.7-160000.1.1.x86_64",
"product_id": "go1.25-openssl-1.25.7-160000.1.1.x86_64"
}
},
{
"category": "product_version",
"name": "go1.25-openssl-doc-1.25.7-160000.1.1.x86_64",
"product": {
"name": "go1.25-openssl-doc-1.25.7-160000.1.1.x86_64",
"product_id": "go1.25-openssl-doc-1.25.7-160000.1.1.x86_64"
}
},
{
"category": "product_version",
"name": "go1.25-openssl-race-1.25.7-160000.1.1.x86_64",
"product": {
"name": "go1.25-openssl-race-1.25.7-160000.1.1.x86_64",
"product_id": "go1.25-openssl-race-1.25.7-160000.1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 16.0",
"product": {
"name": "openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0"
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.25-openssl-1.25.7-160000.1.1.aarch64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.aarch64"
},
"product_reference": "go1.25-openssl-1.25.7-160000.1.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.25-openssl-1.25.7-160000.1.1.ppc64le as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.ppc64le"
},
"product_reference": "go1.25-openssl-1.25.7-160000.1.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.25-openssl-1.25.7-160000.1.1.s390x as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.s390x"
},
"product_reference": "go1.25-openssl-1.25.7-160000.1.1.s390x",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.25-openssl-1.25.7-160000.1.1.x86_64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.x86_64"
},
"product_reference": "go1.25-openssl-1.25.7-160000.1.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.25-openssl-doc-1.25.7-160000.1.1.aarch64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.aarch64"
},
"product_reference": "go1.25-openssl-doc-1.25.7-160000.1.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.25-openssl-doc-1.25.7-160000.1.1.ppc64le as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.ppc64le"
},
"product_reference": "go1.25-openssl-doc-1.25.7-160000.1.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.25-openssl-doc-1.25.7-160000.1.1.s390x as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.s390x"
},
"product_reference": "go1.25-openssl-doc-1.25.7-160000.1.1.s390x",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.25-openssl-doc-1.25.7-160000.1.1.x86_64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.x86_64"
},
"product_reference": "go1.25-openssl-doc-1.25.7-160000.1.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.25-openssl-race-1.25.7-160000.1.1.aarch64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.aarch64"
},
"product_reference": "go1.25-openssl-race-1.25.7-160000.1.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.25-openssl-race-1.25.7-160000.1.1.ppc64le as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.ppc64le"
},
"product_reference": "go1.25-openssl-race-1.25.7-160000.1.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.25-openssl-race-1.25.7-160000.1.1.s390x as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.s390x"
},
"product_reference": "go1.25-openssl-race-1.25.7-160000.1.1.s390x",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.25-openssl-race-1.25.7-160000.1.1.x86_64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.x86_64"
},
"product_reference": "go1.25-openssl-race-1.25.7-160000.1.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 16.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-47912",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-47912"
}
],
"notes": [
{
"category": "general",
"text": "The Parse function permits values other than IPv6 addresses to be included in square brackets within the host component of a URL. RFC 3986 permits IPv6 addresses to be included within the host component, enclosed within square brackets. For example: \"http://[::1]/\". IPv4 addresses and hostnames must not appear within square brackets. Parse did not enforce this requirement.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-47912",
"url": "https://www.suse.com/security/cve/CVE-2025-47912"
},
{
"category": "external",
"summary": "SUSE Bug 1251257 for CVE-2025-47912",
"url": "https://bugzilla.suse.com/1251257"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-03T09:04:46Z",
"details": "important"
}
],
"title": "CVE-2025-47912"
},
{
"cve": "CVE-2025-58183",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-58183"
}
],
"notes": [
{
"category": "general",
"text": "tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A maliciously-crafted archive containing a large number of sparse regions can cause a Reader to read an unbounded amount of data from the archive into memory. When reading from a compressed source, a small compressed input can result in large allocations.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-58183",
"url": "https://www.suse.com/security/cve/CVE-2025-58183"
},
{
"category": "external",
"summary": "SUSE Bug 1251261 for CVE-2025-58183",
"url": "https://bugzilla.suse.com/1251261"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-03T09:04:46Z",
"details": "moderate"
}
],
"title": "CVE-2025-58183"
},
{
"cve": "CVE-2025-58185",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-58185"
}
],
"notes": [
{
"category": "general",
"text": "Parsing a maliciously crafted DER payload could allocate large amounts of memory, causing memory exhaustion.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-58185",
"url": "https://www.suse.com/security/cve/CVE-2025-58185"
},
{
"category": "external",
"summary": "SUSE Bug 1251258 for CVE-2025-58185",
"url": "https://bugzilla.suse.com/1251258"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-03T09:04:46Z",
"details": "moderate"
}
],
"title": "CVE-2025-58185"
},
{
"cve": "CVE-2025-58186",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-58186"
}
],
"notes": [
{
"category": "general",
"text": "Despite HTTP headers having a default limit of 1MB, the number of cookies that can be parsed does not have a limit. By sending a lot of very small cookies such as \"a=;\", an attacker can make an HTTP server allocate a large amount of structs, causing large memory consumption.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-58186",
"url": "https://www.suse.com/security/cve/CVE-2025-58186"
},
{
"category": "external",
"summary": "SUSE Bug 1251259 for CVE-2025-58186",
"url": "https://bugzilla.suse.com/1251259"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-03T09:04:46Z",
"details": "moderate"
}
],
"title": "CVE-2025-58186"
},
{
"cve": "CVE-2025-58187",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-58187"
}
],
"notes": [
{
"category": "general",
"text": "Due to the design of the name constraint checking algorithm, the processing time of some inputs scale non-linearly with respect to the size of the certificate. This affects programs which validate arbitrary certificate chains.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-58187",
"url": "https://www.suse.com/security/cve/CVE-2025-58187"
},
{
"category": "external",
"summary": "SUSE Bug 1251254 for CVE-2025-58187",
"url": "https://bugzilla.suse.com/1251254"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-03T09:04:46Z",
"details": "moderate"
}
],
"title": "CVE-2025-58187"
},
{
"cve": "CVE-2025-58188",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-58188"
}
],
"notes": [
{
"category": "general",
"text": "Validating certificate chains which contain DSA public keys can cause programs to panic, due to a interface cast that assumes they implement the Equal method. This affects programs which validate arbitrary certificate chains.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-58188",
"url": "https://www.suse.com/security/cve/CVE-2025-58188"
},
{
"category": "external",
"summary": "SUSE Bug 1251260 for CVE-2025-58188",
"url": "https://bugzilla.suse.com/1251260"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-03T09:04:46Z",
"details": "important"
}
],
"title": "CVE-2025-58188"
},
{
"cve": "CVE-2025-58189",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-58189"
}
],
"notes": [
{
"category": "general",
"text": "When Conn.Handshake fails during ALPN negotiation the error contains attacker controlled information (the ALPN protocols sent by the client) which is not escaped.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-58189",
"url": "https://www.suse.com/security/cve/CVE-2025-58189"
},
{
"category": "external",
"summary": "SUSE Bug 1251255 for CVE-2025-58189",
"url": "https://bugzilla.suse.com/1251255"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-03T09:04:46Z",
"details": "moderate"
}
],
"title": "CVE-2025-58189"
},
{
"cve": "CVE-2025-61723",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-61723"
}
],
"notes": [
{
"category": "general",
"text": "The processing time for parsing some invalid inputs scales non-linearly with respect to the size of the input. This affects programs which parse untrusted PEM inputs.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-61723",
"url": "https://www.suse.com/security/cve/CVE-2025-61723"
},
{
"category": "external",
"summary": "SUSE Bug 1251256 for CVE-2025-61723",
"url": "https://bugzilla.suse.com/1251256"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-03T09:04:46Z",
"details": "moderate"
}
],
"title": "CVE-2025-61723"
},
{
"cve": "CVE-2025-61724",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-61724"
}
],
"notes": [
{
"category": "general",
"text": "The Reader.ReadResponse function constructs a response string through repeated string concatenation of lines. When the number of lines in a response is large, this can cause excessive CPU consumption.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-61724",
"url": "https://www.suse.com/security/cve/CVE-2025-61724"
},
{
"category": "external",
"summary": "SUSE Bug 1251262 for CVE-2025-61724",
"url": "https://bugzilla.suse.com/1251262"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-03T09:04:46Z",
"details": "moderate"
}
],
"title": "CVE-2025-61724"
},
{
"cve": "CVE-2025-61725",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-61725"
}
],
"notes": [
{
"category": "general",
"text": "The ParseAddress function constructs domain-literal address components through repeated string concatenation. When parsing large domain-literal components, this can cause excessive CPU consumption.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-61725",
"url": "https://www.suse.com/security/cve/CVE-2025-61725"
},
{
"category": "external",
"summary": "SUSE Bug 1251253 for CVE-2025-61725",
"url": "https://bugzilla.suse.com/1251253"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-03T09:04:46Z",
"details": "moderate"
}
],
"title": "CVE-2025-61725"
},
{
"cve": "CVE-2025-61726",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-61726"
}
],
"notes": [
{
"category": "general",
"text": "The net/url package does not set a limit on the number of query parameters in a query. While the maximum size of query parameters in URLs is generally limited by the maximum request header size, the net/http.Request.ParseForm method can parse large URL-encoded forms. Parsing a large form containing many unique query parameters can cause excessive memory consumption.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-61726",
"url": "https://www.suse.com/security/cve/CVE-2025-61726"
},
{
"category": "external",
"summary": "SUSE Bug 1256817 for CVE-2025-61726",
"url": "https://bugzilla.suse.com/1256817"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-03T09:04:46Z",
"details": "moderate"
}
],
"title": "CVE-2025-61726"
},
{
"cve": "CVE-2025-61727",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-61727"
}
],
"notes": [
{
"category": "general",
"text": "An excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate. For example a constraint that excludes the subdomain test.example.com does not prevent a leaf certificate from claiming the SAN *.example.com.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-61727",
"url": "https://www.suse.com/security/cve/CVE-2025-61727"
},
{
"category": "external",
"summary": "SUSE Bug 1254430 for CVE-2025-61727",
"url": "https://bugzilla.suse.com/1254430"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-03T09:04:46Z",
"details": "important"
}
],
"title": "CVE-2025-61727"
},
{
"cve": "CVE-2025-61728",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-61728"
}
],
"notes": [
{
"category": "general",
"text": "archive/zip uses a super-linear file name indexing algorithm that is invoked the first time a file in an archive is opened. This can lead to a denial of service when consuming a maliciously constructed ZIP archive.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-61728",
"url": "https://www.suse.com/security/cve/CVE-2025-61728"
},
{
"category": "external",
"summary": "SUSE Bug 1256816 for CVE-2025-61728",
"url": "https://bugzilla.suse.com/1256816"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-03T09:04:46Z",
"details": "moderate"
}
],
"title": "CVE-2025-61728"
},
{
"cve": "CVE-2025-61729",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-61729"
}
],
"notes": [
{
"category": "general",
"text": "Within HostnameError.Error(), when constructing an error string, there is no limit to the number of hosts that will be printed out. Furthermore, the error string is constructed by repeated string concatenation, leading to quadratic runtime. Therefore, a certificate provided by a malicious actor can result in excessive resource consumption.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-61729",
"url": "https://www.suse.com/security/cve/CVE-2025-61729"
},
{
"category": "external",
"summary": "SUSE Bug 1254431 for CVE-2025-61729",
"url": "https://bugzilla.suse.com/1254431"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-03T09:04:46Z",
"details": "important"
}
],
"title": "CVE-2025-61729"
},
{
"cve": "CVE-2025-61730",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-61730"
}
],
"notes": [
{
"category": "general",
"text": "During the TLS 1.3 handshake if multiple messages are sent in records that span encryption level boundaries (for instance the Client Hello and Encrypted Extensions messages), the subsequent messages may be processed before the encryption level changes. This can cause some minor information disclosure if a network-local attacker can inject messages during the handshake.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-61730",
"url": "https://www.suse.com/security/cve/CVE-2025-61730"
},
{
"category": "external",
"summary": "SUSE Bug 1256821 for CVE-2025-61730",
"url": "https://bugzilla.suse.com/1256821"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-03T09:04:46Z",
"details": "moderate"
}
],
"title": "CVE-2025-61730"
},
{
"cve": "CVE-2025-61731",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-61731"
}
],
"notes": [
{
"category": "general",
"text": "Building a malicious file with cmd/go can cause can cause a write to an attacker-controlled file with partial control of the file content. The \"#cgo pkg-config:\" directive in a Go source file provides command-line arguments to provide to the Go pkg-config command. An attacker can provide a \"--log-file\" argument to this directive, causing pkg-config to write to an attacker-controlled location.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-61731",
"url": "https://www.suse.com/security/cve/CVE-2025-61731"
},
{
"category": "external",
"summary": "SUSE Bug 1256819 for CVE-2025-61731",
"url": "https://bugzilla.suse.com/1256819"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-03T09:04:46Z",
"details": "important"
}
],
"title": "CVE-2025-61731"
},
{
"cve": "CVE-2025-68119",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68119"
}
],
"notes": [
{
"category": "general",
"text": "Downloading and building modules with malicious version strings can cause local code execution. On systems with Mercurial (hg) installed, downloading modules from non-standard sources (e.g., custom domains) can cause unexpected code execution due to how external VCS commands are constructed. This issue can also be triggered by providing a malicious version string to the toolchain. On systems with Git installed, downloading and building modules with malicious version strings can allow an attacker to write to arbitrary files on the filesystem. This can only be triggered by explicitly providing the malicious version strings to the toolchain and does not affect usage of @latest or bare module paths.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68119",
"url": "https://www.suse.com/security/cve/CVE-2025-68119"
},
{
"category": "external",
"summary": "SUSE Bug 1256820 for CVE-2025-68119",
"url": "https://bugzilla.suse.com/1256820"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-03T09:04:46Z",
"details": "important"
}
],
"title": "CVE-2025-68119"
},
{
"cve": "CVE-2025-68121",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68121"
}
],
"notes": [
{
"category": "general",
"text": "During session resumption in crypto/tls, if the underlying Config has its ClientCAs or RootCAs fields mutated between the initial handshake and the resumed handshake, the resumed handshake may succeed when it should have failed. This may happen when a user calls Config.Clone and mutates the returned Config, or uses Config.GetConfigForClient. This can cause a client to resume a session with a server that it would not have resumed with during the initial handshake, or cause a server to resume a session with a client that it would not have resumed with during the initial handshake.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68121",
"url": "https://www.suse.com/security/cve/CVE-2025-68121"
},
{
"category": "external",
"summary": "SUSE Bug 1256818 for CVE-2025-68121",
"url": "https://bugzilla.suse.com/1256818"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-03T09:04:46Z",
"details": "important"
}
],
"title": "CVE-2025-68121"
}
]
}
OPENSUSE-SU-2026:20308-1
Vulnerability from csaf_opensuse - Published: 2026-03-03 17:46 - Updated: 2026-03-03 17:46Summary
Security update for go1.24-openssl
Severity
Critical
Notes
Title of the patch: Security update for go1.24-openssl
Description of the patch: This update for go1.24-openssl fixes the following issues:
- Update to version 1.24.13 (jsc#SLE-18320)
- CVE-2025-58189: crypto/tls: ALPN negotiation error contains attacker controlled information. (bsc#1251255)
- CVE-2025-61725: net/mail: excessive CPU consumption in ParseAddress. (bsc#1251253)
- CVE-2025-58188: crypto/x509: panic when validating certificates with DSA public keys. (bsc#1251260)
- CVE-2025-58185: encoding/asn1: pre-allocating memory when parsing DER payload can cause memory exhaustion. (bsc#1251258)
- CVE-2025-58186: net/http: lack of limit when parsing cookies can cause memory exhaustion. (bsc#1251259)
- CVE-2025-61723: encoding/pem: quadratic complexity when parsing some invalid inputs. (bsc#1251256)
- CVE-2025-58183: archive/tar: unbounded allocation when parsing GNU sparse map. (bsc#1251261)
- CVE-2025-47912: net/url: insufficient validation of bracketed IPv6 hostnames. (bsc#1251257)
- CVE-2025-58187: crypto/x509: quadratic complexity when checking name constraints. (bsc#1251254)
- CVE-2025-61724: net/textproto: excessive CPU consumption in Reader.ReadResponse. (bsc#1251262)
- CVE-2025-61729: crypto/x509: excessive resource consumption in printing error string for host certificate validation. (bsc#1254431)
- CVE-2025-61727: crypto/x509: excluded subdomain constraint doesn't preclude wildcard SAN. (bsc#1254430)
- CVE-2025-61730: crypto/tls: handshake messages may be processed at the incorrect encryption level. (bsc#1256821)
- CVE-2025-61731: cmd/go: bypass of flag sanitization can lead to arbitrary code execution. (bsc#1256819)
- CVE-2025-61726: net/http: memory exhaustion in Request.ParseForm. (bsc#1256817)
- CVE-2025-61728: archive/zip: denial of service when parsing arbitrary ZIP archives. (bsc#1256816)
- CVE-2025-68121: crypto/tls: Config.Clone copies automatically generated session ticket keys, session resumption does not account for the expiration of full certificate chain. (bsc#1256818)
- CVE-2025-61732: cmd/go: potential code smuggling using doc comments. (bsc#1257692)
- CVE-2025-68119: cmd/go: unexpected code execution when invoking toolchain. (bsc#1256820)
Patchnames: openSUSE-Leap-16.0-346
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
8.2 (High)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.3 (Medium)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.3 (Medium)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.3 (Medium)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
4 (Medium)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.3 (Medium)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.3 (Medium)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.5 (Medium)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.5 (Medium)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
5.5 (Medium)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
9.6 (Critical)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.4 (High)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
83 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "critical"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for go1.24-openssl",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for go1.24-openssl fixes the following issues:\n\n- Update to version 1.24.13 (jsc#SLE-18320)\n- CVE-2025-58189: crypto/tls: ALPN negotiation error contains attacker controlled information. (bsc#1251255)\n- CVE-2025-61725: net/mail: excessive CPU consumption in ParseAddress. (bsc#1251253)\n- CVE-2025-58188: crypto/x509: panic when validating certificates with DSA public keys. (bsc#1251260)\n- CVE-2025-58185: encoding/asn1: pre-allocating memory when parsing DER payload can cause memory exhaustion. (bsc#1251258)\n- CVE-2025-58186: net/http: lack of limit when parsing cookies can cause memory exhaustion. (bsc#1251259)\n- CVE-2025-61723: encoding/pem: quadratic complexity when parsing some invalid inputs. (bsc#1251256)\n- CVE-2025-58183: archive/tar: unbounded allocation when parsing GNU sparse map. (bsc#1251261)\n- CVE-2025-47912: net/url: insufficient validation of bracketed IPv6 hostnames. (bsc#1251257)\n- CVE-2025-58187: crypto/x509: quadratic complexity when checking name constraints. (bsc#1251254)\n- CVE-2025-61724: net/textproto: excessive CPU consumption in Reader.ReadResponse. (bsc#1251262)\n- CVE-2025-61729: crypto/x509: excessive resource consumption in printing error string for host certificate validation. (bsc#1254431)\n- CVE-2025-61727: crypto/x509: excluded subdomain constraint doesn\u0027t preclude wildcard SAN. (bsc#1254430)\n- CVE-2025-61730: crypto/tls: handshake messages may be processed at the incorrect encryption level. (bsc#1256821)\n- CVE-2025-61731: cmd/go: bypass of flag sanitization can lead to arbitrary code execution. (bsc#1256819)\n- CVE-2025-61726: net/http: memory exhaustion in Request.ParseForm. (bsc#1256817)\n- CVE-2025-61728: archive/zip: denial of service when parsing arbitrary ZIP archives. (bsc#1256816)\n- CVE-2025-68121: crypto/tls: Config.Clone copies automatically generated session ticket keys, session resumption does not account for the expiration of full certificate chain. (bsc#1256818)\n- CVE-2025-61732: cmd/go: potential code smuggling using doc comments. (bsc#1257692)\n- CVE-2025-68119: cmd/go: unexpected code execution when invoking toolchain. (bsc#1256820)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Leap-16.0-346",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2026_20308-1.json"
},
{
"category": "self",
"summary": "SUSE Bug 1236217",
"url": "https://bugzilla.suse.com/1236217"
},
{
"category": "self",
"summary": "SUSE Bug 1245878",
"url": "https://bugzilla.suse.com/1245878"
},
{
"category": "self",
"summary": "SUSE Bug 1247816",
"url": "https://bugzilla.suse.com/1247816"
},
{
"category": "self",
"summary": "SUSE Bug 1248082",
"url": "https://bugzilla.suse.com/1248082"
},
{
"category": "self",
"summary": "SUSE Bug 1249985",
"url": "https://bugzilla.suse.com/1249985"
},
{
"category": "self",
"summary": "SUSE Bug 1251253",
"url": "https://bugzilla.suse.com/1251253"
},
{
"category": "self",
"summary": "SUSE Bug 1251254",
"url": "https://bugzilla.suse.com/1251254"
},
{
"category": "self",
"summary": "SUSE Bug 1251255",
"url": "https://bugzilla.suse.com/1251255"
},
{
"category": "self",
"summary": "SUSE Bug 1251256",
"url": "https://bugzilla.suse.com/1251256"
},
{
"category": "self",
"summary": "SUSE Bug 1251257",
"url": "https://bugzilla.suse.com/1251257"
},
{
"category": "self",
"summary": "SUSE Bug 1251258",
"url": "https://bugzilla.suse.com/1251258"
},
{
"category": "self",
"summary": "SUSE Bug 1251259",
"url": "https://bugzilla.suse.com/1251259"
},
{
"category": "self",
"summary": "SUSE Bug 1251260",
"url": "https://bugzilla.suse.com/1251260"
},
{
"category": "self",
"summary": "SUSE Bug 1251261",
"url": "https://bugzilla.suse.com/1251261"
},
{
"category": "self",
"summary": "SUSE Bug 1251262",
"url": "https://bugzilla.suse.com/1251262"
},
{
"category": "self",
"summary": "SUSE Bug 1254430",
"url": "https://bugzilla.suse.com/1254430"
},
{
"category": "self",
"summary": "SUSE Bug 1254431",
"url": "https://bugzilla.suse.com/1254431"
},
{
"category": "self",
"summary": "SUSE Bug 1256816",
"url": "https://bugzilla.suse.com/1256816"
},
{
"category": "self",
"summary": "SUSE Bug 1256817",
"url": "https://bugzilla.suse.com/1256817"
},
{
"category": "self",
"summary": "SUSE Bug 1256818",
"url": "https://bugzilla.suse.com/1256818"
},
{
"category": "self",
"summary": "SUSE Bug 1256819",
"url": "https://bugzilla.suse.com/1256819"
},
{
"category": "self",
"summary": "SUSE Bug 1256820",
"url": "https://bugzilla.suse.com/1256820"
},
{
"category": "self",
"summary": "SUSE Bug 1256821",
"url": "https://bugzilla.suse.com/1256821"
},
{
"category": "self",
"summary": "SUSE Bug 1257692",
"url": "https://bugzilla.suse.com/1257692"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-47912 page",
"url": "https://www.suse.com/security/cve/CVE-2025-47912/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-58183 page",
"url": "https://www.suse.com/security/cve/CVE-2025-58183/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-58185 page",
"url": "https://www.suse.com/security/cve/CVE-2025-58185/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-58186 page",
"url": "https://www.suse.com/security/cve/CVE-2025-58186/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-58187 page",
"url": "https://www.suse.com/security/cve/CVE-2025-58187/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-58188 page",
"url": "https://www.suse.com/security/cve/CVE-2025-58188/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-58189 page",
"url": "https://www.suse.com/security/cve/CVE-2025-58189/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-61723 page",
"url": "https://www.suse.com/security/cve/CVE-2025-61723/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-61724 page",
"url": "https://www.suse.com/security/cve/CVE-2025-61724/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-61725 page",
"url": "https://www.suse.com/security/cve/CVE-2025-61725/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-61726 page",
"url": "https://www.suse.com/security/cve/CVE-2025-61726/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-61727 page",
"url": "https://www.suse.com/security/cve/CVE-2025-61727/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-61728 page",
"url": "https://www.suse.com/security/cve/CVE-2025-61728/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-61729 page",
"url": "https://www.suse.com/security/cve/CVE-2025-61729/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-61730 page",
"url": "https://www.suse.com/security/cve/CVE-2025-61730/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-61731 page",
"url": "https://www.suse.com/security/cve/CVE-2025-61731/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-61732 page",
"url": "https://www.suse.com/security/cve/CVE-2025-61732/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68119 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68119/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68121 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68121/"
}
],
"title": "Security update for go1.24-openssl",
"tracking": {
"current_release_date": "2026-03-03T17:46:58Z",
"generator": {
"date": "2026-03-03T17:46:58Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2026:20308-1",
"initial_release_date": "2026-03-03T17:46:58Z",
"revision_history": [
{
"date": "2026-03-03T17:46:58Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "go1.24-openssl-1.24.13-160000.1.1.aarch64",
"product": {
"name": "go1.24-openssl-1.24.13-160000.1.1.aarch64",
"product_id": "go1.24-openssl-1.24.13-160000.1.1.aarch64"
}
},
{
"category": "product_version",
"name": "go1.24-openssl-doc-1.24.13-160000.1.1.aarch64",
"product": {
"name": "go1.24-openssl-doc-1.24.13-160000.1.1.aarch64",
"product_id": "go1.24-openssl-doc-1.24.13-160000.1.1.aarch64"
}
},
{
"category": "product_version",
"name": "go1.24-openssl-race-1.24.13-160000.1.1.aarch64",
"product": {
"name": "go1.24-openssl-race-1.24.13-160000.1.1.aarch64",
"product_id": "go1.24-openssl-race-1.24.13-160000.1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "go1.24-openssl-1.24.13-160000.1.1.ppc64le",
"product": {
"name": "go1.24-openssl-1.24.13-160000.1.1.ppc64le",
"product_id": "go1.24-openssl-1.24.13-160000.1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "go1.24-openssl-doc-1.24.13-160000.1.1.ppc64le",
"product": {
"name": "go1.24-openssl-doc-1.24.13-160000.1.1.ppc64le",
"product_id": "go1.24-openssl-doc-1.24.13-160000.1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "go1.24-openssl-race-1.24.13-160000.1.1.ppc64le",
"product": {
"name": "go1.24-openssl-race-1.24.13-160000.1.1.ppc64le",
"product_id": "go1.24-openssl-race-1.24.13-160000.1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "go1.24-openssl-1.24.13-160000.1.1.s390x",
"product": {
"name": "go1.24-openssl-1.24.13-160000.1.1.s390x",
"product_id": "go1.24-openssl-1.24.13-160000.1.1.s390x"
}
},
{
"category": "product_version",
"name": "go1.24-openssl-doc-1.24.13-160000.1.1.s390x",
"product": {
"name": "go1.24-openssl-doc-1.24.13-160000.1.1.s390x",
"product_id": "go1.24-openssl-doc-1.24.13-160000.1.1.s390x"
}
},
{
"category": "product_version",
"name": "go1.24-openssl-race-1.24.13-160000.1.1.s390x",
"product": {
"name": "go1.24-openssl-race-1.24.13-160000.1.1.s390x",
"product_id": "go1.24-openssl-race-1.24.13-160000.1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "go1.24-openssl-1.24.13-160000.1.1.x86_64",
"product": {
"name": "go1.24-openssl-1.24.13-160000.1.1.x86_64",
"product_id": "go1.24-openssl-1.24.13-160000.1.1.x86_64"
}
},
{
"category": "product_version",
"name": "go1.24-openssl-doc-1.24.13-160000.1.1.x86_64",
"product": {
"name": "go1.24-openssl-doc-1.24.13-160000.1.1.x86_64",
"product_id": "go1.24-openssl-doc-1.24.13-160000.1.1.x86_64"
}
},
{
"category": "product_version",
"name": "go1.24-openssl-race-1.24.13-160000.1.1.x86_64",
"product": {
"name": "go1.24-openssl-race-1.24.13-160000.1.1.x86_64",
"product_id": "go1.24-openssl-race-1.24.13-160000.1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 16.0",
"product": {
"name": "openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0"
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.24-openssl-1.24.13-160000.1.1.aarch64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.aarch64"
},
"product_reference": "go1.24-openssl-1.24.13-160000.1.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.24-openssl-1.24.13-160000.1.1.ppc64le as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.ppc64le"
},
"product_reference": "go1.24-openssl-1.24.13-160000.1.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.24-openssl-1.24.13-160000.1.1.s390x as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.s390x"
},
"product_reference": "go1.24-openssl-1.24.13-160000.1.1.s390x",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.24-openssl-1.24.13-160000.1.1.x86_64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.x86_64"
},
"product_reference": "go1.24-openssl-1.24.13-160000.1.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.24-openssl-doc-1.24.13-160000.1.1.aarch64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.aarch64"
},
"product_reference": "go1.24-openssl-doc-1.24.13-160000.1.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.24-openssl-doc-1.24.13-160000.1.1.ppc64le as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.ppc64le"
},
"product_reference": "go1.24-openssl-doc-1.24.13-160000.1.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.24-openssl-doc-1.24.13-160000.1.1.s390x as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.s390x"
},
"product_reference": "go1.24-openssl-doc-1.24.13-160000.1.1.s390x",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.24-openssl-doc-1.24.13-160000.1.1.x86_64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.x86_64"
},
"product_reference": "go1.24-openssl-doc-1.24.13-160000.1.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.24-openssl-race-1.24.13-160000.1.1.aarch64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.aarch64"
},
"product_reference": "go1.24-openssl-race-1.24.13-160000.1.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.24-openssl-race-1.24.13-160000.1.1.ppc64le as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.ppc64le"
},
"product_reference": "go1.24-openssl-race-1.24.13-160000.1.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.24-openssl-race-1.24.13-160000.1.1.s390x as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.s390x"
},
"product_reference": "go1.24-openssl-race-1.24.13-160000.1.1.s390x",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.24-openssl-race-1.24.13-160000.1.1.x86_64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.x86_64"
},
"product_reference": "go1.24-openssl-race-1.24.13-160000.1.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 16.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-47912",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-47912"
}
],
"notes": [
{
"category": "general",
"text": "The Parse function permits values other than IPv6 addresses to be included in square brackets within the host component of a URL. RFC 3986 permits IPv6 addresses to be included within the host component, enclosed within square brackets. For example: \"http://[::1]/\". IPv4 addresses and hostnames must not appear within square brackets. Parse did not enforce this requirement.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-47912",
"url": "https://www.suse.com/security/cve/CVE-2025-47912"
},
{
"category": "external",
"summary": "SUSE Bug 1251257 for CVE-2025-47912",
"url": "https://bugzilla.suse.com/1251257"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-03T17:46:58Z",
"details": "important"
}
],
"title": "CVE-2025-47912"
},
{
"cve": "CVE-2025-58183",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-58183"
}
],
"notes": [
{
"category": "general",
"text": "tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A maliciously-crafted archive containing a large number of sparse regions can cause a Reader to read an unbounded amount of data from the archive into memory. When reading from a compressed source, a small compressed input can result in large allocations.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-58183",
"url": "https://www.suse.com/security/cve/CVE-2025-58183"
},
{
"category": "external",
"summary": "SUSE Bug 1251261 for CVE-2025-58183",
"url": "https://bugzilla.suse.com/1251261"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-03T17:46:58Z",
"details": "moderate"
}
],
"title": "CVE-2025-58183"
},
{
"cve": "CVE-2025-58185",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-58185"
}
],
"notes": [
{
"category": "general",
"text": "Parsing a maliciously crafted DER payload could allocate large amounts of memory, causing memory exhaustion.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-58185",
"url": "https://www.suse.com/security/cve/CVE-2025-58185"
},
{
"category": "external",
"summary": "SUSE Bug 1251258 for CVE-2025-58185",
"url": "https://bugzilla.suse.com/1251258"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-03T17:46:58Z",
"details": "moderate"
}
],
"title": "CVE-2025-58185"
},
{
"cve": "CVE-2025-58186",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-58186"
}
],
"notes": [
{
"category": "general",
"text": "Despite HTTP headers having a default limit of 1MB, the number of cookies that can be parsed does not have a limit. By sending a lot of very small cookies such as \"a=;\", an attacker can make an HTTP server allocate a large amount of structs, causing large memory consumption.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-58186",
"url": "https://www.suse.com/security/cve/CVE-2025-58186"
},
{
"category": "external",
"summary": "SUSE Bug 1251259 for CVE-2025-58186",
"url": "https://bugzilla.suse.com/1251259"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-03T17:46:58Z",
"details": "moderate"
}
],
"title": "CVE-2025-58186"
},
{
"cve": "CVE-2025-58187",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-58187"
}
],
"notes": [
{
"category": "general",
"text": "Due to the design of the name constraint checking algorithm, the processing time of some inputs scale non-linearly with respect to the size of the certificate. This affects programs which validate arbitrary certificate chains.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-58187",
"url": "https://www.suse.com/security/cve/CVE-2025-58187"
},
{
"category": "external",
"summary": "SUSE Bug 1251254 for CVE-2025-58187",
"url": "https://bugzilla.suse.com/1251254"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-03T17:46:58Z",
"details": "moderate"
}
],
"title": "CVE-2025-58187"
},
{
"cve": "CVE-2025-58188",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-58188"
}
],
"notes": [
{
"category": "general",
"text": "Validating certificate chains which contain DSA public keys can cause programs to panic, due to a interface cast that assumes they implement the Equal method. This affects programs which validate arbitrary certificate chains.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-58188",
"url": "https://www.suse.com/security/cve/CVE-2025-58188"
},
{
"category": "external",
"summary": "SUSE Bug 1251260 for CVE-2025-58188",
"url": "https://bugzilla.suse.com/1251260"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-03T17:46:58Z",
"details": "important"
}
],
"title": "CVE-2025-58188"
},
{
"cve": "CVE-2025-58189",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-58189"
}
],
"notes": [
{
"category": "general",
"text": "When Conn.Handshake fails during ALPN negotiation the error contains attacker controlled information (the ALPN protocols sent by the client) which is not escaped.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-58189",
"url": "https://www.suse.com/security/cve/CVE-2025-58189"
},
{
"category": "external",
"summary": "SUSE Bug 1251255 for CVE-2025-58189",
"url": "https://bugzilla.suse.com/1251255"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-03T17:46:58Z",
"details": "moderate"
}
],
"title": "CVE-2025-58189"
},
{
"cve": "CVE-2025-61723",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-61723"
}
],
"notes": [
{
"category": "general",
"text": "The processing time for parsing some invalid inputs scales non-linearly with respect to the size of the input. This affects programs which parse untrusted PEM inputs.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-61723",
"url": "https://www.suse.com/security/cve/CVE-2025-61723"
},
{
"category": "external",
"summary": "SUSE Bug 1251256 for CVE-2025-61723",
"url": "https://bugzilla.suse.com/1251256"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-03T17:46:58Z",
"details": "moderate"
}
],
"title": "CVE-2025-61723"
},
{
"cve": "CVE-2025-61724",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-61724"
}
],
"notes": [
{
"category": "general",
"text": "The Reader.ReadResponse function constructs a response string through repeated string concatenation of lines. When the number of lines in a response is large, this can cause excessive CPU consumption.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-61724",
"url": "https://www.suse.com/security/cve/CVE-2025-61724"
},
{
"category": "external",
"summary": "SUSE Bug 1251262 for CVE-2025-61724",
"url": "https://bugzilla.suse.com/1251262"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-03T17:46:58Z",
"details": "moderate"
}
],
"title": "CVE-2025-61724"
},
{
"cve": "CVE-2025-61725",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-61725"
}
],
"notes": [
{
"category": "general",
"text": "The ParseAddress function constructs domain-literal address components through repeated string concatenation. When parsing large domain-literal components, this can cause excessive CPU consumption.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-61725",
"url": "https://www.suse.com/security/cve/CVE-2025-61725"
},
{
"category": "external",
"summary": "SUSE Bug 1251253 for CVE-2025-61725",
"url": "https://bugzilla.suse.com/1251253"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-03T17:46:58Z",
"details": "moderate"
}
],
"title": "CVE-2025-61725"
},
{
"cve": "CVE-2025-61726",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-61726"
}
],
"notes": [
{
"category": "general",
"text": "The net/url package does not set a limit on the number of query parameters in a query. While the maximum size of query parameters in URLs is generally limited by the maximum request header size, the net/http.Request.ParseForm method can parse large URL-encoded forms. Parsing a large form containing many unique query parameters can cause excessive memory consumption.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-61726",
"url": "https://www.suse.com/security/cve/CVE-2025-61726"
},
{
"category": "external",
"summary": "SUSE Bug 1256817 for CVE-2025-61726",
"url": "https://bugzilla.suse.com/1256817"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-03T17:46:58Z",
"details": "moderate"
}
],
"title": "CVE-2025-61726"
},
{
"cve": "CVE-2025-61727",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-61727"
}
],
"notes": [
{
"category": "general",
"text": "An excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate. For example a constraint that excludes the subdomain test.example.com does not prevent a leaf certificate from claiming the SAN *.example.com.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-61727",
"url": "https://www.suse.com/security/cve/CVE-2025-61727"
},
{
"category": "external",
"summary": "SUSE Bug 1254430 for CVE-2025-61727",
"url": "https://bugzilla.suse.com/1254430"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-03T17:46:58Z",
"details": "important"
}
],
"title": "CVE-2025-61727"
},
{
"cve": "CVE-2025-61728",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-61728"
}
],
"notes": [
{
"category": "general",
"text": "archive/zip uses a super-linear file name indexing algorithm that is invoked the first time a file in an archive is opened. This can lead to a denial of service when consuming a maliciously constructed ZIP archive.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-61728",
"url": "https://www.suse.com/security/cve/CVE-2025-61728"
},
{
"category": "external",
"summary": "SUSE Bug 1256816 for CVE-2025-61728",
"url": "https://bugzilla.suse.com/1256816"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-03T17:46:58Z",
"details": "moderate"
}
],
"title": "CVE-2025-61728"
},
{
"cve": "CVE-2025-61729",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-61729"
}
],
"notes": [
{
"category": "general",
"text": "Within HostnameError.Error(), when constructing an error string, there is no limit to the number of hosts that will be printed out. Furthermore, the error string is constructed by repeated string concatenation, leading to quadratic runtime. Therefore, a certificate provided by a malicious actor can result in excessive resource consumption.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-61729",
"url": "https://www.suse.com/security/cve/CVE-2025-61729"
},
{
"category": "external",
"summary": "SUSE Bug 1254431 for CVE-2025-61729",
"url": "https://bugzilla.suse.com/1254431"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-03T17:46:58Z",
"details": "important"
}
],
"title": "CVE-2025-61729"
},
{
"cve": "CVE-2025-61730",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-61730"
}
],
"notes": [
{
"category": "general",
"text": "During the TLS 1.3 handshake if multiple messages are sent in records that span encryption level boundaries (for instance the Client Hello and Encrypted Extensions messages), the subsequent messages may be processed before the encryption level changes. This can cause some minor information disclosure if a network-local attacker can inject messages during the handshake.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-61730",
"url": "https://www.suse.com/security/cve/CVE-2025-61730"
},
{
"category": "external",
"summary": "SUSE Bug 1256821 for CVE-2025-61730",
"url": "https://bugzilla.suse.com/1256821"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-03T17:46:58Z",
"details": "moderate"
}
],
"title": "CVE-2025-61730"
},
{
"cve": "CVE-2025-61731",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-61731"
}
],
"notes": [
{
"category": "general",
"text": "Building a malicious file with cmd/go can cause can cause a write to an attacker-controlled file with partial control of the file content. The \"#cgo pkg-config:\" directive in a Go source file provides command-line arguments to provide to the Go pkg-config command. An attacker can provide a \"--log-file\" argument to this directive, causing pkg-config to write to an attacker-controlled location.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-61731",
"url": "https://www.suse.com/security/cve/CVE-2025-61731"
},
{
"category": "external",
"summary": "SUSE Bug 1256819 for CVE-2025-61731",
"url": "https://bugzilla.suse.com/1256819"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-03T17:46:58Z",
"details": "important"
}
],
"title": "CVE-2025-61731"
},
{
"cve": "CVE-2025-61732",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-61732"
}
],
"notes": [
{
"category": "general",
"text": "A discrepancy between how Go and C/C++ comments were parsed allowed for code smuggling into the resulting cgo binary.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-61732",
"url": "https://www.suse.com/security/cve/CVE-2025-61732"
},
{
"category": "external",
"summary": "SUSE Bug 1257692 for CVE-2025-61732",
"url": "https://bugzilla.suse.com/1257692"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-03T17:46:58Z",
"details": "critical"
}
],
"title": "CVE-2025-61732"
},
{
"cve": "CVE-2025-68119",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68119"
}
],
"notes": [
{
"category": "general",
"text": "Downloading and building modules with malicious version strings can cause local code execution. On systems with Mercurial (hg) installed, downloading modules from non-standard sources (e.g., custom domains) can cause unexpected code execution due to how external VCS commands are constructed. This issue can also be triggered by providing a malicious version string to the toolchain. On systems with Git installed, downloading and building modules with malicious version strings can allow an attacker to write to arbitrary files on the filesystem. This can only be triggered by explicitly providing the malicious version strings to the toolchain and does not affect usage of @latest or bare module paths.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68119",
"url": "https://www.suse.com/security/cve/CVE-2025-68119"
},
{
"category": "external",
"summary": "SUSE Bug 1256820 for CVE-2025-68119",
"url": "https://bugzilla.suse.com/1256820"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-03T17:46:58Z",
"details": "important"
}
],
"title": "CVE-2025-68119"
},
{
"cve": "CVE-2025-68121",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68121"
}
],
"notes": [
{
"category": "general",
"text": "During session resumption in crypto/tls, if the underlying Config has its ClientCAs or RootCAs fields mutated between the initial handshake and the resumed handshake, the resumed handshake may succeed when it should have failed. This may happen when a user calls Config.Clone and mutates the returned Config, or uses Config.GetConfigForClient. This can cause a client to resume a session with a server that it would not have resumed with during the initial handshake, or cause a server to resume a session with a client that it would not have resumed with during the initial handshake.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68121",
"url": "https://www.suse.com/security/cve/CVE-2025-68121"
},
{
"category": "external",
"summary": "SUSE Bug 1256818 for CVE-2025-68121",
"url": "https://bugzilla.suse.com/1256818"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-03T17:46:58Z",
"details": "important"
}
],
"title": "CVE-2025-68121"
}
]
}
OPENSUSE-SU-2026:20619-1
Vulnerability from csaf_opensuse - Published: 2026-04-23 16:09 - Updated: 2026-04-23 16:09Summary
Security update for coredns
Severity
Important
Notes
Title of the patch: Security update for coredns
Description of the patch: This update for coredns fixes the following issues:
Changes in coredns:
- Update to version 1.14.2:
* plugin/reload: Allow disabling jitter with 0s
* bump deps
* plugin/forward: fix parsing error when handling TLS+IPv6 address
* plugin/loop: use crypto/rand for query name generation
* plugin: reorder rewrite before acl to prevent bypass
* fix(rewrite): fix cname target rewrite for CNAME chains
* fix(kubernetes): panic on empty ListenHosts
* chore: bump minimum Go version to 1.25
* feat(proxyproto): add proxy protocol support
* refactor(cache): modernize with generics
* Add metadata for response Type and Class to Log
* docs: clarify kubernetes auth docs
* fix: return SOA and NS records when queried for a record CNAMEd to origin
- fixes bsc#1259320 CVE-2026-26017
- fixes bsc#1259319 CVE-2026-26018
- address more unstable unstable tests under aarch64 and s390x
- Update to version 1.14.1:
* This release primarily addresses security vulnerabilities affecting Go
versions prior to Go 1.25.6 and Go 1.24.12
(CVE-2025-61728, CVE-2025-61726, CVE-2025-68121, CVE-2025-61731,
CVE-2025-68119).
It also includes performance improvements to the proxy plugin via
multiplexed connections, along with various documentation updates.
Patchnames: openSUSE-Leap-16.0-packagehub-212
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
6.5 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:coredns-1.14.2-bp160.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:coredns-1.14.2-bp160.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:coredns-1.14.2-bp160.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:coredns-extras-1.14.2-bp160.1.1.noarch | — |
Vendor Fix
|
Threats
Impact
moderate
5.5 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:coredns-1.14.2-bp160.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:coredns-1.14.2-bp160.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:coredns-1.14.2-bp160.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:coredns-extras-1.14.2-bp160.1.1.noarch | — |
Vendor Fix
|
Threats
Impact
moderate
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:coredns-1.14.2-bp160.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:coredns-1.14.2-bp160.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:coredns-1.14.2-bp160.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:coredns-extras-1.14.2-bp160.1.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:coredns-1.14.2-bp160.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:coredns-1.14.2-bp160.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:coredns-1.14.2-bp160.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:coredns-extras-1.14.2-bp160.1.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
7.4 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:coredns-1.14.2-bp160.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:coredns-1.14.2-bp160.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:coredns-1.14.2-bp160.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:coredns-extras-1.14.2-bp160.1.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
6.3 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:coredns-1.14.2-bp160.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:coredns-1.14.2-bp160.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:coredns-1.14.2-bp160.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:coredns-extras-1.14.2-bp160.1.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:coredns-1.14.2-bp160.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:coredns-1.14.2-bp160.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:coredns-1.14.2-bp160.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:coredns-extras-1.14.2-bp160.1.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
References
25 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for coredns",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for coredns fixes the following issues:\n\nChanges in coredns:\n\n- Update to version 1.14.2:\n * plugin/reload: Allow disabling jitter with 0s\n * bump deps\n * plugin/forward: fix parsing error when handling TLS+IPv6 address\n * plugin/loop: use crypto/rand for query name generation\n * plugin: reorder rewrite before acl to prevent bypass\n * fix(rewrite): fix cname target rewrite for CNAME chains\n * fix(kubernetes): panic on empty ListenHosts\n * chore: bump minimum Go version to 1.25\n * feat(proxyproto): add proxy protocol support\n * refactor(cache): modernize with generics\n * Add metadata for response Type and Class to Log\n * docs: clarify kubernetes auth docs\n * fix: return SOA and NS records when queried for a record CNAMEd to origin\n\n- fixes bsc#1259320 CVE-2026-26017\n- fixes bsc#1259319 CVE-2026-26018\n\n- address more unstable unstable tests under aarch64 and s390x\n\n- Update to version 1.14.1:\n * This release primarily addresses security vulnerabilities affecting Go\n versions prior to Go 1.25.6 and Go 1.24.12\n (CVE-2025-61728, CVE-2025-61726, CVE-2025-68121, CVE-2025-61731,\n CVE-2025-68119).\n It also includes performance improvements to the proxy plugin via\n multiplexed connections, along with various documentation updates.\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Leap-16.0-packagehub-212",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2026_20619-1.json"
},
{
"category": "self",
"summary": "SUSE Bug 1259319",
"url": "https://bugzilla.suse.com/1259319"
},
{
"category": "self",
"summary": "SUSE Bug 1259320",
"url": "https://bugzilla.suse.com/1259320"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-61726 page",
"url": "https://www.suse.com/security/cve/CVE-2025-61726/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-61728 page",
"url": "https://www.suse.com/security/cve/CVE-2025-61728/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-61731 page",
"url": "https://www.suse.com/security/cve/CVE-2025-61731/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68119 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68119/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68121 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68121/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-26017 page",
"url": "https://www.suse.com/security/cve/CVE-2026-26017/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-26018 page",
"url": "https://www.suse.com/security/cve/CVE-2026-26018/"
}
],
"title": "Security update for coredns",
"tracking": {
"current_release_date": "2026-04-23T16:09:35Z",
"generator": {
"date": "2026-04-23T16:09:35Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2026:20619-1",
"initial_release_date": "2026-04-23T16:09:35Z",
"revision_history": [
{
"date": "2026-04-23T16:09:35Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "coredns-1.14.2-bp160.1.1.aarch64",
"product": {
"name": "coredns-1.14.2-bp160.1.1.aarch64",
"product_id": "coredns-1.14.2-bp160.1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "coredns-extras-1.14.2-bp160.1.1.noarch",
"product": {
"name": "coredns-extras-1.14.2-bp160.1.1.noarch",
"product_id": "coredns-extras-1.14.2-bp160.1.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "coredns-1.14.2-bp160.1.1.ppc64le",
"product": {
"name": "coredns-1.14.2-bp160.1.1.ppc64le",
"product_id": "coredns-1.14.2-bp160.1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "coredns-1.14.2-bp160.1.1.x86_64",
"product": {
"name": "coredns-1.14.2-bp160.1.1.x86_64",
"product_id": "coredns-1.14.2-bp160.1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 16.0",
"product": {
"name": "openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0"
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "coredns-1.14.2-bp160.1.1.aarch64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:coredns-1.14.2-bp160.1.1.aarch64"
},
"product_reference": "coredns-1.14.2-bp160.1.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "coredns-1.14.2-bp160.1.1.ppc64le as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:coredns-1.14.2-bp160.1.1.ppc64le"
},
"product_reference": "coredns-1.14.2-bp160.1.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "coredns-1.14.2-bp160.1.1.x86_64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:coredns-1.14.2-bp160.1.1.x86_64"
},
"product_reference": "coredns-1.14.2-bp160.1.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "coredns-extras-1.14.2-bp160.1.1.noarch as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:coredns-extras-1.14.2-bp160.1.1.noarch"
},
"product_reference": "coredns-extras-1.14.2-bp160.1.1.noarch",
"relates_to_product_reference": "openSUSE Leap 16.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-61726",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-61726"
}
],
"notes": [
{
"category": "general",
"text": "The net/url package does not set a limit on the number of query parameters in a query. While the maximum size of query parameters in URLs is generally limited by the maximum request header size, the net/http.Request.ParseForm method can parse large URL-encoded forms. Parsing a large form containing many unique query parameters can cause excessive memory consumption.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:coredns-1.14.2-bp160.1.1.aarch64",
"openSUSE Leap 16.0:coredns-1.14.2-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:coredns-1.14.2-bp160.1.1.x86_64",
"openSUSE Leap 16.0:coredns-extras-1.14.2-bp160.1.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-61726",
"url": "https://www.suse.com/security/cve/CVE-2025-61726"
},
{
"category": "external",
"summary": "SUSE Bug 1256817 for CVE-2025-61726",
"url": "https://bugzilla.suse.com/1256817"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:coredns-1.14.2-bp160.1.1.aarch64",
"openSUSE Leap 16.0:coredns-1.14.2-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:coredns-1.14.2-bp160.1.1.x86_64",
"openSUSE Leap 16.0:coredns-extras-1.14.2-bp160.1.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:coredns-1.14.2-bp160.1.1.aarch64",
"openSUSE Leap 16.0:coredns-1.14.2-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:coredns-1.14.2-bp160.1.1.x86_64",
"openSUSE Leap 16.0:coredns-extras-1.14.2-bp160.1.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-23T16:09:35Z",
"details": "moderate"
}
],
"title": "CVE-2025-61726"
},
{
"cve": "CVE-2025-61728",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-61728"
}
],
"notes": [
{
"category": "general",
"text": "archive/zip uses a super-linear file name indexing algorithm that is invoked the first time a file in an archive is opened. This can lead to a denial of service when consuming a maliciously constructed ZIP archive.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:coredns-1.14.2-bp160.1.1.aarch64",
"openSUSE Leap 16.0:coredns-1.14.2-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:coredns-1.14.2-bp160.1.1.x86_64",
"openSUSE Leap 16.0:coredns-extras-1.14.2-bp160.1.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-61728",
"url": "https://www.suse.com/security/cve/CVE-2025-61728"
},
{
"category": "external",
"summary": "SUSE Bug 1256816 for CVE-2025-61728",
"url": "https://bugzilla.suse.com/1256816"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:coredns-1.14.2-bp160.1.1.aarch64",
"openSUSE Leap 16.0:coredns-1.14.2-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:coredns-1.14.2-bp160.1.1.x86_64",
"openSUSE Leap 16.0:coredns-extras-1.14.2-bp160.1.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:coredns-1.14.2-bp160.1.1.aarch64",
"openSUSE Leap 16.0:coredns-1.14.2-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:coredns-1.14.2-bp160.1.1.x86_64",
"openSUSE Leap 16.0:coredns-extras-1.14.2-bp160.1.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-23T16:09:35Z",
"details": "moderate"
}
],
"title": "CVE-2025-61728"
},
{
"cve": "CVE-2025-61731",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-61731"
}
],
"notes": [
{
"category": "general",
"text": "Building a malicious file with cmd/go can cause can cause a write to an attacker-controlled file with partial control of the file content. The \"#cgo pkg-config:\" directive in a Go source file provides command-line arguments to provide to the Go pkg-config command. An attacker can provide a \"--log-file\" argument to this directive, causing pkg-config to write to an attacker-controlled location.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:coredns-1.14.2-bp160.1.1.aarch64",
"openSUSE Leap 16.0:coredns-1.14.2-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:coredns-1.14.2-bp160.1.1.x86_64",
"openSUSE Leap 16.0:coredns-extras-1.14.2-bp160.1.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-61731",
"url": "https://www.suse.com/security/cve/CVE-2025-61731"
},
{
"category": "external",
"summary": "SUSE Bug 1256819 for CVE-2025-61731",
"url": "https://bugzilla.suse.com/1256819"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:coredns-1.14.2-bp160.1.1.aarch64",
"openSUSE Leap 16.0:coredns-1.14.2-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:coredns-1.14.2-bp160.1.1.x86_64",
"openSUSE Leap 16.0:coredns-extras-1.14.2-bp160.1.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:coredns-1.14.2-bp160.1.1.aarch64",
"openSUSE Leap 16.0:coredns-1.14.2-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:coredns-1.14.2-bp160.1.1.x86_64",
"openSUSE Leap 16.0:coredns-extras-1.14.2-bp160.1.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-23T16:09:35Z",
"details": "important"
}
],
"title": "CVE-2025-61731"
},
{
"cve": "CVE-2025-68119",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68119"
}
],
"notes": [
{
"category": "general",
"text": "Downloading and building modules with malicious version strings can cause local code execution. On systems with Mercurial (hg) installed, downloading modules from non-standard sources (e.g., custom domains) can cause unexpected code execution due to how external VCS commands are constructed. This issue can also be triggered by providing a malicious version string to the toolchain. On systems with Git installed, downloading and building modules with malicious version strings can allow an attacker to write to arbitrary files on the filesystem. This can only be triggered by explicitly providing the malicious version strings to the toolchain and does not affect usage of @latest or bare module paths.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:coredns-1.14.2-bp160.1.1.aarch64",
"openSUSE Leap 16.0:coredns-1.14.2-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:coredns-1.14.2-bp160.1.1.x86_64",
"openSUSE Leap 16.0:coredns-extras-1.14.2-bp160.1.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68119",
"url": "https://www.suse.com/security/cve/CVE-2025-68119"
},
{
"category": "external",
"summary": "SUSE Bug 1256820 for CVE-2025-68119",
"url": "https://bugzilla.suse.com/1256820"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:coredns-1.14.2-bp160.1.1.aarch64",
"openSUSE Leap 16.0:coredns-1.14.2-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:coredns-1.14.2-bp160.1.1.x86_64",
"openSUSE Leap 16.0:coredns-extras-1.14.2-bp160.1.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:coredns-1.14.2-bp160.1.1.aarch64",
"openSUSE Leap 16.0:coredns-1.14.2-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:coredns-1.14.2-bp160.1.1.x86_64",
"openSUSE Leap 16.0:coredns-extras-1.14.2-bp160.1.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-23T16:09:35Z",
"details": "important"
}
],
"title": "CVE-2025-68119"
},
{
"cve": "CVE-2025-68121",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68121"
}
],
"notes": [
{
"category": "general",
"text": "During session resumption in crypto/tls, if the underlying Config has its ClientCAs or RootCAs fields mutated between the initial handshake and the resumed handshake, the resumed handshake may succeed when it should have failed. This may happen when a user calls Config.Clone and mutates the returned Config, or uses Config.GetConfigForClient. This can cause a client to resume a session with a server that it would not have resumed with during the initial handshake, or cause a server to resume a session with a client that it would not have resumed with during the initial handshake.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:coredns-1.14.2-bp160.1.1.aarch64",
"openSUSE Leap 16.0:coredns-1.14.2-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:coredns-1.14.2-bp160.1.1.x86_64",
"openSUSE Leap 16.0:coredns-extras-1.14.2-bp160.1.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68121",
"url": "https://www.suse.com/security/cve/CVE-2025-68121"
},
{
"category": "external",
"summary": "SUSE Bug 1256818 for CVE-2025-68121",
"url": "https://bugzilla.suse.com/1256818"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:coredns-1.14.2-bp160.1.1.aarch64",
"openSUSE Leap 16.0:coredns-1.14.2-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:coredns-1.14.2-bp160.1.1.x86_64",
"openSUSE Leap 16.0:coredns-extras-1.14.2-bp160.1.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:coredns-1.14.2-bp160.1.1.aarch64",
"openSUSE Leap 16.0:coredns-1.14.2-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:coredns-1.14.2-bp160.1.1.x86_64",
"openSUSE Leap 16.0:coredns-extras-1.14.2-bp160.1.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-23T16:09:35Z",
"details": "important"
}
],
"title": "CVE-2025-68121"
},
{
"cve": "CVE-2026-26017",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-26017"
}
],
"notes": [
{
"category": "general",
"text": "CoreDNS is a DNS server that chains plugins. Prior to version 1.14.2, a logical vulnerability in CoreDNS allows DNS access controls to be bypassed due to the default execution order of plugins. Security plugins such as acl are evaluated before the rewrite plugin, resulting in a Time-of-Check Time-of-Use (TOCTOU) flaw. This issue has been patched in version 1.14.2.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:coredns-1.14.2-bp160.1.1.aarch64",
"openSUSE Leap 16.0:coredns-1.14.2-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:coredns-1.14.2-bp160.1.1.x86_64",
"openSUSE Leap 16.0:coredns-extras-1.14.2-bp160.1.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-26017",
"url": "https://www.suse.com/security/cve/CVE-2026-26017"
},
{
"category": "external",
"summary": "SUSE Bug 1259320 for CVE-2026-26017",
"url": "https://bugzilla.suse.com/1259320"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:coredns-1.14.2-bp160.1.1.aarch64",
"openSUSE Leap 16.0:coredns-1.14.2-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:coredns-1.14.2-bp160.1.1.x86_64",
"openSUSE Leap 16.0:coredns-extras-1.14.2-bp160.1.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:coredns-1.14.2-bp160.1.1.aarch64",
"openSUSE Leap 16.0:coredns-1.14.2-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:coredns-1.14.2-bp160.1.1.x86_64",
"openSUSE Leap 16.0:coredns-extras-1.14.2-bp160.1.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-23T16:09:35Z",
"details": "important"
}
],
"title": "CVE-2026-26017"
},
{
"cve": "CVE-2026-26018",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-26018"
}
],
"notes": [
{
"category": "general",
"text": "CoreDNS is a DNS server that chains plugins. Prior to version 1.14.2, a denial of service vulnerability exists in CoreDNS\u0027s loop detection plugin that allows an attacker to crash the DNS server by sending specially crafted DNS queries. The vulnerability stems from the use of a predictable pseudo-random number generator (PRNG) for generating a secret query name, combined with a fatal error handler that terminates the entire process. This issue has been patched in version 1.14.2.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:coredns-1.14.2-bp160.1.1.aarch64",
"openSUSE Leap 16.0:coredns-1.14.2-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:coredns-1.14.2-bp160.1.1.x86_64",
"openSUSE Leap 16.0:coredns-extras-1.14.2-bp160.1.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-26018",
"url": "https://www.suse.com/security/cve/CVE-2026-26018"
},
{
"category": "external",
"summary": "SUSE Bug 1259319 for CVE-2026-26018",
"url": "https://bugzilla.suse.com/1259319"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:coredns-1.14.2-bp160.1.1.aarch64",
"openSUSE Leap 16.0:coredns-1.14.2-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:coredns-1.14.2-bp160.1.1.x86_64",
"openSUSE Leap 16.0:coredns-extras-1.14.2-bp160.1.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-23T16:09:35Z",
"details": "important"
}
],
"title": "CVE-2026-26018"
}
]
}
OPENSUSE-SU-2026:20620-1
Vulnerability from csaf_opensuse - Published: 2026-04-23 16:22 - Updated: 2026-04-23 16:22Summary
Security update for rclone
Severity
Critical
Notes
Title of the patch: Security update for rclone
Description of the patch: This update for rclone fixes the following issues:
Changes in rclone:
- Update to version 1.73.5:
* Version v1.73.5
* operations: add AuthRequired to operations/fsinfo to prevent backend creation CVE-2026-41179
* rc: snapshot NoAuth at startup to prevent runtime auth bypass CVE-2026-41176
* rc: add AuthRequired to options/set to prevent auth bypass CVE-2026-41176
* s3: fix empty delimiter parameter rejected by Archiware P5 server
* azureblob/auth: add Microsoft Partner Network User-Agent prefix
* drime: fix User.EntryPermissions JSON unmarshalling
* filter: fix debug logs that fire before logger is configured - fixes #9291
* s3: fix TencentCOS CDN endpoint failing on bucket check
* iclouddrive: fix 'directory not found' error when the directory contains accent marks
* Start v1.73.5-DEV development
- Update to version 1.73.4:
* Version v1.73.4
* Update to go 1.25.9 to fix multiple CVEs
* build: fix Denial of Service due to Panic in AWS SDK for Go v2 SDK EventStream Decoder
* docs: fix markdown issues in mount docs
* docs: fix header level for metadata option
* fix(docs): Fix link to not be language specific
* filen: update SDK version
* build(deps): bump golang.org/x/image from 0.36.0 to 0.38.0
* docs: note macOS 10.15 (Catalina) support with version v1.70.3
* Start v1.73.4-DEV development
- Update to version 1.73.3: (CVE-2026-33186 GHSA-6g7g-w4f8-9c9x)
* Version v1.73.3
* build(deps): bump github.com/buger/jsonparser from 1.1.1 to 1.1.2
* docs/jottacloud: fix broken link
* docs: clarify Filen password change requires updating both password and API key in rclone config
* docs: note that Filen API key changes on password change
* build(deps): bump google.golang.org/grpc from 1.79.1 to 1.79.3
* s3: add multi tenant support for Cubbit
* lib/rest: fix URLPathEscapeAll breaking WebDAV servers (eg nzbdav) with strict path matching
* list: fix nil pointer panic in Sorter when temp file creation fails
* docs: update RELEASE procedure to avoid mistakes
* docs: added text to the label showing version-introduced info
* Start v1.73.3-DEV development
* docs: update sponsors
- Update to version 1.73.2:
* Version v1.73.2
* Update to go 1.25.8 to fix multiple CVEs
* build: update to golang.org/x/net v0.51.0 to fix CVE-2026-27141 #9220
* docs: fix new drive flag typo in changelog
* webdav: add missing headers for CORS
* docs: Document unsupported S3 object keys with double slashes
* docs: note that --use-server-modtime only works on some backends
* internxt: fix Entry doesn't belong in directory errors on windows
* drime: fix chunk-uploaded files ignoring workspace ID
* docs: Fix headers hierarchy for mount.md
* webdav: escape reserved characters in URL path segments
* bisync: add group Sync to the bisync command
* archive: extract: strip "./" prefix from tar entry paths
* docs: add instructions on how to update Go version
* buid: update github.com/cloudflare/circl to v1.6.3 to fix CVE-2026-1229
* Start v1.73.2-DEV development
- Update to version 1.73.1:
* Version v1.73.1
* build: fix build using go 1.26.0 instead of go 1.25.7
* fs/march: fix runtime: program exceeds 10000-thread limit
* accounting: fix missing server side stats from core/stats rc
* pacer: re-read the sleep time as it may be stale
* pacer: fix deadlock between pacer token and --max-connections
* build: fix CVE-2025-68121 by updating go to 1.25.7 or later - fixes #9167
* drime: fix files and directories being created in the default workspace
* docs: update sponsors
* copyurl: Extend copyurl docs with an example of CSV FILENAMEs starting with a path.
* internxt: implement re-login under refresh logic, improve retry logic - fixes #9174
* docs: add ExchangeRate-API as a sponsor
* build: bump github.com/go-chi/chi/v5 from 5.2.3 to 5.2.5 to fix GO-2026-4316
* Set list_version to 2 for FileLu S3 configuration
* filelu: add multipart upload support with configurable cutoff
* filelu: add multipart init response type
* filelu: add comment for response body wrapping
* filelu: avoid buffering entire file in memory
* docs: update sponsor logos
* filen: fix potential panic in case of error during upload
* filen: fix 32 bit targets not being able to list directories Fixes #9142
* Start v1.73.1-DEV development
- Update to version 1.73.0:
* Version v1.73.0
* drive: fix crash when trying to creating shortcut to a Google doc
* azureblob,azurefiles: factor the common auth into a library
* test: allow backends to return fs.ErrorCantListRoot to skip Root tests
* build: add privatebeta Makefile target
* docs: add Internxt as a sponsor
* internxt: remove use of CVE laden github.com/disintegration/imaging
* docs: fix Internxt docs after merge
* docs: update making a new backend docs
* docs: build overview page from the backend data
* docs: add tiering to the documentation - fixes #8873
* docs: add data about each backend in YAML format
* docs: add bin/manage_backends.py for managing the backend data files
* internxt: use rclone's http.Client to enable more features
* internxt: fix lint problems
* Add StarHack to contributors
* Add lullius to contributors
* Add jzunigax2 to contributors
* internxt: add Internxt backend - fixes #7610
* drive: add --drive-metadata-force-expansive-access flag - Fixes #8980
* test_all: allow drime more time to complete
* onedrive: fix permissions on onedrive Personal
* onedrive: fix require sign in for Onedrive Personal
* onedrive: Onedrive Personal no longer supports description
* onedrive: fix setting modification time on directories for onedrive Personal
* onedrive: fix cancelling multipart upload
* docs: fix WinFsp link in mount documentation
* cmount: make work under OpenBSD - fixes #1727
* vfs: make mount tests run on OpenBSD
* docs: improve alignment of icons
* protondrive: update to use forks of upstream modules
* Add hyusap to contributors
* Add Nick Owens to contributors
* Add Mikel Olasagasti Uranga to contributors
* docs: fix googlephotos custom client_id instructions
* cmount: fix OpenBSD mount support.
* fs: fix bwlimit: correctly report minutes
* fs: fix bwlimit: use %d instead of %q for ints
* mega: reverts TLS workaround
* docs: fix formatting
* docs: add faq entry about re-enabling old TLS ciphers
* Add Marc-Philip to contributors
* Add yy to contributors
* filen: swap to blake3 hashes
* docs: fix echo command syntax for password input
* docs: fix typos in comments and messages
* docs: fix use of removed rem macro
* uptobox: remove backend as service is no longer available
* rc: add operations/hashsumfile to sum a single file only
* docs: update sponsor link
* filen: add Filen backend - Fixes #6728
* sftp: fix proxy initialisation
* fstest: skip Copy mutation test with --sftp-copy-is-hardlink
* fstest: Make Copy mutation test work properly
* Add Qingwei Li to contributors
* Add Nicolas Dessart to contributors
* log: fix systemd adding extra newline - fixes #9086
* oracleobjectstorage, sftp: eliminate unnecessary heap allocation
* sftp,ftp: add http proxy authentication support
* Add Drime backend
* lib/rest: add opts.MultipartContentType to explicitly set Content-Type of attachements
* dircache: allow empty string as root parent id
* docs: update sponsors
* s3: add provider Bizfly Cloud Simple Storage
* docs: update sponsor logos
* Add sys6101 to contributors
* Add darkdragon-001 to contributors
* Add vupn0712 to contributors
* docs: add cloudinary to readme
* docs: fix headers hierarchy in mount docs
* s3: fix Copy ignoring storage class
* serve s3: make errors in --s3-auth-key fatal - fixes #9044
* Add masrlinu to contributors
* pcloud: add support for real-time updates in mount
* memory: add --memory-discard flag for speed testing - fixes #9037
* Add vyv03354 to contributors
* shade: Fix VFS test issues
* docs: mention use of ListR feature in ls docs
* build: bump actions/download-artifact from 6 to 7
* build: bump actions/upload-artifact from 5 to 6
* build: bump actions/cache from 4 to 5
* docs: reflects the fact that pCloud supports ListR
* S3: Linode: updated endpoints to use ISO 3166-1 alpha-2 standard
* sync: fix error propagation in tests (#9025)
* Changelog updates from Version v1.72.1
* s3: add more regions for Selectel
* Add jhasse-shade to contributors
* Add Shade backend
* log: fix backtrace not going to the --log-file #9014
* build: fix lint warning after linter upgrade
* Add Jonas Tingeborn to contributors
* Add Tingsong Xu to contributors
* configfile: add piped config support - fixes #9012
* fs/log: fix PID not included in JSON log output
* build: adjust lint rules to exclude new errors from linter update
* proxy: fix error handling in tests spotted by the linter
* Add Johannes Rothe to contributors
* Add Leo to contributors
* Add Vladislav Tropnikov to contributors
* Add Cliff Frey to contributors
* Add vicerace to contributors
* b2: Fix listing root buckets with unrestricted API key
* googlecloudstorage: improve endpoint parameter docs
* serve webdav: implement download-directory-as-zip
* s3: The ability to specify an IAM role for cross-account interaction
* azureblob: add metadata and tags support across upload and copy paths
* refactor: use strings.Cut to simplify code
* docs: note where a provider has an S3 compatible alternative
* Add Shade as sponsor
* Add Duncan Smart to contributors
* Add Diana to contributors
* docs: Clarify OAuth scopes for readonly Google Drive access
* b2: support authentication with new bucket restricted application keys
* docs: update sponsor logos
* docs: fix lint error in changelog
* Start v1.73.0-DEV development
- Update to version 1.72.1:
* Version v1.72.1
* s3: add more regions for Selectel
* log: fix backtrace not going to the --log-file #9014
* build: fix lint warning after linter upgrade
* configfile: add piped config support - fixes #9012
* fs/log: fix PID not included in JSON log output
* build: adjust lint rules to exclude new errors from linter update
* proxy: fix error handling in tests spotted by the linter
* googlecloudstorage: improve endpoint parameter docs
* docs: note where a provider has an S3 compatible alternative
* Add Shade as sponsor
* docs: Clarify OAuth scopes for readonly Google Drive access
* docs: update sponsor logos
* docs: fix lint error in changelog
* Start v1.72.1-DEV development
- Update to version 1.72.0:
* Version v1.72.0
* rc: fix formatting in job/batch
* test speed: fix formatting of help
* docs: update sponsor logos
* build: bump actions/checkout from 5 to 6
* s3: add multi-part-upload support for If-Match and If-None-Match
* rc: config/unlock: rename parameter to `configPassword` accept old as well
* rc: correct names of parameters in job/list output
* Add Nikolay Kiryanov to contributors
* rc: add `executeId` to job statuses - fixes #8972
* build: bump golang.org/x/crypto from 0.43.0 to 0.45.0 to fix CVE-2025-58181
* s3: fix single file copying behavior with low permission - Fixes #8975
* docs: onedrive: note how to backup up any user's data
* Add Dominik Sander to contributors
* Add jijamik to contributors
* box: allow to configure with config file contents
* http: add basic metadata and provide it via serve
* ftp: fix transfers from servers that return 250 ok messages
* b2: allow individual old versions to be deleted with --b2-versions - fixes #1626
* build: fix tls: failed to verify certificate: x509: negative serial number
* Add Sean Turner to contributors
* s3: add support for --upload-header If-Match and If-None-Match
* fix: comment typos
* dropbox: fix error moving just created objects - fixes #8881
* s3: add --s3-use-data-integrity-protections to fix BadDigest error in Alibaba, Tencent
* rc: make sure fatal errors don't crash rclone - fixes #8955
* pacer: factor call stack searching into its own package
* rc: add osVersion, osKernel and osArch to core/version
* build: update all dependencies
* build(deps): bump golangci/golangci-lint-action from 8 to 9
* webdav: fix out of memory with sharepoint-ntlm when uploading large file
* testserver: fix owncloud test server startup
* Add aliaj1 to contributors
* ulozto: Fix downloads returning HTML error page
* docs: adjust spectra logic example endpoint name
* docs: update version introduced to v1.70 in doi docs
* testserver: fix HDFS server after run.bash adjustments
* testserver: remind developers about allocating a port
* testserver: make run.bash variables less likely to collide with scripts
* testserver: fix seafile servers messing up _connect string
* testserver: make sure TestWebdavInfiniteScale uses an assigned port
* testserver: make sure we don't overwrite the NAME variable set
* Add n4n5 to contributors
* Add Alex to contributors
* Add Copilot to contributors
* docs: update contributing docs regarding backend documentation
* rc: add jobs stats
* docs: fix alignment of some of the icons in the storage system dropdown
* docs: run markdownlint on _index.md
* docs: fix markdownlint issues and other styling improvements in backend command docs
* docs: fix markdownlint issue md046/code-block-style in backend command docs
* docs: fix missing punctuation in backend commands short description
* docs: fix markdownlint issues in backend command generated output
* build: improve backend docs autogenerated marker line
* backend/compress: add zstd compression
* sftp: fix zombie SSH processes with --sftp-ssh - Fixes #8929
* testserver: fix tests failing due to stopped servers
* docs: add new integration tester site link
* docs: update the method for running integration tests
* bisync: fix failing tests
* Add SublimePeace to contributors
* b2: fix "expected a FileSseMode but found: ''"
* docs: s3: clarify multipart uploads memory usage
* test_all: fix detection of running servers
* accounting: add AccountReadN for use in cluster
* fs: add NonDefaultRC for discovering options in use
* fs: move tests into correct files
* rc: add NewJobFromBytes for reading jobs from non HTTP transactions
* rc: add job/batch for sending batches of rc commands to run concurrently
* Add Ted Robertson to contributors
* Add Joseph Brownlee to contributors
* Add fries1234 to contributors
* Add Fawzib Rojas to contributors
* Add Riaz Arbi to contributors
* Add Lukas Krejci to contributors
* Add Adam Dinwoodie to contributors
* Add dulanting to contributors
* docs: add AppArmor restrictions to rclone mount
* check: improved reporting of differences in sizes and contents
* mega: implement 2FA login
* docs: change to light code block style to better match overall theme
* docs: fix various markdownlint issues
* build: restrict the markdown languages to use for code blocks
* docs: fix various markdownlint issues
* docs: fix markdownlint issue md013/line-length
* docs: change syntax hightlighting for command examples from sh to console
* docs: Clarify remote naming convention
* b2: Add Server-Side encryption support
* Added rclone archive command to create and read archive files
* accounting: add io.Seeker/io.ReaderAt support to accounting.Account
* operations: add ReadAt method to ReOpen
* fstest: add ResetRun to allow the remote to be reset in tests
* gcs: fix --gcs-storage-class to work with server side copy for objects
* ulozto: implement the about functionality
* local: add --skip-specials to ignore special files
* swift: Report disk usage in segment containers
* refactor: use strings.Builder to improve performance
* Archive backend to read archives on cloud storage.
* vfs: remove unecessary import in tests to fix import cycles
* Add Lakshmi-Surekha to contributors
* Add Andrew Gunnerson to contributors
* Add divinity76 to contributors
* build: enable support for aix/ppc64
* rc: fix name of "queue" JSON key in docs for vfs/cache
* cmount: windows: improve error message on missing winfsp
* docs: add the Provider to the options examples in the backend docs
* Add Aneesh Agrawal to contributors
* Add viocha to contributors
* Add reddaisyy to contributors
* fs: remove unnecessary Seek call on log file
* s3: make it easier to add new S3 providers
* build(deps): bump actions/upload-artifact from 4 to 5
* build(deps): bump actions/download-artifact from 5 to 6
* ftp: fix SOCK proxy support - fixes #8892 (#8918)
* webdav: Add Access-Control-Max-Age header for CORS preflight caching - fixes #5078
* webdav: use SpaceSepList to parse bearer token command
* refactor: use strings.Builder to improve performance
* docs: re-arrange sponsors page
* docs: add Spectra Logic as a sponsor
* Add Oleksandr Redko to contributors
* build: enable all govet checks (except fieldalignment and shadow) and fix issues.
* march: fix --no-traverse being very slow - fixes #8860
* Add vastonus to contributors
* s3: add new FileLu S5 endpoints
* build: remove obsolete build tag
* azurefiles: add ListP interface - #4788
* dropbox: add ListP interface - #4788
* webdav: add ListP interface - #4788
* pcloud: add ListP interface - #4788
* box: add ListP interface - #4788
* onedrive: add ListP interface - #4788
* drive: add ListP interface - #4788
* Add hunshcn to contributors
* webdav: optimize bearer token fetching with singleflight
* Changelog updates from Version v1.71.2
* lib/http: cleanup indentation and other whitespace in http serve template
* docs: improve formatting of http serve template parameters
* build: stop markdown linter leaving behind docker containers
* Add Marco Ferretti to contributors
* s3: add cubbit as provider
* s3: add servercore as a provider
* docs: update sponsors
* docs: update sponsor images
* docs: update privacy policy with a section on user data
* Add Dulani Woods to contributors
* Add spiffytech to contributors
* gcs: add region us-east5 - fixes #8863
* jottacloud: refactor service list from map to slice to get predefined order
* jottacloud: added support for traditional oauth authentication also for the main service
* oauthutil: improved debug logs from token refresh
* backend: add S3 provider for Hetzner object storage #8183
* jottacloud: improved token refresh handling
* s3: provider reordering
* index: add missing providers
* docs: add missing `
* s3: add rabata as a provider
* mega: fix 402 payment required errors - fixes #8758
* Add Andrew Ruthven to contributors
* Add Microscotch to contributors
* Add iTrooz to contributors
* build: Bump SwiftAIO container to a newer one
* build: Retry stopping the test server
* build: Increase attempts to connect to test server
* swift: If storage_policy isn't set, use the root containers policy
* proton: automated 2FA login with OTP secret key
* serve s3: fix log output to remove the EXTRA messages
* docs/jottacloud: update description of invalid_grant error according to changes
* jottacloud: add support for MediaMarkt Cloud as a whitelabel service
* s3: add FileLu S5 provider
* docs: fix variants of --user-from-header
* vfs: fix chunker integration test
* test_all: give TestZoho: extra time as it has been timing out
* test_all: give TestCompressDrive: extra time as it has been timing out
* rclone config string: reduce quoting with Human rendering for strings #8859
* Add juejinyuxitu to contributors
* docs/jottacloud: update documentation with new whitelabel services and changed configuration flow
* jottacloud: abort attempts to run unsupported rclone authorize command
* jottacloud: minor adjustment of texts in config ui
* jottacloud: add support for Let's Go Cloud (from MediaMarkt) as a whitelabel service
* jottacloud: fix authentication for whitelabel services from Elkjp subsidiaries
* jottacloud: refactor config handling of whitelabel services to use openid provider configuration
* jottacloud: remove nil error object from error message
* jottacloud: fix legacy authentication
* docs: add remote setup page to main docs dropdown
* docs: update remote setup page
* docs: add link from authorize command docs to remote setup docs
* docs: lowercase internet and web browser instead of Internet browser
* docs: use the term backend name instead of fs name for authorize command
* add `rclone config string` for making connection strings #8859
* config: add more human readable configmap.Simple output
* serve http: download folders as zip
* s3: reorder providers to be in alphabetical order
* refactor: use strings.FieldsFuncSeq to reduce memory allocations
* accounting: add SetMaxCompletedTransfers method to fix bisync race #8815
* accounting: add RemoveDoneTransfers method to fix bisync race #8815
* bisync: fix race when CaptureOutput is used concurrently #8815
* build: update all dependencies
* Makefile: remove deprecated go mod usage
* azurefiles: Fix server side copy not waiting for completion - fixes #8848
* Changelog updates from Version v1.71.1
* test_all: fix branch name in test report
* pacer: fix deadlock with --max-connections
* Revert "azureblob: fix deadlock with --max-connections with InvalidBlockOrBlob errors"
* Add Youfu Zhang to contributors
* Add Matt LaPaglia to contributors
* smb: optimize smb mount performance by avoiding stat checks during initialization
* pikpak: fix unnecessary retries by using URL expire parameter - fixes #8601
* serve http: fix: logging url on start
* docs: fix typo
* b2: fix 1TB+ uploads
* march: fix deadlock when using --fast-list on syncs - fixes #8811
* build: slices.Contains, added in go1.21
* build: use strings.CutPrefix introduced in go1.20
* build: use sequence Split introduced in go1.24
* build: use "for i := range n", added in go1.22
* build: modernize benchmark usage
* build: in tests use t.Context, added in go1.24
* build: replace interface{} by the 'any' type added in go1.18
* build: use the built-in min or max functions added in go1.21
* Add russcoss to contributors
* build: remove x := x made unnecessary by the new semantics of loops in go1.22
* lib/pool: fix unreliable TestPoolMaxBufferMemory test
* Update S-Pegg1 email
* Add Jean-Christophe Cura to contributors
* pool: fix flaky unreliability test
* copyurl: reworked code, added concurrency and tests
* copyurl: Added --url to read urls from csv file - #8127
* docs: HDFS: erasure coding limitation #8808
* fstest: fix slice bounds out of range error when using -remotes local
* local: fix time zones on tests
* s3: added SpectraLogic as a provider
* local: fix rmdir "Access is denied" on windows - fixes #8363
* bisync: fix error handling for renamed conflicts
* docs: pcloud: update root_folder_id instructions
* operations: fix partial name collisions for non --inplace copies
* drive: docs: update making your own client ID instructions
* swift: add ListP interface - #4788
* memory: add ListP interface - #4788
* oraceobjectstorage: add ListP interface - #4788
* B2: add ListP interface - #4788
* azureblob: add ListP interface - #4788
* googlecloudstorage: add ListP interface - Fixes #8763
* build: bump actions/github-script from 7 to 8
* build: bump actions/setup-go from 5 to 6
* bisync: fix chunker integration tests
* bisync: fix koofr integration tests
* internetarchive: fix server side copy files with spaces
* lib/rest: add URLPathEscapeAll to URL escape as many chars as possible
* Add alternate email for dougal to contributors
* test speed: add command to test a specified remotes speed
* docs: add link to MEGA S4 from MEGA page
* Add Robin Rolf to contributors
* Add anon-pradip to contributors
* s3: Add Intercolo provider
* gendocs: refactor and add logging of skipped command docs
* gendocs: ignore missing rclone_mount.md, rclone_nfsmount.md, rclone_serve_nfs.md on windows
* bin: add bisync.md generator
* fstest: refactor to decouple package from implementation
* gendocs: ignore missing rclone_mount.md on macOS
* bisync: ignore expected "nothing to transfer" differences on tests
* bisync: fix TestBisyncConcurrent ignoring -case
* bisync: make number of parallel tests configurable
* docs: clarify subcommand description in rclone usage
* docs: fix description of regex syntax of name transform
* docs: add some more details about supported regex syntax
* makefile: fix lib/transform docs not getting updated
* lib/pool: fix flaky test which was causing timeouts
* Add dougal to contributors
* vfs: fix SIGHUP killing serve instead of flushing directory caches
* bisync: use unique stats groups on tests
* fstest: stop errors in test cleanup changing the global stats
* Add Motte to contributors
* Add Claudius Ellsel to contributors
* build: add local markdown linting to make check
* lsf: add support for unix and unixnano time formats
* docs: remove broken links from rc to commands
* hashsum: changed output format when listing algorithms
* docs: add example of how to add date as suffix
* box: fix about after change in API return - fixes #8776
* Add skbeh to contributors
* Add Tilman Vogel to contributors
* docs: fix incorrectly escaped windows path separators
* build: restore error handling in gendocs
* combine: propagate SlowHash feature
* docs/oracleobjectstorage: add introduction before external links and remove broken link
* docs: fix markdown lint issues in backend docs
* docs: fix markdown lint issues in command docs
* docs: update markdown code block json indent size 2
* mount: do not log successful unmount as an error - fixes #8766
* Start v1.72.0-DEV development
- Update to version 1.71.2:
* Version v1.71.2
* docs: update sponsors
* docs: update sponsor images
* docs: update privacy policy with a section on user data
* gcs: add region us-east5 - fixes #8863
* index: add missing providers
* docs: add missing `
* mega: fix 402 payment required errors - fixes #8758
* docs: fix variants of --user-from-header
* docs: add remote setup page to main docs dropdown
* docs: update remote setup page
* docs: add link from authorize command docs to remote setup docs
* docs: lowercase internet and web browser instead of Internet browser
* docs: use the term backend name instead of fs name for authorize command
* bisync: fix race when CaptureOutput is used concurrently #8815
* azurefiles: Fix server side copy not waiting for completion - fixes #8848
* pikpak: fix unnecessary retries by using URL expire parameter - fixes #8601
* serve http: fix: logging url on start
* docs: fix typo
* b2: fix 1TB+ uploads
* Start v1.71.2-DEV development
- Update to version 1.71.1:
* Version v1.71.1
* pacer: fix deadlock with --max-connections
* Revert "azureblob: fix deadlock with --max-connections with InvalidBlockOrBlob errors"
* march: fix deadlock when using --fast-list on syncs - fixes #8811
* docs: HDFS: erasure coding limitation #8808
* local: fix rmdir "Access is denied" on windows - fixes #8363
* bisync: fix error handling for renamed conflicts
* docs: pcloud: update root_folder_id instructions
* operations: fix partial name collisions for non --inplace copies
* drive: docs: update making your own client ID instructions
* internetarchive: fix server side copy files with spaces
* lib/rest: add URLPathEscapeAll to URL escape as many chars as possible
* docs: add link to MEGA S4 from MEGA page
* docs: clarify subcommand description in rclone usage
* docs: fix description of regex syntax of name transform
* docs: add some more details about supported regex syntax
* makefile: fix lib/transform docs not getting updated
* vfs: fix SIGHUP killing serve instead of flushing directory caches
* docs: remove broken links from rc to commands
* docs: add example of how to add date as suffix
* box: fix about after change in API return - fixes #8776
* docs: fix incorrectly escaped windows path separators
* build: restore error handling in gendocs
* combine: propagate SlowHash feature
* docs/oracleobjectstorage: add introduction before external links and remove broken link
* docs: fix markdown lint issues in backend docs
* docs: fix markdown lint issues in command docs
* docs: update markdown code block json indent size 2
* mount: do not log successful unmount as an error - fixes #8766
* Start v1.71.1-DEV development
- Update to version 1.71.0:
* Version v1.71.0
* fs: tls: add --client-pass support for encrypted --client-key files
* ftp: make TLS config default to global TLS config - Fixes #6671
* fshttp: return *Transport rather than http.RoundTripper from NewTransport
* bisync: release from beta
* bisync: fix markdown formatting issues flagged by linter in docs
* bisync: fix --no-slow-hash settings on path2
* Add cui to contributors
* docs: add code of conduct
* lib/mmap: convert to using unsafe.Slice to avoid deprecated reflect.SliceHeader
* build: bump golangci/golangci-lint-action from 6 to 8
* build: update golangci-lint configuration
* build: ignore revive lint issue var-naming: avoid meaningless package names
* build: fix lint issue: should omit type error from declaration
* Revert "build: downgrade linter to use go1.24 until it is fixed for go1.25"
* build: migrate golangci-lint configuration to v2 format
* s3: add --s3-use-arn-region flag - fixes #8686
* Add Binbin Qian to contributors
* Add Lucas Bremgartner to contributors
* docs: add tips about outdated certificates
* FAQ: specify the availability of SSL_CERT_* env vars
* pikpak: add file name integrity check during upload
* bisync: skip TestBisyncConcurrent on non-local
* internetarchive: fix server side copy files with &
* Revert "s3: set useAlreadyExists to false for Alibaba OSS"
* Add huangnauh to contributors
* smb: improve multithreaded upload performance using multiple connections
* bisync: fix data races on tests
* bisync: remove unused parameters
* bisync: deglobalize to fix concurrent runs via rc - fixes #8675
* mount: fix identification of symlinks in directory listings
* s3: fix Content-Type: aws-chunked causing upload errors with --metadata
* config: fix problem reading pasted tokens over 4095 bytes
* config: fix test failure on local machine with a config file
* log: add log rotation to --log-file - fixes #2259
* accounting: Fix stats (speed=0 and eta=nil) when starting jobs via rc
* docs: update overview table for oracle object storage
* Add praveen-solanki-oracle to contributors
* oracleobjectstorage: add read only metadata support - Fixes #8705
* doc: sync doesn't symlinks in dest without --link - Fixes #8749
* s3: sort providers in docs
* s3: add docs for Exaba Object Storage
* azureblob: fix double accounting for multipart uploads - fixes #8718
* pool: fix deadlock with --max-buffer-memory
* azureblob: fix deadlock with --max-connections with InvalidBlockOrBlob errors
* build: downgrade linter to use go1.24 until it is fixed for go1.25
* build: update all dependencies
* build: update to go1.25 and make go1.24 the minimum required version
* Add Timothy Jacobs to contributors
* bisync: fix time.Local data race on tests - fixes #8272
* googlecloudstorage: fix rateLimitExceeded error on bisync tests
* accounting: populate transfer snapshot with "what" value
* build(deps): bump actions/checkout from 4 to 5
* build(deps): bump actions/download-artifact from 4 to 5
* googlecloudstorage: enable bisync integration tests
* fstest: fix parsing of commas in -remotes
* azurefiles: fix hash getting erased when modtime is set
* bisync: disable --sftp-copy-is-hardlink on sftp tests
* local: fix --copy-links on Windows when listing Junction points
* operations: fix too many connections open when using --max-memory
* pool: fix deadlock with --max-memory and multipart transfers
* pool: unify memory between multipart and asyncreader to use one pool
* docs: update links to rcloneui
* docs: add MEGA S4 as a gold sponsor
* about: fix potential overflow of about in various backends
* box: fix about: cannot unmarshal number 1.0e+18 into Go struct field
* oauthutil: fix nil pointer crash when started with expired token
* rc: listremotes should send an empty array instead of nil
* config: add error if RCLONE_CONFIG_PASS was supplied but didn't decrypt config
* rc: add config/unlock to unlock the config file
* ftp: allow insecure TLS ciphers - fixes #8701
* s3: set useAlreadyExists to false for Alibaba OSS
* docs: update sponsors page
* fs: allow global variables to be overriden or set on backend creation
* fs: allow setting of --http_proxy from command line
* tests: cloudinary: remove test ignore after merging fix from #8707
* Add Antonin Goude to contributors
* Add Yu Xin to contributors
* Add houance to contributors
* Add Florent Vennetier to contributors
* Add n4n5 to contributors
* Add Albin Parou to contributors
* Add liubingrun to contributors
* sync: fix testLoggerVsLsf when backend only reads modtime
* sync: fix testLoggerVsLsf checking wrong fs
* docs: fix make opengraph tags absolute as not all sites understand relative
* docs: update contributing guide regarding markdown documentation
* build: add markdown linting to workflow
* build: add markdownlint configuration
* docs: minor format cleanup install.md
* docs: fix markdownlint issue md049/emphasis-style
* docs: fix markdownlint issue md036/no-emphasis-as-heading
* docs: fix markdownlint issue md033/no-inline-html
* docs: fix markdownlint issue md025/single-title
* docs: fix markdownlint issue md041/first-line-heading
* docs: fix markdownlint issue md001/heading-increment
* docs: fix markdownlint issue md003/heading-style
* docs: fix markdownlint issue md034/no-bare-urls
* docs: fix markdownlint issue md010/no-hard-tabs
* docs: fix markdownlint issue md013/line-length
* docs: fix markdownlint issue md038/no-space-in-code
* docs: fix markdownlint issue md040/fenced-code-language
* docs: fix markdownlint issue md046/code-block-style
* docs: fix markdownlint issue md037/no-space-in-emphasis
* docs: fix markdownlint issue md059/descriptive-link-text
* docs: fix markdownlint issues md007/ul-indent md004/ul-style
* docs: fix markdownlint issue md012/no-multiple-blanks
* docs: fix markdownlint issue md058/blanks-around-tables
* docs: fix markdownlint issue md022/blanks-around-headings
* docs: fix markdownlint issue md031/blanks-around-fences
* docs: fix markdownlint issue md032/blanks-around-lists
* docs: fix markdownlint issue md009/no-trailing-spaces
* docs: fix markdownlint issue md014/commands-show-output
* docs: fix markdownlint issues md007/ul-indent md004/ul-style (bin/update-authors.py)
* docs: fix markdownlint issues md007/ul-indent md004/ul-style (authors.md)
* docs: add opengraph tags for website social media previews
* mount: note that bucket based remotes can use directory markers
* pikpak: add docs for methods to clarify name collision handling and restrictions
* pikpak: enhance Copy method to handle name collisions and improve error management
* pikpak: enhance Move for better handling of error and name collision
* accounting: fix incorrect stats with --transfers=1 - fixes #8670
* rc: fix `operations/check` ignoring `oneWay` parameter
* s3: add OVHcloud Object Storage provider
* docs: rc: fix description of how to read local config
* build: limit check for edits of autogenerated files to only commits in a pull request
* build: extend check for edits of autogenerated files to all commits in a pull request
* smb: refresh Kerberos credentials when ccache file changes
* s3: fix multipart upload and server side copy when using bucket policy SSE-C
* backend/s3: Fix memory leak by cloning strings #8683
* purge: exit with a fatal error if filters are set on `rclone purge`
* docs: Add Backblaze as a Platinum sponsor
* Add Sam Pegg to contributors
* googlephotos: added warning for Google Photos compatability-fixes #8672
* test: remove flakey TestChunkerChunk50bYandex: test
* docs: Consolidate entries for Josh Soref in contributors
* docs: remove dead link to example of writing a plugin
* filescom: document that hashes need to be enabled - fixes #8674
* Add Sudipto Baral to contributors
* docs: fix incorrect json syntax in sample output
* docs: ignore author email piyushgarg80
* docs: fix header level for --dump option section
* docs: use stringArray as parameter type
* docs: use consistent markdown heading syntax
* imagekit: remove server side Copy method as it was downloading and uploading
* imagekit: don't low level retry uploads
* imagekit: return correct error when attempting to upload zero length files
* smb: add --smb-kerberos-ccache option to set kerberos ccache per smb backend
* test: fix smb kerberos integration tests
* Changelog updates from Version v1.70.3
* config: make parsing of duration options consistent
* docs: cleanup usage
* docs: break long lines
* docs: add option value type to header where missing
* docs: mention that identifiers in option values are case insensitive
* docs: rewrite dump option examples
* docs: use markdown inline code format for dump option headers that are real examples
* docs: change spelling from server side to server-side
* docs: cleanup header casing
* docs: rename OSX to macOS
* docs: fix list and code block issue
* docs: consistent markdown list format
* docs: split section with general description of options with that documenting actual main options
* docs: improve description of option types
* docs: use space instead of equal sign to separate option and value in headers
* docs: use comma to separate short and long option format in headers
* docs: remove use of uncommon parameter types
* docs: remove use of parameter type FILE
* docs: remove use of parameter type DIR
* docs: remove use of parameter type CONFIG_FILE
* docs: change use of parameter type N and NUMBER to int consistent with flags and cli help
* docs: change use of parameter type TIME to Duration consistent with flags and cli help
* docs: change use of parameter type BANDWIDTH_SPEC to BwTimetable consistent with flags and cli help
* docs: change use of parameter type SIZE to SizeSuffix consistent with flags and cli help
* docs: cleanup markdown header format
* docs: explain separated list parameters
* azureblob: fix server side copy error "requires exactly one scope"
* test: remove and ignore failing integration tests
* docs: explain the json log format in more detail
* check: fix difference report (was reporting error counts)
* serve sftp: add support for more hashes (crc32, sha256, blake3, xxh3, xxh128)
* serve sftp: extract function refactoring for handling hashsum commands
* sftp: add support for more hashes (crc32, sha256, blake3, xxh3, xxh128)
* local: configurable supported hashes
* hash: add support for BLAKE3, XXH3, XXH128
* vfs: make integration TestDirEntryModTimeInvalidation test more reliable
* smb: skip non integration tests when doing integration tests
* seafile: fix integration test errors by adding dot to encoding
* linkbox: fix upload error "user upload file not exist"
* build: remove integration tests which are too slow
* march: fix deadlock when using --no-traverse - fixes #8656
* pikpak: improve error handling for missing links and unrecoverable 500s
* pikpak: rewrite upload to bypass AWS S3 manager - fixes #8629
* test: fix TestSMBKerberos password expiring errors
* Add Vikas Bhansali to contributors
* Add Ross Smith II to contributors
* azureblob,azurefiles: add support for client assertion based authentication
* webdav: fix setting modtime to that of local object instead of remote
* build: set default shell to bash in build.yml
* docs: fix filescom/filelu link mixup
* Add Davide Bizzarri to contributors
* fix: b2 versionAt read metadata
* test: make TestWebdavInfiniteScale startup more reliable
* test_all: add _connect_delay for slow starting servers
* docs: update link for filescom
* test_all: make TestWebdav InfiniteScale integration tests run
* test_all: make SMB with Kerberos integration tests run properly
* test_all: allow an env parameter to set environment variables
* Changelog updates from Version v1.70.2
* Add Ali Zein Yousuf to contributors
* Add $@M@RTH_ to contributors
* docs: update client ID instructions to current Azure AD portal - fixes #8027
* s3: add Zata provider
* pacer: fix nil pointer deref in RetryError - fixes #8077
* docs: Remove Warp as a sponsor
* docs: add files.com as a Gold sponsor
* docs: add links to SecureBuild docker image
* Add curlwget to contributors
* convmv: fix moving to unicode-equivalent name - fixes #8634
* transform: add truncate_keep_extension and truncate_bytes
* convmv: make --dry-run logs less noisy
* sync: avoid copying dir metadata to itself
* docs: fix some function names in comments
* combine: fix directory not found errors with ListP interface - Fixes #8627
* local: fix --skip-links on Windows when skipping Junction points
* Add Marvin Rsch to contributors
* build: bump github.com/go-chi/chi/v5 from 5.2.1 to 5.2.2 to fix GHSA-vrw8-fxc6-2r93
* copy,copyto,move,moveto: implement logger flags to store result of sync
* log: fix deadlock when using systemd logging - fixes #8621
* docs: googlephotos: detail how to make your own client_id - fixes #8622
* Add necaran to contributors
* mega: fix tls handshake failure - fixes #8565
* Changelog updates from Version v1.70.1
* Add jinjingroad to contributors
* docs: DOI grammar error
* docs: lib/transform: cleanup formatting
* lib/transform: avoid empty charmap entry
* chore: fix function name
* convmv: fix spurious "error running command echo" on Windows
* docs: client-credentials is not support by all backends
* Start v1.71.0-DEV development
- Update to version 1.70.3:
* Version v1.70.3
* azureblob: fix server side copy error "requires exactly one scope"
* docs: explain the json log format in more detail
* check: fix difference report (was reporting error counts)
* linkbox: fix upload error "user upload file not exist"
* march: fix deadlock when using --no-traverse - fixes #8656
* pikpak: improve error handling for missing links and unrecoverable 500s
* webdav: fix setting modtime to that of local object instead of remote
* fix: b2 versionAt read metadata
* Start v1.70.3-DEV development
* docs: fix filescom/filelu link mixup
* docs: update link for filescom
- Update to version 1.70.2:
* Version v1.70.2
* docs: update client ID instructions to current Azure AD portal - fixes #8027
* mega: fix tls handshake failure - fixes #8565
* pacer: fix nil pointer deref in RetryError - fixes #8077
* convmv: fix moving to unicode-equivalent name - fixes #8634
* convmv: make --dry-run logs less noisy
* sync: avoid copying dir metadata to itself
* combine: fix directory not found errors with ListP interface - Fixes #8627
* local: fix --skip-links on Windows when skipping Junction points
* build: bump github.com/go-chi/chi/v5 from 5.2.1 to 5.2.2 to fix GHSA-vrw8-fxc6-2r93
* log: fix deadlock when using systemd logging - fixes #8621
* docs: googlephotos: detail how to make your own client_id - fixes #8622
* pikpak: fix uploads fail with "aws-chunked encoding is not supported" error
* Start v1.70.2-DEV development
* docs: Remove Warp as a sponsor
* docs: add files.com as a Gold sponsor
* docs: add links to SecureBuild docker image
- Update to version 1.70.1:
* Version v1.70.1
* docs: DOI grammar error
* docs: lib/transform: cleanup formatting
* lib/transform: avoid empty charmap entry
* chore: fix function name
* convmv: fix spurious "error running command echo" on Windows
* docs: client-credentials is not support by all backends
* Start v1.70.1-DEV development
- Update to version 1.70.0:
* Version v1.70.0
* ftp: add --ftp-http-proxy to connect via HTTP CONNECT proxy
* pcloud: fix "Access denied. You do not have permissions to perform this operation" on large uploads
* operations: fix TransformFile when can't server-side copy/move
* fstest: fix -verbose flag after logging revamp
* googlecloudstorage: fix directory marker after // changes in #5858
* s3: fix directory marker after // changes in #5858
* azureblob: fix directory marker after // changes in #5858
* tests: ignore some more habitually failing tests
* googlephotos: fix typo in error message - Fixes #8600
* s3: MEGA S4 support
* Add Ser-Bul to contributors
* chunker: fix double-transform
* docs: mailru: added note about permissions level choice for the apps password
* tests: ignore habitually failing tests and backends
* docs: link to asciinema rather than including the js
* docs: target="_blank" must have rel="noopener"
* sync: fix testLoggerVsLsf when dst is local
* docs: fix FileLu docs
* build: update all dependencies
* onedrive: fix crash if no metadata was updated
* Add kingston125 to contributors
* Add Flora Thiebaut to contributors
* Add FileLu cloud storage backend
* doi: add new doi backend
* build: fix check_autogenerated_edits.py flagging up files that didn't exist
* docs: rc: add more info on how to discover _config and _filter parameters #8584
* s3: add Exaba provider
* convmv: add convmv command
* lib/transform: add transform library and --name-transform flag
* march: split src and dst
* Add ahxxm to contributors
* Add Nathanael Demacon to contributors
* b2: use file id from listing when not presented in headers - fixes #8113
* fs: fix goroutine leak and improve stats accounting process
* march: fix syncing with a duplicate file and directory
* Add PrathameshLakawade to contributors
* Add Oleksiy Stashok to contributors
* docs: fix page_facing_up typo next to Lyve Cloud in README.md
* backend/s3: require custom endpoint for Lyve Cloud v2 support
* backend: skip hash calculation when the hashType is None - fixes #8518
* azureblob: fix multipart server side copies of 0 sized files
* Add Jeremy Daer to contributors
* Add wbulot to contributors
* s3: add Pure Storage FlashBlade provider support (#8575)
* backend/gofile: update to use new direct upload endpoint
* log: add --windows-event-log-level to support Windows Event Log
* fs: Remove github.com/sirupsen/logrus and replace with log/slog
* Add fhuber to contributors
* cmd serve s3: fix ListObjectsV2 response
* Changelog updates from Version v1.69.3
* onedrive: re-add --onedrive-upload-cutoff flag
* onedrive: fix "The upload session was not found" errors
* Add Germn Casares to contributors
* Add Jeff Geerling to contributors
* googlephotos: update read only and read write scopes to meet Google's requirements.
* build: update github.com/ebitengine/purego to v0.8.3 to fix mac_amd64 build
* docs: add hint about config touch and config file not found
* docs: add FAQ for dismissing 'rclone.conf not found'
* docs: document how to keep an out of tree backend
* Add Clment Wehrung to contributors
* iclouddrive: fix panic and files potentially downloaded twice
* docs: move --max-connections documentation to the correct place
* Add Ben Boeckel to contributors
* Add Tho Neyugn to contributors
* docs: fix typo in s3/storj docs
* serve s3: remove redundant handler initialization
* Changelog updates from Version 1.69.2
* sftp: add --sftp-http-proxy to connect via HTTP CONNECT proxy
* Add Jugal Kishore to contributors
* docs: correct SSL docs anchor link from #ssl-tls to #tls-ssl
* drive: metadata: fix error when setting copy-requires-writer-permission on a folder
* docs: Update contributors
* build: bump golang.org/x/net from 0.36.0 to 0.38.0
* Update README.md
* docs: fix typos via codespell
* webdav: add an ownCloud Infinite Scale vendor that enables tus chunked upload support
* onedrive: fix metadata ordering in permissions
* Add Ben Alex to contributors
* Add simwai to contributors
* iclouddrive: fix so created files are writable
* cmd/authorize: show required arguments in help text
* cloudinary: var naming convention - #8416
* cloudinary: automatically add/remove known media files extensions #8416
* Add Markus Gerstel to contributors
* Add Enduriel to contributors
* Add huanghaojun to contributors
* Add simonmcnair to contributors
* Add Samantha Bowen to contributors
* s3: documentation regression - fixes #8438
* hash: add SHA512 support for file hashes
* vfs: fix inefficient directory caching when directory reads are slow
* docs: update fuse version in docker docs
* fs/config: Read configuration passwords from stdin even when terminated with EOF - fixes #8480
* cmd/gitannex: Reject unknown layout modes in INITREMOTE
* cmd/gitannex: Add configparse.go and refactor
* cmd/gitannex: Permit remotes with options
* serve ftp: add serve rc interface
* serve sftp: add serve rc interface
* serve restic: add serve rc interface
* serve s3: add serve rc interface
* serve dlna: add serve rc interface
* serve webdav: add serve rc interface - fixes #4505
* serve http: add serve rc interface
* serve nfs: add serve rc interface
* serve: Add rc control for serve commands #4505
* configstruct: add SetAny to parse config from the rc
* rc: In options/info make FieldName contain a "." if it should be nested
* serve restic: convert options to new style
* serve s3: convert options to new style
* serve http: convert options to new style
* serve webdav: convert options to new style
* auth proxy: convert options to new style
* auth proxy: add VFS options parameter for use for default VFS
* serve: make the servers self registering
* lib/http: fix race between Serve() and Shutdown()
* lib/http: add Addr() method to return the first configured server address
* Add Danny Garside to contributors
* docs: fix minor typo in box docs
* sync: implement --list-cutoff to allow on disk sorting for reduced memory use
* march: Implement callback based syncing
* list: add ListDirSortedFn for callback oriented directory listing
* list: Implement Sorter to sort directory entries
* cache: mark ListP as not supported yet
* hasher: implement ListP interface
* compress: implement ListP interface
* chunker: mark ListP as not supported yet
* union: mark ListP as not supported yet
* crypt: implement ListP interface
* combine: implement ListP interface
* s3: Implement paged listing interface ListP
* list: add WithListP helper to implement List for ListP backends
* walk: move NewListRHelper into list.Helper to avoid circular dependency
* fs: define ListP interface for paged listing #4788
* accounting: Add listed stat for number of directory entries listed
* walk: factor Listing helpers into their own file and add tests
* serve nfs: make metadata files have special file handles
* serve nfs: change the format of --nfs-cache-type symlink file handles
* vfs: add --vfs-metadata-extension to expose metadata sidecar files
* docs: Add rcloneui.com as Silver Sponsor
* Add Klaas Freitag to contributors
* Add eccoisle to contributors
* Add Fernando Fernndez to contributors
* Add alingse to contributors
* Add Jrn Friedrich Dreyer to contributors
* docs: replace option --auto-filename-header with --header-filename
* build: update github.com/golang-jwt/jwt/v5 from 5.2.1 to 5.2.2 to fix CVE-2025-30204
* docs/googlephotos: fix typos
* build: bump github.com/golang-jwt/jwt/v4 from 4.5.1 to 4.5.2
* operations: fix call fmt.Errorf with wrong err
* webdav: retry propfind on 425 status
* Add --max-connections to control maximum backend concurrency
* rc: fix debug/* commands not being available over unix sockets
* cmd/gitannex: Prevent tests from hanging when assertion fails
* cmd/gitannex: Add explicit timeout for mock stdout reads in tests
* http: correct root if definitely pointing to a file - fixes #8428
* pool: add --max-buffer-memory to limit total buffer memory usage
* filter: Add `--hash-filter` to deterministically select a subset of files
* build: update golang.org/x/net to 0.36.0. to fix CVE-2025-22869
* rc: add add short parameter to core/stats to not return transferring and checking
* fs: fix corruption of SizeSuffix with "B" suffix in config (eg --min-size)
* filters: show --min-size and --max-size in --dump filters
* build: check docs for edits of autogenerated sections
* Add jack to contributors
* docs: fix incorrect mentions of vfs-cache-min-free-size
* fs/object: fix memory object out of bounds Seek
* serve nfs: fix unlikely crash
* docs: update minimum OS requirements for go1.24
* cmd/gitannex: Tweak parsing of "rcloneremotename" config
* cmd/gitannex: Drop var rebindings now that we have go1.23
* docs: add note for using rclone cat for slicing out a byte range from a file
* rcserver: improve content-type check
* build: modernize Go usage
* build: update all dependencies and fix deprecations
* build: update golang.org/x/crypto to v0.35.0 to fix CVE-2025-22869
* build: make go1.23 the minimum go version
* cmd/gitannex: Add to integration tests
* cmd/gitannex: Simplify verbose failures in tests
* cmd/gitannex: Port unit tests to fstest
* vfs: fix integration test failures
* azureblob: fix errors not being retried when doing single part copy
* azureblob: handle retry error codes more carefully
* touch: make touch obey --transfers
* Add luzpaz to contributors
* Add Dave Vasilevsky to contributors
* docs: fix various typos Found via
* dropbox: Retry link without expiry
* Dropbox: Support Dropbox Paper
* chore: update contributor email
* docs: correct stable release workflow
* Add Lorenz Brun to contributors
* Add Michael Kebe to contributors
* vfs: fix directory cache serving stale data
* build: fix docker plugin build - fixes #8394
* docs: improved sftp limitations
* Changelog updates from Version v1.69.1
* docs: add FileLu as sponsors and tidy sponsor logos
* accounting: fix percentDiff calculation -- fixes #8345
* vfs: fix the cache failing to upload symlinks when --links was specified
* Add jbagwell-akamai to contributors
* Add ll3006 to contributors
* doc: add note on concurrency of rclone purge
* s3: add latest Linode Object Storage endpoints
* cmd: fix crash if rclone is invoked without any arguments - Fixes #8378
* build: disable docker builds on PRs & add missing dockerfile changes
* sync: copy dir modtimes even when copyEmptySrcDirs is false - fixes #8317
* sync: add tests to check dir modtimes are kept when syncing
* fix golangci-lint errors
* bisync: fix false positive on integration tests
* s3: split the GCS quirks into -s3-use-x-id and -s3-sign-accept-encoding #8373
* Add Joel K Biju to contributors
* stats: fix the speed not getting updated after a pause in the processing
* opendrive: added --opendrive-access flag to handle permissions
* bisync: fix listings missing concurrent modifications - fixes #8359
* Added parallel docker builds and caching for go build in the container
* smb: improve connection pooling efficiency
* lib/oauthutil: fix redirect URL mismatch errors - fixes #8351
* b2: fix "fatal error: concurrent map writes" - fixes #8355
* Add Alexander Minbaev to contributors
* Add Zachary Vorhies to contributors
* Add Jess to contributors
* s3: add IBM IAM signer - fixes #7617
* serve nfs: update docs to note Windows is not supported - fixes #8352
* cmd/config(update remote): introduce --no-output option
* s3: add DigitalOcean regions SFO2, LON1, TOR1, BLR1
* sync: fix cpu spinning when empty directory finding with leading slashes
* s3: fix handling of objects with // in #5858
* azureblob: fix handling of objects with // in #5858
* fstest: add integration tests objects with // on bucket based backends #5858
* fs/list: tweak directory listing assertions after allowing // names
* lib/bucket: fix tidying of // in object keys #5858
* lib/bucket: add IsAllSlashes function
* azureblob: remove uncommitted blocks on InvalidBlobOrBlock error
* azureblob: implement multipart server side copy
* azureblob: speed up server side copies for small files #8249
* azureblob: cleanup uncommitted blocks on upload errors
* azureblob: factor readMetaData into readMetaDataAlways returning blob properties
* Add b-wimmer to contributors
* azurefiles: add --azurefiles-use-az and --azurefiles-disable-instance-discovery
* onedrive: mark German (de) region as deprecated
* Add Trevor Starick to contributors
* Add hiddenmarten to contributors
* Add Corentin Barreau to contributors
* Add Bruno Fernandes to contributors
* Add Moises Lima to contributors
* Add izouxv to contributors
* Add Robin Schneider to contributors
* Add Tim White to contributors
* Add Christoph Berger to contributors
* azureblob: add support for `x-ms-tags` header
* rc: disable the metrics server when running `rclone rc`
* internetarchive: add --internetarchive-metadata="key=value" for setting item metadata
* lib/batcher: Deprecate unused option: batch_commit_timeout
* s3: Added new storage class to magalu provider
* http servers: add --user-from-header to use for authentication
* b2: add SkipDestructive handling to backend commands - fixes #8194
* vfs: close the change notify channel on Shutdown
* Docker image: Add label org.opencontainers.image.source for release notes in Renovate dependency updates
* docs: add OneDrive Impersonate instructions - fixes #5610
* docs: explain the stringArray flag parameter descriptor
* iclouddrive: add notes on ADP and Missing PCS cookies - fixes #8310
* docs: fix typos found by codespell in docs and code comments
* fs: fix confusing "didn't find section in config file" error
* vfs: fix race detected by race detector
* Add Jonathan Giannuzzi to contributors
* Add Spencer McCullough to contributors
* Add Matt Ickstadt to contributors
* smb: add support for kerberos authentication
* drive: added `backend moveid` command
* docs: fix reference to serves3 setting disable_multipart_uploads which was renamed
* docs: fix link to Rclone Serve S3
* serve s3: fix list objects encoding-type
* build: update gopkg.in/yaml.v2 to v3
* build: update all dependencies
* bisync: fix go vet problems with go1.24
* build: update to go1.24rc1 and make go1.22 the minimum required version
* version: add --deps flag to show dependencies and other build info
* doc: make man page well formed for whatis - fixes #7430
* Start v1.70.0-DEV development
- Install completion files in the right place.
- Update to version 1.69.3:
* build: update github.com/ebitengine/purego to work around bug in go1.24.3
* build: reapply update github.com/golang-jwt/jwt/v5 from 5.2.1 to 5.2.2 to fix CVE-2025-30204
- Update to version 1.69.2:
- Bug fixes
- accounting: Fix percentDiff calculation -- (Anagh Kumar
Baranwal)
- build
- Update github.com/golang-jwt/jwt/v4 from 4.5.1 to 4.5.2 to
fix CVE-2025-30204 (dependabot[bot])
- Update github.com/golang-jwt/jwt/v5 from 5.2.1 to 5.2.2 to
fix CVE-2025-30204 (dependabot[bot])
- Update golang.org/x/crypto to v0.35.0 to fix CVE-2025-22869
(Nick Craig-Wood)
- Update golang.org/x/net from 0.36.0 to 0.38.0 to fix
CVE-2025-22870 (dependabot[bot])
- Update golang.org/x/net to 0.36.0. to fix CVE-2025-22869
(dependabot[bot])
- Stop building with go < go1.23 as security updates forbade
it (Nick Craig-Wood)
- Fix docker plugin build (Anagh Kumar Baranwal)
- cmd: Fix crash if rclone is invoked without any arguments
(Janne Hellsten)
- config: Read configuration passwords from stdin even when
terminated with EOF (Samantha Bowen)
- doc fixes (Andrew Kreimer, Danny Garside, eccoisle, Ed
Craig-Wood, emyarod, jack, Jugal Kishore, Markus Gerstel,
Michael Kebe, Nick Craig-Wood, simonmcnair, simwai, Zachary
Vorhies)
- fs: Fix corruption of SizeSuffix with "B" suffix in config
(eg --min-size) (Nick Craig-Wood)
- lib/http: Fix race between Serve() and Shutdown() (Nick
Craig-Wood)
- object: Fix memory object out of bounds Seek (Nick
Craig-Wood)
- operations: Fix call fmt.Errorf with wrong err (alingse)
- rc
- Disable the metrics server when running rclone rc
(hiddenmarten)
- Fix debug/* commands not being available over unix sockets
(Nick Craig-Wood)
- serve nfs: Fix unlikely crash (Nick Craig-Wood)
- stats: Fix the speed not getting updated after a pause in the
processing (Anagh Kumar Baranwal)
- sync
- Fix cpu spinning when empty directory finding with leading
slashes (Nick Craig-Wood)
- Copy dir modtimes even when copyEmptySrcDirs is false
(ll3006)
- vfs
- Fix directory cache serving stale data (Lorenz Brun)
- Fix inefficient directory caching when directory reads are
slow (huanghaojun)
- Fix integration test failures (Nick Craig-Wood)
- Drive
- Metadata: fix error when setting
copy-requires-writer-permission on a folder (Nick Craig-Wood)
- Dropbox
- Retry link without expiry (Dave Vasilevsky)
- HTTP
- Correct root if definitely pointing to a file (nielash)
- Iclouddrive
- Fix so created files are writable (Ben Alex)
- Onedrive
- Fix metadata ordering in permissions (Nick Craig-Wood)
- Update to version 1.69.1:
* Version v1.69.1
* build: disable docker builds on PRs & add missing dockerfile changes
* Added parallel docker builds and caching for go build in the container
* docs: add FileLu as sponsors and tidy sponsor logos
* vfs: fix the cache failing to upload symlinks when --links was specified
* doc: add note on concurrency of rclone purge
* s3: add latest Linode Object Storage endpoints
* fix golangci-lint errors
* bisync: fix listings missing concurrent modifications - fixes #8359
* lib/oauthutil: fix redirect URL mismatch errors - fixes #8351
* b2: fix "fatal error: concurrent map writes" - fixes #8355
* serve nfs: update docs to note Windows is not supported - fixes #8352
* s3: add DigitalOcean regions SFO2, LON1, TOR1, BLR1
* onedrive: mark German (de) region as deprecated
* s3: Added new storage class to magalu provider
* vfs: close the change notify channel on Shutdown
* docs: add OneDrive Impersonate instructions - fixes #5610
* docs: explain the stringArray flag parameter descriptor
* iclouddrive: add notes on ADP and Missing PCS cookies - fixes #8310
* docs: fix typos found by codespell in docs and code comments
* fs: fix confusing "didn't find section in config file" error
* vfs: fix race detected by race detector
* docs: fix reference to serves3 setting disable_multipart_uploads which was renamed
* docs: fix link to Rclone Serve S3
* serve s3: fix list objects encoding-type
* doc: make man page well formed for whatis - fixes #7430
* Start v1.69.1-DEV development
- Update to version 1.69.0:
https://rclone.org/changelog/#v1-69-0-2025-01-12
Rclone is using golang.org/x/net but was not affected to
CVE-2024-45337 and CVE-2024-45338.
* Version v1.69.0
* test_all: disable docker plugin tests
* docs: fix typo
* accounting: fix race stopping/starting the stats counter
* docs: add github.com/icholy/gomajor to RELEASE for updating major versions
* ftp: fix ls commands returning empty on "Microsoft FTP Service" servers
* s3: add docs on data integrity
* webdav: make --webdav-auth-redirect to fix 401 unauthorized on redirect
* rest: make auth preserving redirects an option
* box: fix panic when decoding corrupted PEM from JWT file
* size: make output compatible with -P
* vfs: add remote name to vfs cache log messages - fixes #7952
* dropbox: fix return status when full to be fatal error
* rc: add relative to vfs/queue-set-expiry
* vfs: fix open files disappearing from directory listings
* docker serve: parse all remaining mount and VFS options
* smb: fix panic if stat fails
* googlephotos: fix nil pointer crash on upload - fixes #8233
* iclouddrive: tweak docs
* serve dlna: sort the directory entries by directories first then alphabetically by name
* serve nfs: fix missing inode numbers which was messing up ls -laR
* serve nfs: implement --nfs-cache-type symlink
* azureblob,oracleobjectstorage,s3: quit multipart uploads if the context is cancelled
* http: fix incorrect URLs with initial slash
* build: update `github.com/shirou/gopsutil` to v4
* Replace Windows-specific NewLazyDLL with NewLazySystemDLL
* lib/oauthutil: don't require token to exist for client credentials flow
* fs/operations: make log messages consistent for mkdir/rmdir at INFO level
* Add Francesco Frassinelli to contributors
* smb: Add support for Kerberos authentication.
* docs: smb: link to CloudSoda/go-smb2 fork
* cloudinary: add cloudinary backend - fixes #7989
* operations: fix eventual consistency in TestParseSumFile test
* Add TAKEI Yuya to contributors
* docs: Remove Backblaze as a Platinum sponsor
* docs: add RcloneView as silver sponsor
* serve docker: fix incorrect GID assignment
* serve s3: fix Last-Modified timestamp
* Add ToM to contributors
* Add Henry Lee to contributors
* Add Louis Laureys to contributors
* docs: filtering: mention feeding --files-from from standard input
* docs: filtering: fix --include-from copypaste error
* s3: rename glacier storage class to flexible retrieval
* b2: add daysFromStartingToCancelingUnfinishedLargeFiles to backend lifecycle command
* build: update golang.org/x/net to v0.33.0 to fix CVE-2024-45338
* azurefiles: fix missing x-ms-file-request-intent header
* Add Thomas ten Cate to contributors
* docs: Document --url and --unix-socket on the rc page
* docs: link to the outstanding vfs symlinks issue
* Add Yxxx to contributors
* Add hayden.pan to contributors
* docs: update pcloud doc to avoid puzzling token error when use remote rclone authorize
* pikpak: add option to use original file links - fixes #8246
* rc/job: use mutex for adding listeners thread safety
* docs: mention in serve tls options when value is path to file - fixes #8232
* build: update all dependencies
* accounting: fix debug printing when debug wasn't set
* Add Filipe Azevedo to contributors
* fs: make --links flag global and add new --local-links and --vfs-links flag
* vfs: add docs for -l/--links flag
* nfsmount,serve nfs: introduce symlink support #2975
* mount2: introduce symlink support #2975
* mount: introduce symlink support #2975
* cmount: introduce symlink support #2975
* vfstest: make VFS test suite support symlinks
* vfs: add symlink support to VFS
* vfs: add ELOOP error
* vfs: Add link permissions
* vfs: Add VFS --links command line switch
* vfs: add vfs.WriteFile to match os.WriteFile
* fs: Move link suffix to fs
* cmount: fix problems noticed by linter
* mount2: Fix missing . and .. entries
* sftp: fix nil check when using auth proxy
* Add Martin Hassack to contributors
* serve sftp: resolve CVE-2024-45337
* googlecloudstorage: typo fix in docs
* onedrive: add support for OAuth client credential flow - fixes #6197
* lib/oauthutil: add support for OAuth client credential flow
* lib/oauthutil: return error messages from the oauth process better
* bin/test_backend_sizes.py fix compile flags and s3 reporting
* test makefiles: add --flat flag for making directories with many entries
* Add divinity76 to contributors
* Add Ilias Ozgur Can Leonard to contributors
* Add remygrandin to contributors
* Add Michael R. Davis to contributors
* cmd/mountlib: better snap mount error message
* vfs: with --vfs-used-is-size value is calculated and then thrown away - fixes #8220
* serve sftp: fix loading of authorized keys file with comment on last line - fixes #8227
* oracleobjectstorage: make specifying compartmentid optional
* plcoud: fix failing large file uploads - fixes #8147
* docs: add docker volume plugin troubleshooting steps
* docs: fix missing `state` parameter in `/auth` link in instructions
* build: fix build failure on ubuntu
* docs: upgrade fontawesome to v6
* s3: fix multitenant multipart uploads with CEPH
* Add David Seifert to contributors
* Add vintagefuture to contributors
* use better docs
* googlecloudstorage: update docs on service account access tokens
* test_all: POSIX head/tail invocations
* icloud: Added note about app specific password not working
* s3: fix download of compressed files from Cloudflare R2 - fixes #8137
* s3: fix testing tiers which don't exist except on AWS
* Changelog updates from Version v1.68.2
* local: fix permission and ownership on symlinks with --links and --metadata
* Revert "Merge commit from fork"
* Add Dimitrios Slamaris to contributors
* Merge commit from fork
* onedrive: fix integration tests after precision change
* operations: fix TestRemoveExisting on crypt backends by shortening the file name
* bisync: fix output capture restoring the wrong output for logrus
* serve sftp: update github.com/pkg/sftp to v1.13.7 and fix deadlock in tests
* build: fix comments after golangci-lint upgrade
* build: update all dependencies
* build(deps): bump github.com/golang-jwt/jwt/v4 from 4.5.0 to 4.5.1
* pikpak: fix fatal crash on startup with token that can't be refreshed
* yandex: fix server side copying over existing object
* sugarsync: fix server side copying over existing object
* putio: fix server side copying over existing object
* onedrive: fix server side copying over existing object
* dropbox: fix server side copying over existing object
* operations: add RemoveExisting to safely remove an existing file
* gofile: fix server side copying over existing object
* test_all: try to fix mailru rate limits in integration tests
* Add shenpengfeng to contributors
* Add Dimitar Ivanov to contributors
* docs: fix function name in comment
* sftp: allow inline ssh public certificate for sftp
* serve s3: fix excess locking which was making serve s3 single threaded
* lib/oauthutil: allow the browser opening function to be overridden
* Add Moises Lima to contributors
* lib/http: disable automatic authentication skipping for unix sockets
* onedrive: fix Retry-After handling to look at 503 errors also
* s3: Storj provider: fix server-side copy of files bigger than 5GB
* s3: add Selectel as a provider
* fs: fix Don't know how to set key "chunkSize" on upload errors in tests
* drive: implement rclone backend rescue to rescue orphaned files
* Add tgfisher to contributors
* Add Diego Monti to contributors
* Add Randy Bush to contributors
* Add Alexandre Hamez to contributors
* Add Simon Bos to contributors
* docs: mention that inline comments are not supported in a filter-file
* s3: add Wasabi eu-south-1 region
* docs: fix forward refs in step 9 of using your own client id
* docs: fix Scaleway Glacier website URL
* dlna: fix loggingResponseWriter disregarding log level
* build: remove required property on boolean inputs
* build: use inputs context in github workflow
* s3: fix crash when using --s3-download-url after migration to SDKv2
* docs: update overview to show pcloud can set modtime
* Add Andr Tran to contributors
* Add Matthias Gatto to contributors
* Add lostb1t to contributors
* Add Noam Ross to contributors
* Add Benjamin Legrand to contributors
* s3: add Outscale provider
* Add ICloud Drive backend
* drive: add support for markdown format
* accounting: fix global error acounting
* onedrive: fix time precision for OneDrive personal
* Add RcloneView as a sponsor
* Add Leandro Piccilli to contributors
* cache: skip bisync tests
* bisync: allow blank hashes on tests
* box: fix server-side copying a file over existing dst - fixes #3511
* sync: add tests for copying/moving a file over itself
* fs/cache: fix parent not getting pinned when remote is a file
* gcs: add access token auth with --gcs-access-token
* accounting: write the current bwlimit to the log on SIGUSR2
* accounting: fix wrong message on SIGUSR2 to enable/disable bwlimit
* gphotos: implment --gphotos-proxy to allow download of full resolution media
* googlephotos: remove noisy debugging statements
* docs: add note to CONTRIBUTING that the overview needs editing in 2 places
* test_all: add ignoretests parameter for skipping certain tests
* build: replace "golang.org/x/exp/slices" with "slices" now go1.21 is required
* Changelog updates from Version v1.68.1
* Makefile: Fail when doc recipes create dir named '$HOME'
* Makefile: Prevent `doc` recipe from creating dir named '$HOME'
* pikpak: fix cid/gcid calculations for fs.OverrideRemote
* bisync: change exit code from 2 to 7 for critically aborted run
* cmd: change exit code from 1 to 2 for syntax and usage errors
* local: fix --copy-links on macOS when cloning
* azureblob: add --azureblob-use-az to force the use of the Azure CLI for auth
* azureblob: add --azureblob-disable-instance-discovery
* s3: add initial --s3-directory-bucket to support AWS Directory Buckets
* Add Lawrence Murray to contributors
* backend/protondrive: improve performance of Proton Drive backend
* ftp: implement --ftp-no-check-upload to allow upload to write only dirs
* docs: document that fusermount3 may be needed when mounting/unmounting
* Add rishi.sridhar to contributors
* Add quiescens to contributors
* docs/zoho: update options
* zoho: make upload cutoff configurable
* zoho: add support for private spaces
* zoho: try to handle rate limits a bit better
* zoho: print clear error message when missing oauth scope
* zoho: switch to large file upload API for larger files, fix missing URL encoding of filenames for the upload API
* zoho: use download server to accelerate downloads
* opendrive: add about support to backend
* pikpak: fix login issue where token retrieval fails
* webdav: nextcloud: implement backoff and retry for 423 LOCKED errors
* s3: fix rclone ignoring static credentials when env_auth=true
* fs: fix setting stringArray config values from environment variables
* rc: fix default value of --metrics-addr
* fs: fix --dump filters not always appearing
* docs: correct notes on docker manual build
* Add ttionya to contributors
* build: fix docker release build - fixes #8062
* docs: add section for improving performance for s3
* onedrive: fix spurious "Couldn't decode error response: EOF" DEBUG
* Add Divyam to contributors
* serve docker: add missing vfs-read-chunk-streams option in docker volume driver
* Start v1.69.0-DEV development
- Update to version 1.68.2:
* Version v1.68.2
* s3: fix multitenant multipart uploads with CEPH
* local: fix permission and ownership on symlinks with --links and --metadata
CVE-2024-52522 boo#1233422
* bisync: fix output capture restoring the wrong output for logrus
* build: fix comments after golangci-lint upgrade
* build(deps): bump github.com/golang-jwt/jwt/v4 from 4.5.0 to 4.5.1
* pikpak: fix fatal crash on startup with token that can't be refreshed
* serve s3: fix excess locking which was making serve s3 single threaded
* onedrive: fix Retry-After handling to look at 503 errors also
* s3: Storj provider: fix server-side copy of files bigger than 5GB
* docs: mention that inline comments are not supported in a filter-file
* docs: fix forward refs in step 9 of using your own client id
* docs: fix Scaleway Glacier website URL
* dlna: fix loggingResponseWriter disregarding log level
* s3: fix crash when using --s3-download-url after migration to SDKv2
* docs: update overview to show pcloud can set modtime
* Add RcloneView as a sponsor
* accounting: fix wrong message on SIGUSR2 to enable/disable bwlimit
* pikpak: fix cid/gcid calculations for fs.OverrideRemote
* local: fix --copy-links on macOS when cloning
* Start v1.68.2-DEV development
- CVE-2024-51744: updated jwt to v4.5.1 (bsc#1232964).
Patchnames: openSUSE-Leap-16.0-packagehub-213
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
8.1 (High)
Affected products
Recommended
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:rclone-1.73.5-bp160.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:rclone-1.73.5-bp160.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:rclone-1.73.5-bp160.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:rclone-bash-completion-1.73.5-bp160.1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:rclone-zsh-completion-1.73.5-bp160.1.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
5.9 (Medium)
Affected products
Recommended
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:rclone-1.73.5-bp160.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:rclone-1.73.5-bp160.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:rclone-1.73.5-bp160.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:rclone-bash-completion-1.73.5-bp160.1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:rclone-zsh-completion-1.73.5-bp160.1.1.noarch | — |
Vendor Fix
|
Threats
Impact
moderate
Affected products
Recommended
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:rclone-1.73.5-bp160.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:rclone-1.73.5-bp160.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:rclone-1.73.5-bp160.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:rclone-bash-completion-1.73.5-bp160.1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:rclone-zsh-completion-1.73.5-bp160.1.1.noarch | — |
Vendor Fix
|
Threats
Impact
moderate
Affected products
Recommended
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:rclone-1.73.5-bp160.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:rclone-1.73.5-bp160.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:rclone-1.73.5-bp160.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:rclone-bash-completion-1.73.5-bp160.1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:rclone-zsh-completion-1.73.5-bp160.1.1.noarch | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:rclone-1.73.5-bp160.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:rclone-1.73.5-bp160.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:rclone-1.73.5-bp160.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:rclone-bash-completion-1.73.5-bp160.1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:rclone-zsh-completion-1.73.5-bp160.1.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
4.4 (Medium)
Affected products
Recommended
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:rclone-1.73.5-bp160.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:rclone-1.73.5-bp160.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:rclone-1.73.5-bp160.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:rclone-bash-completion-1.73.5-bp160.1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:rclone-zsh-completion-1.73.5-bp160.1.1.noarch | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:rclone-1.73.5-bp160.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:rclone-1.73.5-bp160.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:rclone-1.73.5-bp160.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:rclone-bash-completion-1.73.5-bp160.1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:rclone-zsh-completion-1.73.5-bp160.1.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
5.3 (Medium)
Affected products
Recommended
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:rclone-1.73.5-bp160.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:rclone-1.73.5-bp160.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:rclone-1.73.5-bp160.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:rclone-bash-completion-1.73.5-bp160.1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:rclone-zsh-completion-1.73.5-bp160.1.1.noarch | — |
Vendor Fix
|
Threats
Impact
moderate
7.4 (High)
Affected products
Recommended
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:rclone-1.73.5-bp160.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:rclone-1.73.5-bp160.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:rclone-1.73.5-bp160.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:rclone-bash-completion-1.73.5-bp160.1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:rclone-zsh-completion-1.73.5-bp160.1.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
9.8 (Critical)
Affected products
Recommended
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:rclone-1.73.5-bp160.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:rclone-1.73.5-bp160.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:rclone-1.73.5-bp160.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:rclone-bash-completion-1.73.5-bp160.1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:rclone-zsh-completion-1.73.5-bp160.1.1.noarch | — |
Vendor Fix
|
Threats
Impact
critical
7.5 (High)
Affected products
Recommended
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:rclone-1.73.5-bp160.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:rclone-1.73.5-bp160.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:rclone-1.73.5-bp160.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:rclone-bash-completion-1.73.5-bp160.1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:rclone-zsh-completion-1.73.5-bp160.1.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
8.1 (High)
Affected products
Recommended
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:rclone-1.73.5-bp160.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:rclone-1.73.5-bp160.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:rclone-1.73.5-bp160.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:rclone-bash-completion-1.73.5-bp160.1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:rclone-zsh-completion-1.73.5-bp160.1.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:rclone-1.73.5-bp160.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:rclone-1.73.5-bp160.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:rclone-1.73.5-bp160.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:rclone-bash-completion-1.73.5-bp160.1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:rclone-zsh-completion-1.73.5-bp160.1.1.noarch | — |
Vendor Fix
|
Threats
Impact
moderate
Affected products
Recommended
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:rclone-1.73.5-bp160.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:rclone-1.73.5-bp160.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:rclone-1.73.5-bp160.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:rclone-bash-completion-1.73.5-bp160.1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:rclone-zsh-completion-1.73.5-bp160.1.1.noarch | — |
Vendor Fix
|
Threats
Impact
moderate
References
47 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "critical"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for rclone",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for rclone fixes the following issues:\n\nChanges in rclone:\n\n- Update to version 1.73.5:\n * Version v1.73.5\n * operations: add AuthRequired to operations/fsinfo to prevent backend creation CVE-2026-41179\n * rc: snapshot NoAuth at startup to prevent runtime auth bypass CVE-2026-41176\n * rc: add AuthRequired to options/set to prevent auth bypass CVE-2026-41176\n * s3: fix empty delimiter parameter rejected by Archiware P5 server\n * azureblob/auth: add Microsoft Partner Network User-Agent prefix\n * drime: fix User.EntryPermissions JSON unmarshalling\n * filter: fix debug logs that fire before logger is configured - fixes #9291\n * s3: fix TencentCOS CDN endpoint failing on bucket check\n * iclouddrive: fix \u0027directory not found\u0027 error when the directory contains accent marks\n * Start v1.73.5-DEV development\n\n- Update to version 1.73.4:\n * Version v1.73.4\n * Update to go 1.25.9 to fix multiple CVEs\n * build: fix Denial of Service due to Panic in AWS SDK for Go v2 SDK EventStream Decoder\n * docs: fix markdown issues in mount docs\n * docs: fix header level for metadata option\n * fix(docs): Fix link to not be language specific\n * filen: update SDK version\n * build(deps): bump golang.org/x/image from 0.36.0 to 0.38.0\n * docs: note macOS 10.15 (Catalina) support with version v1.70.3\n * Start v1.73.4-DEV development\n\n- Update to version 1.73.3: (CVE-2026-33186 GHSA-6g7g-w4f8-9c9x)\n * Version v1.73.3\n * build(deps): bump github.com/buger/jsonparser from 1.1.1 to 1.1.2\n * docs/jottacloud: fix broken link\n * docs: clarify Filen password change requires updating both password and API key in rclone config\n * docs: note that Filen API key changes on password change\n * build(deps): bump google.golang.org/grpc from 1.79.1 to 1.79.3\n * s3: add multi tenant support for Cubbit\n * lib/rest: fix URLPathEscapeAll breaking WebDAV servers (eg nzbdav) with strict path matching\n * list: fix nil pointer panic in Sorter when temp file creation fails\n * docs: update RELEASE procedure to avoid mistakes\n * docs: added text to the label showing version-introduced info\n * Start v1.73.3-DEV development\n * docs: update sponsors\n\n- Update to version 1.73.2:\n * Version v1.73.2\n * Update to go 1.25.8 to fix multiple CVEs\n * build: update to golang.org/x/net v0.51.0 to fix CVE-2026-27141 #9220\n * docs: fix new drive flag typo in changelog\n * webdav: add missing headers for CORS\n * docs: Document unsupported S3 object keys with double slashes\n * docs: note that --use-server-modtime only works on some backends\n * internxt: fix Entry doesn\u0027t belong in directory errors on windows\n * drime: fix chunk-uploaded files ignoring workspace ID\n * docs: Fix headers hierarchy for mount.md\n * webdav: escape reserved characters in URL path segments\n * bisync: add group Sync to the bisync command\n * archive: extract: strip \"./\" prefix from tar entry paths\n * docs: add instructions on how to update Go version\n * buid: update github.com/cloudflare/circl to v1.6.3 to fix CVE-2026-1229\n * Start v1.73.2-DEV development\n\n- Update to version 1.73.1:\n * Version v1.73.1\n * build: fix build using go 1.26.0 instead of go 1.25.7\n * fs/march: fix runtime: program exceeds 10000-thread limit\n * accounting: fix missing server side stats from core/stats rc\n * pacer: re-read the sleep time as it may be stale\n * pacer: fix deadlock between pacer token and --max-connections\n * build: fix CVE-2025-68121 by updating go to 1.25.7 or later - fixes #9167\n * drime: fix files and directories being created in the default workspace\n * docs: update sponsors\n * copyurl: Extend copyurl docs with an example of CSV FILENAMEs starting with a path.\n * internxt: implement re-login under refresh logic, improve retry logic - fixes #9174\n * docs: add ExchangeRate-API as a sponsor\n * build: bump github.com/go-chi/chi/v5 from 5.2.3 to 5.2.5 to fix GO-2026-4316\n * Set list_version to 2 for FileLu S3 configuration\n * filelu: add multipart upload support with configurable cutoff\n * filelu: add multipart init response type\n * filelu: add comment for response body wrapping\n * filelu: avoid buffering entire file in memory\n * docs: update sponsor logos\n * filen: fix potential panic in case of error during upload\n * filen: fix 32 bit targets not being able to list directories Fixes #9142\n * Start v1.73.1-DEV development\n\n- Update to version 1.73.0:\n * Version v1.73.0\n * drive: fix crash when trying to creating shortcut to a Google doc\n * azureblob,azurefiles: factor the common auth into a library\n * test: allow backends to return fs.ErrorCantListRoot to skip Root tests\n * build: add privatebeta Makefile target\n * docs: add Internxt as a sponsor\n * internxt: remove use of CVE laden github.com/disintegration/imaging\n * docs: fix Internxt docs after merge\n * docs: update making a new backend docs\n * docs: build overview page from the backend data\n * docs: add tiering to the documentation - fixes #8873\n * docs: add data about each backend in YAML format\n * docs: add bin/manage_backends.py for managing the backend data files\n * internxt: use rclone\u0027s http.Client to enable more features\n * internxt: fix lint problems\n * Add StarHack to contributors\n * Add lullius to contributors\n * Add jzunigax2 to contributors\n * internxt: add Internxt backend - fixes #7610\n * drive: add --drive-metadata-force-expansive-access flag - Fixes #8980\n * test_all: allow drime more time to complete\n * onedrive: fix permissions on onedrive Personal\n * onedrive: fix require sign in for Onedrive Personal\n * onedrive: Onedrive Personal no longer supports description\n * onedrive: fix setting modification time on directories for onedrive Personal\n * onedrive: fix cancelling multipart upload\n * docs: fix WinFsp link in mount documentation\n * cmount: make work under OpenBSD - fixes #1727\n * vfs: make mount tests run on OpenBSD\n * docs: improve alignment of icons\n * protondrive: update to use forks of upstream modules\n * Add hyusap to contributors\n * Add Nick Owens to contributors\n * Add Mikel Olasagasti Uranga to contributors\n * docs: fix googlephotos custom client_id instructions\n * cmount: fix OpenBSD mount support.\n * fs: fix bwlimit: correctly report minutes\n * fs: fix bwlimit: use %d instead of %q for ints\n * mega: reverts TLS workaround\n * docs: fix formatting\n * docs: add faq entry about re-enabling old TLS ciphers\n * Add Marc-Philip to contributors\n * Add yy to contributors\n * filen: swap to blake3 hashes\n * docs: fix echo command syntax for password input\n * docs: fix typos in comments and messages\n * docs: fix use of removed rem macro\n * uptobox: remove backend as service is no longer available\n * rc: add operations/hashsumfile to sum a single file only\n * docs: update sponsor link\n * filen: add Filen backend - Fixes #6728\n * sftp: fix proxy initialisation\n * fstest: skip Copy mutation test with --sftp-copy-is-hardlink\n * fstest: Make Copy mutation test work properly\n * Add Qingwei Li to contributors\n * Add Nicolas Dessart to contributors\n * log: fix systemd adding extra newline - fixes #9086\n * oracleobjectstorage, sftp: eliminate unnecessary heap allocation\n * sftp,ftp: add http proxy authentication support\n * Add Drime backend\n * lib/rest: add opts.MultipartContentType to explicitly set Content-Type of attachements\n * dircache: allow empty string as root parent id\n * docs: update sponsors\n * s3: add provider Bizfly Cloud Simple Storage\n * docs: update sponsor logos\n * Add sys6101 to contributors\n * Add darkdragon-001 to contributors\n * Add vupn0712 to contributors\n * docs: add cloudinary to readme\n * docs: fix headers hierarchy in mount docs\n * s3: fix Copy ignoring storage class\n * serve s3: make errors in --s3-auth-key fatal - fixes #9044\n * Add masrlinu to contributors\n * pcloud: add support for real-time updates in mount\n * memory: add --memory-discard flag for speed testing - fixes #9037\n * Add vyv03354 to contributors\n * shade: Fix VFS test issues\n * docs: mention use of ListR feature in ls docs\n * build: bump actions/download-artifact from 6 to 7\n * build: bump actions/upload-artifact from 5 to 6\n * build: bump actions/cache from 4 to 5\n * docs: reflects the fact that pCloud supports ListR\n * S3: Linode: updated endpoints to use ISO 3166-1 alpha-2 standard\n * sync: fix error propagation in tests (#9025)\n * Changelog updates from Version v1.72.1\n * s3: add more regions for Selectel\n * Add jhasse-shade to contributors\n * Add Shade backend\n * log: fix backtrace not going to the --log-file #9014\n * build: fix lint warning after linter upgrade\n * Add Jonas Tingeborn to contributors\n * Add Tingsong Xu to contributors\n * configfile: add piped config support - fixes #9012\n * fs/log: fix PID not included in JSON log output\n * build: adjust lint rules to exclude new errors from linter update\n * proxy: fix error handling in tests spotted by the linter\n * Add Johannes Rothe to contributors\n * Add Leo to contributors\n * Add Vladislav Tropnikov to contributors\n * Add Cliff Frey to contributors\n * Add vicerace to contributors\n * b2: Fix listing root buckets with unrestricted API key\n * googlecloudstorage: improve endpoint parameter docs\n * serve webdav: implement download-directory-as-zip\n * s3: The ability to specify an IAM role for cross-account interaction\n * azureblob: add metadata and tags support across upload and copy paths\n * refactor: use strings.Cut to simplify code\n * docs: note where a provider has an S3 compatible alternative\n * Add Shade as sponsor\n * Add Duncan Smart to contributors\n * Add Diana to contributors\n * docs: Clarify OAuth scopes for readonly Google Drive access\n * b2: support authentication with new bucket restricted application keys\n * docs: update sponsor logos\n * docs: fix lint error in changelog\n * Start v1.73.0-DEV development\n\n- Update to version 1.72.1:\n * Version v1.72.1\n * s3: add more regions for Selectel\n * log: fix backtrace not going to the --log-file #9014\n * build: fix lint warning after linter upgrade\n * configfile: add piped config support - fixes #9012\n * fs/log: fix PID not included in JSON log output\n * build: adjust lint rules to exclude new errors from linter update\n * proxy: fix error handling in tests spotted by the linter\n * googlecloudstorage: improve endpoint parameter docs\n * docs: note where a provider has an S3 compatible alternative\n * Add Shade as sponsor\n * docs: Clarify OAuth scopes for readonly Google Drive access\n * docs: update sponsor logos\n * docs: fix lint error in changelog\n * Start v1.72.1-DEV development\n\n- Update to version 1.72.0:\n * Version v1.72.0\n * rc: fix formatting in job/batch\n * test speed: fix formatting of help\n * docs: update sponsor logos\n * build: bump actions/checkout from 5 to 6\n * s3: add multi-part-upload support for If-Match and If-None-Match\n * rc: config/unlock: rename parameter to `configPassword` accept old as well\n * rc: correct names of parameters in job/list output\n * Add Nikolay Kiryanov to contributors\n * rc: add `executeId` to job statuses - fixes #8972\n * build: bump golang.org/x/crypto from 0.43.0 to 0.45.0 to fix CVE-2025-58181\n * s3: fix single file copying behavior with low permission - Fixes #8975\n * docs: onedrive: note how to backup up any user\u0027s data\n * Add Dominik Sander to contributors\n * Add jijamik to contributors\n * box: allow to configure with config file contents\n * http: add basic metadata and provide it via serve\n * ftp: fix transfers from servers that return 250 ok messages\n * b2: allow individual old versions to be deleted with --b2-versions - fixes #1626\n * build: fix tls: failed to verify certificate: x509: negative serial number\n * Add Sean Turner to contributors\n * s3: add support for --upload-header If-Match and If-None-Match\n * fix: comment typos\n * dropbox: fix error moving just created objects - fixes #8881\n * s3: add --s3-use-data-integrity-protections to fix BadDigest error in Alibaba, Tencent\n * rc: make sure fatal errors don\u0027t crash rclone - fixes #8955\n * pacer: factor call stack searching into its own package\n * rc: add osVersion, osKernel and osArch to core/version\n * build: update all dependencies\n * build(deps): bump golangci/golangci-lint-action from 8 to 9\n * webdav: fix out of memory with sharepoint-ntlm when uploading large file\n * testserver: fix owncloud test server startup\n * Add aliaj1 to contributors\n * ulozto: Fix downloads returning HTML error page\n * docs: adjust spectra logic example endpoint name\n * docs: update version introduced to v1.70 in doi docs\n * testserver: fix HDFS server after run.bash adjustments\n * testserver: remind developers about allocating a port\n * testserver: make run.bash variables less likely to collide with scripts\n * testserver: fix seafile servers messing up _connect string\n * testserver: make sure TestWebdavInfiniteScale uses an assigned port\n * testserver: make sure we don\u0027t overwrite the NAME variable set\n * Add n4n5 to contributors\n * Add Alex to contributors\n * Add Copilot to contributors\n * docs: update contributing docs regarding backend documentation\n * rc: add jobs stats\n * docs: fix alignment of some of the icons in the storage system dropdown\n * docs: run markdownlint on _index.md\n * docs: fix markdownlint issues and other styling improvements in backend command docs\n * docs: fix markdownlint issue md046/code-block-style in backend command docs\n * docs: fix missing punctuation in backend commands short description\n * docs: fix markdownlint issues in backend command generated output\n * build: improve backend docs autogenerated marker line\n * backend/compress: add zstd compression\n * sftp: fix zombie SSH processes with --sftp-ssh - Fixes #8929\n * testserver: fix tests failing due to stopped servers\n * docs: add new integration tester site link\n * docs: update the method for running integration tests\n * bisync: fix failing tests\n * Add SublimePeace to contributors\n * b2: fix \"expected a FileSseMode but found: \u0027\u0027\"\n * docs: s3: clarify multipart uploads memory usage\n * test_all: fix detection of running servers\n * accounting: add AccountReadN for use in cluster\n * fs: add NonDefaultRC for discovering options in use\n * fs: move tests into correct files\n * rc: add NewJobFromBytes for reading jobs from non HTTP transactions\n * rc: add job/batch for sending batches of rc commands to run concurrently\n * Add Ted Robertson to contributors\n * Add Joseph Brownlee to contributors\n * Add fries1234 to contributors\n * Add Fawzib Rojas to contributors\n * Add Riaz Arbi to contributors\n * Add Lukas Krejci to contributors\n * Add Adam Dinwoodie to contributors\n * Add dulanting to contributors\n * docs: add AppArmor restrictions to rclone mount\n * check: improved reporting of differences in sizes and contents\n * mega: implement 2FA login\n * docs: change to light code block style to better match overall theme\n * docs: fix various markdownlint issues\n * build: restrict the markdown languages to use for code blocks\n * docs: fix various markdownlint issues\n * docs: fix markdownlint issue md013/line-length\n * docs: change syntax hightlighting for command examples from sh to console\n * docs: Clarify remote naming convention\n * b2: Add Server-Side encryption support\n * Added rclone archive command to create and read archive files\n * accounting: add io.Seeker/io.ReaderAt support to accounting.Account\n * operations: add ReadAt method to ReOpen\n * fstest: add ResetRun to allow the remote to be reset in tests\n * gcs: fix --gcs-storage-class to work with server side copy for objects\n * ulozto: implement the about functionality\n * local: add --skip-specials to ignore special files\n * swift: Report disk usage in segment containers\n * refactor: use strings.Builder to improve performance\n * Archive backend to read archives on cloud storage.\n * vfs: remove unecessary import in tests to fix import cycles\n * Add Lakshmi-Surekha to contributors\n * Add Andrew Gunnerson to contributors\n * Add divinity76 to contributors\n * build: enable support for aix/ppc64\n * rc: fix name of \"queue\" JSON key in docs for vfs/cache\n * cmount: windows: improve error message on missing winfsp\n * docs: add the Provider to the options examples in the backend docs\n * Add Aneesh Agrawal to contributors\n * Add viocha to contributors\n * Add reddaisyy to contributors\n * fs: remove unnecessary Seek call on log file\n * s3: make it easier to add new S3 providers\n * build(deps): bump actions/upload-artifact from 4 to 5\n * build(deps): bump actions/download-artifact from 5 to 6\n * ftp: fix SOCK proxy support - fixes #8892 (#8918)\n * webdav: Add Access-Control-Max-Age header for CORS preflight caching - fixes #5078\n * webdav: use SpaceSepList to parse bearer token command\n * refactor: use strings.Builder to improve performance\n * docs: re-arrange sponsors page\n * docs: add Spectra Logic as a sponsor\n * Add Oleksandr Redko to contributors\n * build: enable all govet checks (except fieldalignment and shadow) and fix issues.\n * march: fix --no-traverse being very slow - fixes #8860\n * Add vastonus to contributors\n * s3: add new FileLu S5 endpoints\n * build: remove obsolete build tag\n * azurefiles: add ListP interface - #4788\n * dropbox: add ListP interface - #4788\n * webdav: add ListP interface - #4788\n * pcloud: add ListP interface - #4788\n * box: add ListP interface - #4788\n * onedrive: add ListP interface - #4788\n * drive: add ListP interface - #4788\n * Add hunshcn to contributors\n * webdav: optimize bearer token fetching with singleflight\n * Changelog updates from Version v1.71.2\n * lib/http: cleanup indentation and other whitespace in http serve template\n * docs: improve formatting of http serve template parameters\n * build: stop markdown linter leaving behind docker containers\n * Add Marco Ferretti to contributors\n * s3: add cubbit as provider\n * s3: add servercore as a provider\n * docs: update sponsors\n * docs: update sponsor images\n * docs: update privacy policy with a section on user data\n * Add Dulani Woods to contributors\n * Add spiffytech to contributors\n * gcs: add region us-east5 - fixes #8863\n * jottacloud: refactor service list from map to slice to get predefined order\n * jottacloud: added support for traditional oauth authentication also for the main service\n * oauthutil: improved debug logs from token refresh\n * backend: add S3 provider for Hetzner object storage #8183\n * jottacloud: improved token refresh handling\n * s3: provider reordering\n * index: add missing providers\n * docs: add missing `\n * s3: add rabata as a provider\n * mega: fix 402 payment required errors - fixes #8758\n * Add Andrew Ruthven to contributors\n * Add Microscotch to contributors\n * Add iTrooz to contributors\n * build: Bump SwiftAIO container to a newer one\n * build: Retry stopping the test server\n * build: Increase attempts to connect to test server\n * swift: If storage_policy isn\u0027t set, use the root containers policy\n * proton: automated 2FA login with OTP secret key\n * serve s3: fix log output to remove the EXTRA messages\n * docs/jottacloud: update description of invalid_grant error according to changes\n * jottacloud: add support for MediaMarkt Cloud as a whitelabel service\n * s3: add FileLu S5 provider\n * docs: fix variants of --user-from-header\n * vfs: fix chunker integration test\n * test_all: give TestZoho: extra time as it has been timing out\n * test_all: give TestCompressDrive: extra time as it has been timing out\n * rclone config string: reduce quoting with Human rendering for strings #8859\n * Add juejinyuxitu to contributors\n * docs/jottacloud: update documentation with new whitelabel services and changed configuration flow\n * jottacloud: abort attempts to run unsupported rclone authorize command\n * jottacloud: minor adjustment of texts in config ui\n * jottacloud: add support for Let\u0027s Go Cloud (from MediaMarkt) as a whitelabel service\n * jottacloud: fix authentication for whitelabel services from Elkjp subsidiaries\n * jottacloud: refactor config handling of whitelabel services to use openid provider configuration\n * jottacloud: remove nil error object from error message\n * jottacloud: fix legacy authentication\n * docs: add remote setup page to main docs dropdown\n * docs: update remote setup page\n * docs: add link from authorize command docs to remote setup docs\n * docs: lowercase internet and web browser instead of Internet browser\n * docs: use the term backend name instead of fs name for authorize command\n * add `rclone config string` for making connection strings #8859\n * config: add more human readable configmap.Simple output\n * serve http: download folders as zip\n * s3: reorder providers to be in alphabetical order\n * refactor: use strings.FieldsFuncSeq to reduce memory allocations\n * accounting: add SetMaxCompletedTransfers method to fix bisync race #8815\n * accounting: add RemoveDoneTransfers method to fix bisync race #8815\n * bisync: fix race when CaptureOutput is used concurrently #8815\n * build: update all dependencies\n * Makefile: remove deprecated go mod usage\n * azurefiles: Fix server side copy not waiting for completion - fixes #8848\n * Changelog updates from Version v1.71.1\n * test_all: fix branch name in test report\n * pacer: fix deadlock with --max-connections\n * Revert \"azureblob: fix deadlock with --max-connections with InvalidBlockOrBlob errors\"\n * Add Youfu Zhang to contributors\n * Add Matt LaPaglia to contributors\n * smb: optimize smb mount performance by avoiding stat checks during initialization\n * pikpak: fix unnecessary retries by using URL expire parameter - fixes #8601\n * serve http: fix: logging url on start\n * docs: fix typo\n * b2: fix 1TB+ uploads\n * march: fix deadlock when using --fast-list on syncs - fixes #8811\n * build: slices.Contains, added in go1.21\n * build: use strings.CutPrefix introduced in go1.20\n * build: use sequence Split introduced in go1.24\n * build: use \"for i := range n\", added in go1.22\n * build: modernize benchmark usage\n * build: in tests use t.Context, added in go1.24\n * build: replace interface{} by the \u0027any\u0027 type added in go1.18\n * build: use the built-in min or max functions added in go1.21\n * Add russcoss to contributors\n * build: remove x := x made unnecessary by the new semantics of loops in go1.22\n * lib/pool: fix unreliable TestPoolMaxBufferMemory test\n * Update S-Pegg1 email\n * Add Jean-Christophe Cura to contributors\n * pool: fix flaky unreliability test\n * copyurl: reworked code, added concurrency and tests\n * copyurl: Added --url to read urls from csv file - #8127\n * docs: HDFS: erasure coding limitation #8808\n * fstest: fix slice bounds out of range error when using -remotes local\n * local: fix time zones on tests\n * s3: added SpectraLogic as a provider\n * local: fix rmdir \"Access is denied\" on windows - fixes #8363\n * bisync: fix error handling for renamed conflicts\n * docs: pcloud: update root_folder_id instructions\n * operations: fix partial name collisions for non --inplace copies\n * drive: docs: update making your own client ID instructions\n * swift: add ListP interface - #4788\n * memory: add ListP interface - #4788\n * oraceobjectstorage: add ListP interface - #4788\n * B2: add ListP interface - #4788\n * azureblob: add ListP interface - #4788\n * googlecloudstorage: add ListP interface - Fixes #8763\n * build: bump actions/github-script from 7 to 8\n * build: bump actions/setup-go from 5 to 6\n * bisync: fix chunker integration tests\n * bisync: fix koofr integration tests\n * internetarchive: fix server side copy files with spaces\n * lib/rest: add URLPathEscapeAll to URL escape as many chars as possible\n * Add alternate email for dougal to contributors\n * test speed: add command to test a specified remotes speed\n * docs: add link to MEGA S4 from MEGA page\n * Add Robin Rolf to contributors\n * Add anon-pradip to contributors\n * s3: Add Intercolo provider\n * gendocs: refactor and add logging of skipped command docs\n * gendocs: ignore missing rclone_mount.md, rclone_nfsmount.md, rclone_serve_nfs.md on windows\n * bin: add bisync.md generator\n * fstest: refactor to decouple package from implementation\n * gendocs: ignore missing rclone_mount.md on macOS\n * bisync: ignore expected \"nothing to transfer\" differences on tests\n * bisync: fix TestBisyncConcurrent ignoring -case\n * bisync: make number of parallel tests configurable\n * docs: clarify subcommand description in rclone usage\n * docs: fix description of regex syntax of name transform\n * docs: add some more details about supported regex syntax\n * makefile: fix lib/transform docs not getting updated\n * lib/pool: fix flaky test which was causing timeouts\n * Add dougal to contributors\n * vfs: fix SIGHUP killing serve instead of flushing directory caches\n * bisync: use unique stats groups on tests\n * fstest: stop errors in test cleanup changing the global stats\n * Add Motte to contributors\n * Add Claudius Ellsel to contributors\n * build: add local markdown linting to make check\n * lsf: add support for unix and unixnano time formats\n * docs: remove broken links from rc to commands\n * hashsum: changed output format when listing algorithms\n * docs: add example of how to add date as suffix\n * box: fix about after change in API return - fixes #8776\n * Add skbeh to contributors\n * Add Tilman Vogel to contributors\n * docs: fix incorrectly escaped windows path separators\n * build: restore error handling in gendocs\n * combine: propagate SlowHash feature\n * docs/oracleobjectstorage: add introduction before external links and remove broken link\n * docs: fix markdown lint issues in backend docs\n * docs: fix markdown lint issues in command docs\n * docs: update markdown code block json indent size 2\n * mount: do not log successful unmount as an error - fixes #8766\n * Start v1.72.0-DEV development\n\n- Update to version 1.71.2:\n * Version v1.71.2\n * docs: update sponsors\n * docs: update sponsor images\n * docs: update privacy policy with a section on user data\n * gcs: add region us-east5 - fixes #8863\n * index: add missing providers\n * docs: add missing `\n * mega: fix 402 payment required errors - fixes #8758\n * docs: fix variants of --user-from-header\n * docs: add remote setup page to main docs dropdown\n * docs: update remote setup page\n * docs: add link from authorize command docs to remote setup docs\n * docs: lowercase internet and web browser instead of Internet browser\n * docs: use the term backend name instead of fs name for authorize command\n * bisync: fix race when CaptureOutput is used concurrently #8815\n * azurefiles: Fix server side copy not waiting for completion - fixes #8848\n * pikpak: fix unnecessary retries by using URL expire parameter - fixes #8601\n * serve http: fix: logging url on start\n * docs: fix typo\n * b2: fix 1TB+ uploads\n * Start v1.71.2-DEV development\n\n- Update to version 1.71.1:\n * Version v1.71.1\n * pacer: fix deadlock with --max-connections\n * Revert \"azureblob: fix deadlock with --max-connections with InvalidBlockOrBlob errors\"\n * march: fix deadlock when using --fast-list on syncs - fixes #8811\n * docs: HDFS: erasure coding limitation #8808\n * local: fix rmdir \"Access is denied\" on windows - fixes #8363\n * bisync: fix error handling for renamed conflicts\n * docs: pcloud: update root_folder_id instructions\n * operations: fix partial name collisions for non --inplace copies\n * drive: docs: update making your own client ID instructions\n * internetarchive: fix server side copy files with spaces\n * lib/rest: add URLPathEscapeAll to URL escape as many chars as possible\n * docs: add link to MEGA S4 from MEGA page\n * docs: clarify subcommand description in rclone usage\n * docs: fix description of regex syntax of name transform\n * docs: add some more details about supported regex syntax\n * makefile: fix lib/transform docs not getting updated\n * vfs: fix SIGHUP killing serve instead of flushing directory caches\n * docs: remove broken links from rc to commands\n * docs: add example of how to add date as suffix\n * box: fix about after change in API return - fixes #8776\n * docs: fix incorrectly escaped windows path separators\n * build: restore error handling in gendocs\n * combine: propagate SlowHash feature\n * docs/oracleobjectstorage: add introduction before external links and remove broken link\n * docs: fix markdown lint issues in backend docs\n * docs: fix markdown lint issues in command docs\n * docs: update markdown code block json indent size 2\n * mount: do not log successful unmount as an error - fixes #8766\n * Start v1.71.1-DEV development\n\n- Update to version 1.71.0:\n * Version v1.71.0\n * fs: tls: add --client-pass support for encrypted --client-key files\n * ftp: make TLS config default to global TLS config - Fixes #6671\n * fshttp: return *Transport rather than http.RoundTripper from NewTransport\n * bisync: release from beta\n * bisync: fix markdown formatting issues flagged by linter in docs\n * bisync: fix --no-slow-hash settings on path2\n * Add cui to contributors\n * docs: add code of conduct\n * lib/mmap: convert to using unsafe.Slice to avoid deprecated reflect.SliceHeader\n * build: bump golangci/golangci-lint-action from 6 to 8\n * build: update golangci-lint configuration\n * build: ignore revive lint issue var-naming: avoid meaningless package names\n * build: fix lint issue: should omit type error from declaration\n * Revert \"build: downgrade linter to use go1.24 until it is fixed for go1.25\"\n * build: migrate golangci-lint configuration to v2 format\n * s3: add --s3-use-arn-region flag - fixes #8686\n * Add Binbin Qian to contributors\n * Add Lucas Bremgartner to contributors\n * docs: add tips about outdated certificates\n * FAQ: specify the availability of SSL_CERT_* env vars\n * pikpak: add file name integrity check during upload\n * bisync: skip TestBisyncConcurrent on non-local\n * internetarchive: fix server side copy files with \u0026\n * Revert \"s3: set useAlreadyExists to false for Alibaba OSS\"\n * Add huangnauh to contributors\n * smb: improve multithreaded upload performance using multiple connections\n * bisync: fix data races on tests\n * bisync: remove unused parameters\n * bisync: deglobalize to fix concurrent runs via rc - fixes #8675\n * mount: fix identification of symlinks in directory listings\n * s3: fix Content-Type: aws-chunked causing upload errors with --metadata\n * config: fix problem reading pasted tokens over 4095 bytes\n * config: fix test failure on local machine with a config file\n * log: add log rotation to --log-file - fixes #2259\n * accounting: Fix stats (speed=0 and eta=nil) when starting jobs via rc\n * docs: update overview table for oracle object storage\n * Add praveen-solanki-oracle to contributors\n * oracleobjectstorage: add read only metadata support - Fixes #8705\n * doc: sync doesn\u0027t symlinks in dest without --link - Fixes #8749\n * s3: sort providers in docs\n * s3: add docs for Exaba Object Storage\n * azureblob: fix double accounting for multipart uploads - fixes #8718\n * pool: fix deadlock with --max-buffer-memory\n * azureblob: fix deadlock with --max-connections with InvalidBlockOrBlob errors\n * build: downgrade linter to use go1.24 until it is fixed for go1.25\n * build: update all dependencies\n * build: update to go1.25 and make go1.24 the minimum required version\n * Add Timothy Jacobs to contributors\n * bisync: fix time.Local data race on tests - fixes #8272\n * googlecloudstorage: fix rateLimitExceeded error on bisync tests\n * accounting: populate transfer snapshot with \"what\" value\n * build(deps): bump actions/checkout from 4 to 5\n * build(deps): bump actions/download-artifact from 4 to 5\n * googlecloudstorage: enable bisync integration tests\n * fstest: fix parsing of commas in -remotes\n * azurefiles: fix hash getting erased when modtime is set\n * bisync: disable --sftp-copy-is-hardlink on sftp tests\n * local: fix --copy-links on Windows when listing Junction points\n * operations: fix too many connections open when using --max-memory\n * pool: fix deadlock with --max-memory and multipart transfers\n * pool: unify memory between multipart and asyncreader to use one pool\n * docs: update links to rcloneui\n * docs: add MEGA S4 as a gold sponsor\n * about: fix potential overflow of about in various backends\n * box: fix about: cannot unmarshal number 1.0e+18 into Go struct field\n * oauthutil: fix nil pointer crash when started with expired token\n * rc: listremotes should send an empty array instead of nil\n * config: add error if RCLONE_CONFIG_PASS was supplied but didn\u0027t decrypt config\n * rc: add config/unlock to unlock the config file\n * ftp: allow insecure TLS ciphers - fixes #8701\n * s3: set useAlreadyExists to false for Alibaba OSS\n * docs: update sponsors page\n * fs: allow global variables to be overriden or set on backend creation\n * fs: allow setting of --http_proxy from command line\n * tests: cloudinary: remove test ignore after merging fix from #8707\n * Add Antonin Goude to contributors\n * Add Yu Xin to contributors\n * Add houance to contributors\n * Add Florent Vennetier to contributors\n * Add n4n5 to contributors\n * Add Albin Parou to contributors\n * Add liubingrun to contributors\n * sync: fix testLoggerVsLsf when backend only reads modtime\n * sync: fix testLoggerVsLsf checking wrong fs\n * docs: fix make opengraph tags absolute as not all sites understand relative\n * docs: update contributing guide regarding markdown documentation\n * build: add markdown linting to workflow\n * build: add markdownlint configuration\n * docs: minor format cleanup install.md\n * docs: fix markdownlint issue md049/emphasis-style\n * docs: fix markdownlint issue md036/no-emphasis-as-heading\n * docs: fix markdownlint issue md033/no-inline-html\n * docs: fix markdownlint issue md025/single-title\n * docs: fix markdownlint issue md041/first-line-heading\n * docs: fix markdownlint issue md001/heading-increment\n * docs: fix markdownlint issue md003/heading-style\n * docs: fix markdownlint issue md034/no-bare-urls\n * docs: fix markdownlint issue md010/no-hard-tabs\n * docs: fix markdownlint issue md013/line-length\n * docs: fix markdownlint issue md038/no-space-in-code\n * docs: fix markdownlint issue md040/fenced-code-language\n * docs: fix markdownlint issue md046/code-block-style\n * docs: fix markdownlint issue md037/no-space-in-emphasis\n * docs: fix markdownlint issue md059/descriptive-link-text\n * docs: fix markdownlint issues md007/ul-indent md004/ul-style\n * docs: fix markdownlint issue md012/no-multiple-blanks\n * docs: fix markdownlint issue md058/blanks-around-tables\n * docs: fix markdownlint issue md022/blanks-around-headings\n * docs: fix markdownlint issue md031/blanks-around-fences\n * docs: fix markdownlint issue md032/blanks-around-lists\n * docs: fix markdownlint issue md009/no-trailing-spaces\n * docs: fix markdownlint issue md014/commands-show-output\n * docs: fix markdownlint issues md007/ul-indent md004/ul-style (bin/update-authors.py)\n * docs: fix markdownlint issues md007/ul-indent md004/ul-style (authors.md)\n * docs: add opengraph tags for website social media previews\n * mount: note that bucket based remotes can use directory markers\n * pikpak: add docs for methods to clarify name collision handling and restrictions\n * pikpak: enhance Copy method to handle name collisions and improve error management\n * pikpak: enhance Move for better handling of error and name collision\n * accounting: fix incorrect stats with --transfers=1 - fixes #8670\n * rc: fix `operations/check` ignoring `oneWay` parameter\n * s3: add OVHcloud Object Storage provider\n * docs: rc: fix description of how to read local config\n * build: limit check for edits of autogenerated files to only commits in a pull request\n * build: extend check for edits of autogenerated files to all commits in a pull request\n * smb: refresh Kerberos credentials when ccache file changes\n * s3: fix multipart upload and server side copy when using bucket policy SSE-C\n * backend/s3: Fix memory leak by cloning strings #8683\n * purge: exit with a fatal error if filters are set on `rclone purge`\n * docs: Add Backblaze as a Platinum sponsor\n * Add Sam Pegg to contributors\n * googlephotos: added warning for Google Photos compatability-fixes #8672\n * test: remove flakey TestChunkerChunk50bYandex: test\n * docs: Consolidate entries for Josh Soref in contributors\n * docs: remove dead link to example of writing a plugin\n * filescom: document that hashes need to be enabled - fixes #8674\n * Add Sudipto Baral to contributors\n * docs: fix incorrect json syntax in sample output\n * docs: ignore author email piyushgarg80\n * docs: fix header level for --dump option section\n * docs: use stringArray as parameter type\n * docs: use consistent markdown heading syntax\n * imagekit: remove server side Copy method as it was downloading and uploading\n * imagekit: don\u0027t low level retry uploads\n * imagekit: return correct error when attempting to upload zero length files\n * smb: add --smb-kerberos-ccache option to set kerberos ccache per smb backend\n * test: fix smb kerberos integration tests\n * Changelog updates from Version v1.70.3\n * config: make parsing of duration options consistent\n * docs: cleanup usage\n * docs: break long lines\n * docs: add option value type to header where missing\n * docs: mention that identifiers in option values are case insensitive\n * docs: rewrite dump option examples\n * docs: use markdown inline code format for dump option headers that are real examples\n * docs: change spelling from server side to server-side\n * docs: cleanup header casing\n * docs: rename OSX to macOS\n * docs: fix list and code block issue\n * docs: consistent markdown list format\n * docs: split section with general description of options with that documenting actual main options\n * docs: improve description of option types\n * docs: use space instead of equal sign to separate option and value in headers\n * docs: use comma to separate short and long option format in headers\n * docs: remove use of uncommon parameter types\n * docs: remove use of parameter type FILE\n * docs: remove use of parameter type DIR\n * docs: remove use of parameter type CONFIG_FILE\n * docs: change use of parameter type N and NUMBER to int consistent with flags and cli help\n * docs: change use of parameter type TIME to Duration consistent with flags and cli help\n * docs: change use of parameter type BANDWIDTH_SPEC to BwTimetable consistent with flags and cli help\n * docs: change use of parameter type SIZE to SizeSuffix consistent with flags and cli help\n * docs: cleanup markdown header format\n * docs: explain separated list parameters\n * azureblob: fix server side copy error \"requires exactly one scope\"\n * test: remove and ignore failing integration tests\n * docs: explain the json log format in more detail\n * check: fix difference report (was reporting error counts)\n * serve sftp: add support for more hashes (crc32, sha256, blake3, xxh3, xxh128)\n * serve sftp: extract function refactoring for handling hashsum commands\n * sftp: add support for more hashes (crc32, sha256, blake3, xxh3, xxh128)\n * local: configurable supported hashes\n * hash: add support for BLAKE3, XXH3, XXH128\n * vfs: make integration TestDirEntryModTimeInvalidation test more reliable\n * smb: skip non integration tests when doing integration tests\n * seafile: fix integration test errors by adding dot to encoding\n * linkbox: fix upload error \"user upload file not exist\"\n * build: remove integration tests which are too slow\n * march: fix deadlock when using --no-traverse - fixes #8656\n * pikpak: improve error handling for missing links and unrecoverable 500s\n * pikpak: rewrite upload to bypass AWS S3 manager - fixes #8629\n * test: fix TestSMBKerberos password expiring errors\n * Add Vikas Bhansali to contributors\n * Add Ross Smith II to contributors\n * azureblob,azurefiles: add support for client assertion based authentication\n * webdav: fix setting modtime to that of local object instead of remote\n * build: set default shell to bash in build.yml\n * docs: fix filescom/filelu link mixup\n * Add Davide Bizzarri to contributors\n * fix: b2 versionAt read metadata\n * test: make TestWebdavInfiniteScale startup more reliable\n * test_all: add _connect_delay for slow starting servers\n * docs: update link for filescom\n * test_all: make TestWebdav InfiniteScale integration tests run\n * test_all: make SMB with Kerberos integration tests run properly\n * test_all: allow an env parameter to set environment variables\n * Changelog updates from Version v1.70.2\n * Add Ali Zein Yousuf to contributors\n * Add $@M@RTH_ to contributors\n * docs: update client ID instructions to current Azure AD portal - fixes #8027\n * s3: add Zata provider\n * pacer: fix nil pointer deref in RetryError - fixes #8077\n * docs: Remove Warp as a sponsor\n * docs: add files.com as a Gold sponsor\n * docs: add links to SecureBuild docker image\n * Add curlwget to contributors\n * convmv: fix moving to unicode-equivalent name - fixes #8634\n * transform: add truncate_keep_extension and truncate_bytes\n * convmv: make --dry-run logs less noisy\n * sync: avoid copying dir metadata to itself\n * docs: fix some function names in comments\n * combine: fix directory not found errors with ListP interface - Fixes #8627\n * local: fix --skip-links on Windows when skipping Junction points\n * Add Marvin Rsch to contributors\n * build: bump github.com/go-chi/chi/v5 from 5.2.1 to 5.2.2 to fix GHSA-vrw8-fxc6-2r93\n * copy,copyto,move,moveto: implement logger flags to store result of sync\n * log: fix deadlock when using systemd logging - fixes #8621\n * docs: googlephotos: detail how to make your own client_id - fixes #8622\n * Add necaran to contributors\n * mega: fix tls handshake failure - fixes #8565\n * Changelog updates from Version v1.70.1\n * Add jinjingroad to contributors\n * docs: DOI grammar error\n * docs: lib/transform: cleanup formatting\n * lib/transform: avoid empty charmap entry\n * chore: fix function name\n * convmv: fix spurious \"error running command echo\" on Windows\n * docs: client-credentials is not support by all backends\n * Start v1.71.0-DEV development\n\n- Update to version 1.70.3:\n * Version v1.70.3\n * azureblob: fix server side copy error \"requires exactly one scope\"\n * docs: explain the json log format in more detail\n * check: fix difference report (was reporting error counts)\n * linkbox: fix upload error \"user upload file not exist\"\n * march: fix deadlock when using --no-traverse - fixes #8656\n * pikpak: improve error handling for missing links and unrecoverable 500s\n * webdav: fix setting modtime to that of local object instead of remote\n * fix: b2 versionAt read metadata\n * Start v1.70.3-DEV development\n * docs: fix filescom/filelu link mixup\n * docs: update link for filescom\n\n- Update to version 1.70.2:\n * Version v1.70.2\n * docs: update client ID instructions to current Azure AD portal - fixes #8027\n * mega: fix tls handshake failure - fixes #8565\n * pacer: fix nil pointer deref in RetryError - fixes #8077\n * convmv: fix moving to unicode-equivalent name - fixes #8634\n * convmv: make --dry-run logs less noisy\n * sync: avoid copying dir metadata to itself\n * combine: fix directory not found errors with ListP interface - Fixes #8627\n * local: fix --skip-links on Windows when skipping Junction points\n * build: bump github.com/go-chi/chi/v5 from 5.2.1 to 5.2.2 to fix GHSA-vrw8-fxc6-2r93\n * log: fix deadlock when using systemd logging - fixes #8621\n * docs: googlephotos: detail how to make your own client_id - fixes #8622\n * pikpak: fix uploads fail with \"aws-chunked encoding is not supported\" error\n * Start v1.70.2-DEV development\n * docs: Remove Warp as a sponsor\n * docs: add files.com as a Gold sponsor\n * docs: add links to SecureBuild docker image\n\n- Update to version 1.70.1:\n * Version v1.70.1\n * docs: DOI grammar error\n * docs: lib/transform: cleanup formatting\n * lib/transform: avoid empty charmap entry\n * chore: fix function name\n * convmv: fix spurious \"error running command echo\" on Windows\n * docs: client-credentials is not support by all backends\n * Start v1.70.1-DEV development\n\n- Update to version 1.70.0:\n * Version v1.70.0\n * ftp: add --ftp-http-proxy to connect via HTTP CONNECT proxy\n * pcloud: fix \"Access denied. You do not have permissions to perform this operation\" on large uploads\n * operations: fix TransformFile when can\u0027t server-side copy/move\n * fstest: fix -verbose flag after logging revamp\n * googlecloudstorage: fix directory marker after // changes in #5858\n * s3: fix directory marker after // changes in #5858\n * azureblob: fix directory marker after // changes in #5858\n * tests: ignore some more habitually failing tests\n * googlephotos: fix typo in error message - Fixes #8600\n * s3: MEGA S4 support\n * Add Ser-Bul to contributors\n * chunker: fix double-transform\n * docs: mailru: added note about permissions level choice for the apps password\n * tests: ignore habitually failing tests and backends\n * docs: link to asciinema rather than including the js\n * docs: target=\"_blank\" must have rel=\"noopener\"\n * sync: fix testLoggerVsLsf when dst is local\n * docs: fix FileLu docs\n * build: update all dependencies\n * onedrive: fix crash if no metadata was updated\n * Add kingston125 to contributors\n * Add Flora Thiebaut to contributors\n * Add FileLu cloud storage backend\n * doi: add new doi backend\n * build: fix check_autogenerated_edits.py flagging up files that didn\u0027t exist\n * docs: rc: add more info on how to discover _config and _filter parameters #8584\n * s3: add Exaba provider\n * convmv: add convmv command\n * lib/transform: add transform library and --name-transform flag\n * march: split src and dst\n * Add ahxxm to contributors\n * Add Nathanael Demacon to contributors\n * b2: use file id from listing when not presented in headers - fixes #8113\n * fs: fix goroutine leak and improve stats accounting process\n * march: fix syncing with a duplicate file and directory\n * Add PrathameshLakawade to contributors\n * Add Oleksiy Stashok to contributors\n * docs: fix page_facing_up typo next to Lyve Cloud in README.md\n * backend/s3: require custom endpoint for Lyve Cloud v2 support\n * backend: skip hash calculation when the hashType is None - fixes #8518\n * azureblob: fix multipart server side copies of 0 sized files\n * Add Jeremy Daer to contributors\n * Add wbulot to contributors\n * s3: add Pure Storage FlashBlade provider support (#8575)\n * backend/gofile: update to use new direct upload endpoint\n * log: add --windows-event-log-level to support Windows Event Log\n * fs: Remove github.com/sirupsen/logrus and replace with log/slog\n * Add fhuber to contributors\n * cmd serve s3: fix ListObjectsV2 response\n * Changelog updates from Version v1.69.3\n * onedrive: re-add --onedrive-upload-cutoff flag\n * onedrive: fix \"The upload session was not found\" errors\n * Add Germn Casares to contributors\n * Add Jeff Geerling to contributors\n * googlephotos: update read only and read write scopes to meet Google\u0027s requirements.\n * build: update github.com/ebitengine/purego to v0.8.3 to fix mac_amd64 build\n * docs: add hint about config touch and config file not found\n * docs: add FAQ for dismissing \u0027rclone.conf not found\u0027\n * docs: document how to keep an out of tree backend\n * Add Clment Wehrung to contributors\n * iclouddrive: fix panic and files potentially downloaded twice\n * docs: move --max-connections documentation to the correct place\n * Add Ben Boeckel to contributors\n * Add Tho Neyugn to contributors\n * docs: fix typo in s3/storj docs\n * serve s3: remove redundant handler initialization\n * Changelog updates from Version 1.69.2\n * sftp: add --sftp-http-proxy to connect via HTTP CONNECT proxy\n * Add Jugal Kishore to contributors\n * docs: correct SSL docs anchor link from #ssl-tls to #tls-ssl\n * drive: metadata: fix error when setting copy-requires-writer-permission on a folder\n * docs: Update contributors\n * build: bump golang.org/x/net from 0.36.0 to 0.38.0\n * Update README.md\n * docs: fix typos via codespell\n * webdav: add an ownCloud Infinite Scale vendor that enables tus chunked upload support\n * onedrive: fix metadata ordering in permissions\n * Add Ben Alex to contributors\n * Add simwai to contributors\n * iclouddrive: fix so created files are writable\n * cmd/authorize: show required arguments in help text\n * cloudinary: var naming convention - #8416\n * cloudinary: automatically add/remove known media files extensions #8416\n * Add Markus Gerstel to contributors\n * Add Enduriel to contributors\n * Add huanghaojun to contributors\n * Add simonmcnair to contributors\n * Add Samantha Bowen to contributors\n * s3: documentation regression - fixes #8438\n * hash: add SHA512 support for file hashes\n * vfs: fix inefficient directory caching when directory reads are slow\n * docs: update fuse version in docker docs\n * fs/config: Read configuration passwords from stdin even when terminated with EOF - fixes #8480\n * cmd/gitannex: Reject unknown layout modes in INITREMOTE\n * cmd/gitannex: Add configparse.go and refactor\n * cmd/gitannex: Permit remotes with options\n * serve ftp: add serve rc interface\n * serve sftp: add serve rc interface\n * serve restic: add serve rc interface\n * serve s3: add serve rc interface\n * serve dlna: add serve rc interface\n * serve webdav: add serve rc interface - fixes #4505\n * serve http: add serve rc interface\n * serve nfs: add serve rc interface\n * serve: Add rc control for serve commands #4505\n * configstruct: add SetAny to parse config from the rc\n * rc: In options/info make FieldName contain a \".\" if it should be nested\n * serve restic: convert options to new style\n * serve s3: convert options to new style\n * serve http: convert options to new style\n * serve webdav: convert options to new style\n * auth proxy: convert options to new style\n * auth proxy: add VFS options parameter for use for default VFS\n * serve: make the servers self registering\n * lib/http: fix race between Serve() and Shutdown()\n * lib/http: add Addr() method to return the first configured server address\n * Add Danny Garside to contributors\n * docs: fix minor typo in box docs\n * sync: implement --list-cutoff to allow on disk sorting for reduced memory use\n * march: Implement callback based syncing\n * list: add ListDirSortedFn for callback oriented directory listing\n * list: Implement Sorter to sort directory entries\n * cache: mark ListP as not supported yet\n * hasher: implement ListP interface\n * compress: implement ListP interface\n * chunker: mark ListP as not supported yet\n * union: mark ListP as not supported yet\n * crypt: implement ListP interface\n * combine: implement ListP interface\n * s3: Implement paged listing interface ListP\n * list: add WithListP helper to implement List for ListP backends\n * walk: move NewListRHelper into list.Helper to avoid circular dependency\n * fs: define ListP interface for paged listing #4788\n * accounting: Add listed stat for number of directory entries listed\n * walk: factor Listing helpers into their own file and add tests\n * serve nfs: make metadata files have special file handles\n * serve nfs: change the format of --nfs-cache-type symlink file handles\n * vfs: add --vfs-metadata-extension to expose metadata sidecar files\n * docs: Add rcloneui.com as Silver Sponsor\n * Add Klaas Freitag to contributors\n * Add eccoisle to contributors\n * Add Fernando Fernndez to contributors\n * Add alingse to contributors\n * Add Jrn Friedrich Dreyer to contributors\n * docs: replace option --auto-filename-header with --header-filename\n * build: update github.com/golang-jwt/jwt/v5 from 5.2.1 to 5.2.2 to fix CVE-2025-30204\n * docs/googlephotos: fix typos\n * build: bump github.com/golang-jwt/jwt/v4 from 4.5.1 to 4.5.2\n * operations: fix call fmt.Errorf with wrong err\n * webdav: retry propfind on 425 status\n * Add --max-connections to control maximum backend concurrency\n * rc: fix debug/* commands not being available over unix sockets\n * cmd/gitannex: Prevent tests from hanging when assertion fails\n * cmd/gitannex: Add explicit timeout for mock stdout reads in tests\n * http: correct root if definitely pointing to a file - fixes #8428\n * pool: add --max-buffer-memory to limit total buffer memory usage\n * filter: Add `--hash-filter` to deterministically select a subset of files\n * build: update golang.org/x/net to 0.36.0. to fix CVE-2025-22869\n * rc: add add short parameter to core/stats to not return transferring and checking\n * fs: fix corruption of SizeSuffix with \"B\" suffix in config (eg --min-size)\n * filters: show --min-size and --max-size in --dump filters\n * build: check docs for edits of autogenerated sections\n * Add jack to contributors\n * docs: fix incorrect mentions of vfs-cache-min-free-size\n * fs/object: fix memory object out of bounds Seek\n * serve nfs: fix unlikely crash\n * docs: update minimum OS requirements for go1.24\n * cmd/gitannex: Tweak parsing of \"rcloneremotename\" config\n * cmd/gitannex: Drop var rebindings now that we have go1.23\n * docs: add note for using rclone cat for slicing out a byte range from a file\n * rcserver: improve content-type check\n * build: modernize Go usage\n * build: update all dependencies and fix deprecations\n * build: update golang.org/x/crypto to v0.35.0 to fix CVE-2025-22869\n * build: make go1.23 the minimum go version\n * cmd/gitannex: Add to integration tests\n * cmd/gitannex: Simplify verbose failures in tests\n * cmd/gitannex: Port unit tests to fstest\n * vfs: fix integration test failures\n * azureblob: fix errors not being retried when doing single part copy\n * azureblob: handle retry error codes more carefully\n * touch: make touch obey --transfers\n * Add luzpaz to contributors\n * Add Dave Vasilevsky to contributors\n * docs: fix various typos Found via\n * dropbox: Retry link without expiry\n * Dropbox: Support Dropbox Paper\n * chore: update contributor email\n * docs: correct stable release workflow\n * Add Lorenz Brun to contributors\n * Add Michael Kebe to contributors\n * vfs: fix directory cache serving stale data\n * build: fix docker plugin build - fixes #8394\n * docs: improved sftp limitations\n * Changelog updates from Version v1.69.1\n * docs: add FileLu as sponsors and tidy sponsor logos\n * accounting: fix percentDiff calculation -- fixes #8345\n * vfs: fix the cache failing to upload symlinks when --links was specified\n * Add jbagwell-akamai to contributors\n * Add ll3006 to contributors\n * doc: add note on concurrency of rclone purge\n * s3: add latest Linode Object Storage endpoints\n * cmd: fix crash if rclone is invoked without any arguments - Fixes #8378\n * build: disable docker builds on PRs \u0026 add missing dockerfile changes\n * sync: copy dir modtimes even when copyEmptySrcDirs is false - fixes #8317\n * sync: add tests to check dir modtimes are kept when syncing\n * fix golangci-lint errors\n * bisync: fix false positive on integration tests\n * s3: split the GCS quirks into -s3-use-x-id and -s3-sign-accept-encoding #8373\n * Add Joel K Biju to contributors\n * stats: fix the speed not getting updated after a pause in the processing\n * opendrive: added --opendrive-access flag to handle permissions\n * bisync: fix listings missing concurrent modifications - fixes #8359\n * Added parallel docker builds and caching for go build in the container\n * smb: improve connection pooling efficiency\n * lib/oauthutil: fix redirect URL mismatch errors - fixes #8351\n * b2: fix \"fatal error: concurrent map writes\" - fixes #8355\n * Add Alexander Minbaev to contributors\n * Add Zachary Vorhies to contributors\n * Add Jess to contributors\n * s3: add IBM IAM signer - fixes #7617\n * serve nfs: update docs to note Windows is not supported - fixes #8352\n * cmd/config(update remote): introduce --no-output option\n * s3: add DigitalOcean regions SFO2, LON1, TOR1, BLR1\n * sync: fix cpu spinning when empty directory finding with leading slashes\n * s3: fix handling of objects with // in #5858\n * azureblob: fix handling of objects with // in #5858\n * fstest: add integration tests objects with // on bucket based backends #5858\n * fs/list: tweak directory listing assertions after allowing // names\n * lib/bucket: fix tidying of // in object keys #5858\n * lib/bucket: add IsAllSlashes function\n * azureblob: remove uncommitted blocks on InvalidBlobOrBlock error\n * azureblob: implement multipart server side copy\n * azureblob: speed up server side copies for small files #8249\n * azureblob: cleanup uncommitted blocks on upload errors\n * azureblob: factor readMetaData into readMetaDataAlways returning blob properties\n * Add b-wimmer to contributors\n * azurefiles: add --azurefiles-use-az and --azurefiles-disable-instance-discovery\n * onedrive: mark German (de) region as deprecated\n * Add Trevor Starick to contributors\n * Add hiddenmarten to contributors\n * Add Corentin Barreau to contributors\n * Add Bruno Fernandes to contributors\n * Add Moises Lima to contributors\n * Add izouxv to contributors\n * Add Robin Schneider to contributors\n * Add Tim White to contributors\n * Add Christoph Berger to contributors\n * azureblob: add support for `x-ms-tags` header\n * rc: disable the metrics server when running `rclone rc`\n * internetarchive: add --internetarchive-metadata=\"key=value\" for setting item metadata\n * lib/batcher: Deprecate unused option: batch_commit_timeout\n * s3: Added new storage class to magalu provider\n * http servers: add --user-from-header to use for authentication\n * b2: add SkipDestructive handling to backend commands - fixes #8194\n * vfs: close the change notify channel on Shutdown\n * Docker image: Add label org.opencontainers.image.source for release notes in Renovate dependency updates\n * docs: add OneDrive Impersonate instructions - fixes #5610\n * docs: explain the stringArray flag parameter descriptor\n * iclouddrive: add notes on ADP and Missing PCS cookies - fixes #8310\n * docs: fix typos found by codespell in docs and code comments\n * fs: fix confusing \"didn\u0027t find section in config file\" error\n * vfs: fix race detected by race detector\n * Add Jonathan Giannuzzi to contributors\n * Add Spencer McCullough to contributors\n * Add Matt Ickstadt to contributors\n * smb: add support for kerberos authentication\n * drive: added `backend moveid` command\n * docs: fix reference to serves3 setting disable_multipart_uploads which was renamed\n * docs: fix link to Rclone Serve S3\n * serve s3: fix list objects encoding-type\n * build: update gopkg.in/yaml.v2 to v3\n * build: update all dependencies\n * bisync: fix go vet problems with go1.24\n * build: update to go1.24rc1 and make go1.22 the minimum required version\n * version: add --deps flag to show dependencies and other build info\n * doc: make man page well formed for whatis - fixes #7430\n * Start v1.70.0-DEV development\n\n- Install completion files in the right place.\n\n- Update to version 1.69.3:\n * build: update github.com/ebitengine/purego to work around bug in go1.24.3\n * build: reapply update github.com/golang-jwt/jwt/v5 from 5.2.1 to 5.2.2 to fix CVE-2025-30204\n\n- Update to version 1.69.2:\n - Bug fixes\n - accounting: Fix percentDiff calculation -- (Anagh Kumar\n Baranwal)\n - build\n - Update github.com/golang-jwt/jwt/v4 from 4.5.1 to 4.5.2 to\n fix CVE-2025-30204 (dependabot[bot])\n - Update github.com/golang-jwt/jwt/v5 from 5.2.1 to 5.2.2 to\n fix CVE-2025-30204 (dependabot[bot])\n - Update golang.org/x/crypto to v0.35.0 to fix CVE-2025-22869\n (Nick Craig-Wood)\n - Update golang.org/x/net from 0.36.0 to 0.38.0 to fix\n CVE-2025-22870 (dependabot[bot])\n - Update golang.org/x/net to 0.36.0. to fix CVE-2025-22869\n (dependabot[bot])\n - Stop building with go \u003c go1.23 as security updates forbade\n it (Nick Craig-Wood)\n - Fix docker plugin build (Anagh Kumar Baranwal)\n - cmd: Fix crash if rclone is invoked without any arguments\n (Janne Hellsten)\n - config: Read configuration passwords from stdin even when\n terminated with EOF (Samantha Bowen)\n - doc fixes (Andrew Kreimer, Danny Garside, eccoisle, Ed\n Craig-Wood, emyarod, jack, Jugal Kishore, Markus Gerstel,\n Michael Kebe, Nick Craig-Wood, simonmcnair, simwai, Zachary\n Vorhies)\n - fs: Fix corruption of SizeSuffix with \"B\" suffix in config\n (eg --min-size) (Nick Craig-Wood)\n - lib/http: Fix race between Serve() and Shutdown() (Nick\n Craig-Wood)\n - object: Fix memory object out of bounds Seek (Nick\n Craig-Wood)\n - operations: Fix call fmt.Errorf with wrong err (alingse)\n - rc\n - Disable the metrics server when running rclone rc\n (hiddenmarten)\n - Fix debug/* commands not being available over unix sockets\n (Nick Craig-Wood)\n - serve nfs: Fix unlikely crash (Nick Craig-Wood)\n - stats: Fix the speed not getting updated after a pause in the\n processing (Anagh Kumar Baranwal)\n - sync\n - Fix cpu spinning when empty directory finding with leading\n slashes (Nick Craig-Wood)\n - Copy dir modtimes even when copyEmptySrcDirs is false\n (ll3006)\n - vfs\n - Fix directory cache serving stale data (Lorenz Brun)\n - Fix inefficient directory caching when directory reads are\n slow (huanghaojun)\n - Fix integration test failures (Nick Craig-Wood)\n - Drive\n - Metadata: fix error when setting\n copy-requires-writer-permission on a folder (Nick Craig-Wood)\n - Dropbox\n - Retry link without expiry (Dave Vasilevsky)\n - HTTP\n - Correct root if definitely pointing to a file (nielash)\n - Iclouddrive\n - Fix so created files are writable (Ben Alex)\n - Onedrive\n - Fix metadata ordering in permissions (Nick Craig-Wood)\n\n- Update to version 1.69.1:\n * Version v1.69.1\n * build: disable docker builds on PRs \u0026 add missing dockerfile changes\n * Added parallel docker builds and caching for go build in the container\n * docs: add FileLu as sponsors and tidy sponsor logos\n * vfs: fix the cache failing to upload symlinks when --links was specified\n * doc: add note on concurrency of rclone purge\n * s3: add latest Linode Object Storage endpoints\n * fix golangci-lint errors\n * bisync: fix listings missing concurrent modifications - fixes #8359\n * lib/oauthutil: fix redirect URL mismatch errors - fixes #8351\n * b2: fix \"fatal error: concurrent map writes\" - fixes #8355\n * serve nfs: update docs to note Windows is not supported - fixes #8352\n * s3: add DigitalOcean regions SFO2, LON1, TOR1, BLR1\n * onedrive: mark German (de) region as deprecated\n * s3: Added new storage class to magalu provider\n * vfs: close the change notify channel on Shutdown\n * docs: add OneDrive Impersonate instructions - fixes #5610\n * docs: explain the stringArray flag parameter descriptor\n * iclouddrive: add notes on ADP and Missing PCS cookies - fixes #8310\n * docs: fix typos found by codespell in docs and code comments\n * fs: fix confusing \"didn\u0027t find section in config file\" error\n * vfs: fix race detected by race detector\n * docs: fix reference to serves3 setting disable_multipart_uploads which was renamed\n * docs: fix link to Rclone Serve S3\n * serve s3: fix list objects encoding-type\n * doc: make man page well formed for whatis - fixes #7430\n * Start v1.69.1-DEV development\n\n- Update to version 1.69.0:\n https://rclone.org/changelog/#v1-69-0-2025-01-12\n\n Rclone is using golang.org/x/net but was not affected to\n CVE-2024-45337 and CVE-2024-45338.\n\n * Version v1.69.0\n * test_all: disable docker plugin tests\n * docs: fix typo\n * accounting: fix race stopping/starting the stats counter\n * docs: add github.com/icholy/gomajor to RELEASE for updating major versions\n * ftp: fix ls commands returning empty on \"Microsoft FTP Service\" servers\n * s3: add docs on data integrity\n * webdav: make --webdav-auth-redirect to fix 401 unauthorized on redirect\n * rest: make auth preserving redirects an option\n * box: fix panic when decoding corrupted PEM from JWT file\n * size: make output compatible with -P\n * vfs: add remote name to vfs cache log messages - fixes #7952\n * dropbox: fix return status when full to be fatal error\n * rc: add relative to vfs/queue-set-expiry\n * vfs: fix open files disappearing from directory listings\n * docker serve: parse all remaining mount and VFS options\n * smb: fix panic if stat fails\n * googlephotos: fix nil pointer crash on upload - fixes #8233\n * iclouddrive: tweak docs\n * serve dlna: sort the directory entries by directories first then alphabetically by name\n * serve nfs: fix missing inode numbers which was messing up ls -laR\n * serve nfs: implement --nfs-cache-type symlink\n * azureblob,oracleobjectstorage,s3: quit multipart uploads if the context is cancelled\n * http: fix incorrect URLs with initial slash\n * build: update `github.com/shirou/gopsutil` to v4\n * Replace Windows-specific NewLazyDLL with NewLazySystemDLL\n * lib/oauthutil: don\u0027t require token to exist for client credentials flow\n * fs/operations: make log messages consistent for mkdir/rmdir at INFO level\n * Add Francesco Frassinelli to contributors\n * smb: Add support for Kerberos authentication.\n * docs: smb: link to CloudSoda/go-smb2 fork\n * cloudinary: add cloudinary backend - fixes #7989\n * operations: fix eventual consistency in TestParseSumFile test\n * Add TAKEI Yuya to contributors\n * docs: Remove Backblaze as a Platinum sponsor\n * docs: add RcloneView as silver sponsor\n * serve docker: fix incorrect GID assignment\n * serve s3: fix Last-Modified timestamp\n * Add ToM to contributors\n * Add Henry Lee to contributors\n * Add Louis Laureys to contributors\n * docs: filtering: mention feeding --files-from from standard input\n * docs: filtering: fix --include-from copypaste error\n * s3: rename glacier storage class to flexible retrieval\n * b2: add daysFromStartingToCancelingUnfinishedLargeFiles to backend lifecycle command\n * build: update golang.org/x/net to v0.33.0 to fix CVE-2024-45338\n * azurefiles: fix missing x-ms-file-request-intent header\n * Add Thomas ten Cate to contributors\n * docs: Document --url and --unix-socket on the rc page\n * docs: link to the outstanding vfs symlinks issue\n * Add Yxxx to contributors\n * Add hayden.pan to contributors\n * docs: update pcloud doc to avoid puzzling token error when use remote rclone authorize\n * pikpak: add option to use original file links - fixes #8246\n * rc/job: use mutex for adding listeners thread safety\n * docs: mention in serve tls options when value is path to file - fixes #8232\n * build: update all dependencies\n * accounting: fix debug printing when debug wasn\u0027t set\n * Add Filipe Azevedo to contributors\n * fs: make --links flag global and add new --local-links and --vfs-links flag\n * vfs: add docs for -l/--links flag\n * nfsmount,serve nfs: introduce symlink support #2975\n * mount2: introduce symlink support #2975\n * mount: introduce symlink support #2975\n * cmount: introduce symlink support #2975\n * vfstest: make VFS test suite support symlinks\n * vfs: add symlink support to VFS\n * vfs: add ELOOP error\n * vfs: Add link permissions\n * vfs: Add VFS --links command line switch\n * vfs: add vfs.WriteFile to match os.WriteFile\n * fs: Move link suffix to fs\n * cmount: fix problems noticed by linter\n * mount2: Fix missing . and .. entries\n * sftp: fix nil check when using auth proxy\n * Add Martin Hassack to contributors\n * serve sftp: resolve CVE-2024-45337\n * googlecloudstorage: typo fix in docs\n * onedrive: add support for OAuth client credential flow - fixes #6197\n * lib/oauthutil: add support for OAuth client credential flow\n * lib/oauthutil: return error messages from the oauth process better\n * bin/test_backend_sizes.py fix compile flags and s3 reporting\n * test makefiles: add --flat flag for making directories with many entries\n * Add divinity76 to contributors\n * Add Ilias Ozgur Can Leonard to contributors\n * Add remygrandin to contributors\n * Add Michael R. Davis to contributors\n * cmd/mountlib: better snap mount error message\n * vfs: with --vfs-used-is-size value is calculated and then thrown away - fixes #8220\n * serve sftp: fix loading of authorized keys file with comment on last line - fixes #8227\n * oracleobjectstorage: make specifying compartmentid optional\n * plcoud: fix failing large file uploads - fixes #8147\n * docs: add docker volume plugin troubleshooting steps\n * docs: fix missing `state` parameter in `/auth` link in instructions\n * build: fix build failure on ubuntu\n * docs: upgrade fontawesome to v6\n * s3: fix multitenant multipart uploads with CEPH\n * Add David Seifert to contributors\n * Add vintagefuture to contributors\n * use better docs\n * googlecloudstorage: update docs on service account access tokens\n * test_all: POSIX head/tail invocations\n * icloud: Added note about app specific password not working\n * s3: fix download of compressed files from Cloudflare R2 - fixes #8137\n * s3: fix testing tiers which don\u0027t exist except on AWS\n * Changelog updates from Version v1.68.2\n * local: fix permission and ownership on symlinks with --links and --metadata\n * Revert \"Merge commit from fork\"\n * Add Dimitrios Slamaris to contributors\n * Merge commit from fork\n * onedrive: fix integration tests after precision change\n * operations: fix TestRemoveExisting on crypt backends by shortening the file name\n * bisync: fix output capture restoring the wrong output for logrus\n * serve sftp: update github.com/pkg/sftp to v1.13.7 and fix deadlock in tests\n * build: fix comments after golangci-lint upgrade\n * build: update all dependencies\n * build(deps): bump github.com/golang-jwt/jwt/v4 from 4.5.0 to 4.5.1\n * pikpak: fix fatal crash on startup with token that can\u0027t be refreshed\n * yandex: fix server side copying over existing object\n * sugarsync: fix server side copying over existing object\n * putio: fix server side copying over existing object\n * onedrive: fix server side copying over existing object\n * dropbox: fix server side copying over existing object\n * operations: add RemoveExisting to safely remove an existing file\n * gofile: fix server side copying over existing object\n * test_all: try to fix mailru rate limits in integration tests\n * Add shenpengfeng to contributors\n * Add Dimitar Ivanov to contributors\n * docs: fix function name in comment\n * sftp: allow inline ssh public certificate for sftp\n * serve s3: fix excess locking which was making serve s3 single threaded\n * lib/oauthutil: allow the browser opening function to be overridden\n * Add Moises Lima to contributors\n * lib/http: disable automatic authentication skipping for unix sockets\n * onedrive: fix Retry-After handling to look at 503 errors also\n * s3: Storj provider: fix server-side copy of files bigger than 5GB\n * s3: add Selectel as a provider\n * fs: fix Don\u0027t know how to set key \"chunkSize\" on upload errors in tests\n * drive: implement rclone backend rescue to rescue orphaned files\n * Add tgfisher to contributors\n * Add Diego Monti to contributors\n * Add Randy Bush to contributors\n * Add Alexandre Hamez to contributors\n * Add Simon Bos to contributors\n * docs: mention that inline comments are not supported in a filter-file\n * s3: add Wasabi eu-south-1 region\n * docs: fix forward refs in step 9 of using your own client id\n * docs: fix Scaleway Glacier website URL\n * dlna: fix loggingResponseWriter disregarding log level\n * build: remove required property on boolean inputs\n * build: use inputs context in github workflow\n * s3: fix crash when using --s3-download-url after migration to SDKv2\n * docs: update overview to show pcloud can set modtime\n * Add Andr Tran to contributors\n * Add Matthias Gatto to contributors\n * Add lostb1t to contributors\n * Add Noam Ross to contributors\n * Add Benjamin Legrand to contributors\n * s3: add Outscale provider\n * Add ICloud Drive backend\n * drive: add support for markdown format\n * accounting: fix global error acounting\n * onedrive: fix time precision for OneDrive personal\n * Add RcloneView as a sponsor\n * Add Leandro Piccilli to contributors\n * cache: skip bisync tests\n * bisync: allow blank hashes on tests\n * box: fix server-side copying a file over existing dst - fixes #3511\n * sync: add tests for copying/moving a file over itself\n * fs/cache: fix parent not getting pinned when remote is a file\n * gcs: add access token auth with --gcs-access-token\n * accounting: write the current bwlimit to the log on SIGUSR2\n * accounting: fix wrong message on SIGUSR2 to enable/disable bwlimit\n * gphotos: implment --gphotos-proxy to allow download of full resolution media\n * googlephotos: remove noisy debugging statements\n * docs: add note to CONTRIBUTING that the overview needs editing in 2 places\n * test_all: add ignoretests parameter for skipping certain tests\n * build: replace \"golang.org/x/exp/slices\" with \"slices\" now go1.21 is required\n * Changelog updates from Version v1.68.1\n * Makefile: Fail when doc recipes create dir named \u0027$HOME\u0027\n * Makefile: Prevent `doc` recipe from creating dir named \u0027$HOME\u0027\n * pikpak: fix cid/gcid calculations for fs.OverrideRemote\n * bisync: change exit code from 2 to 7 for critically aborted run\n * cmd: change exit code from 1 to 2 for syntax and usage errors\n * local: fix --copy-links on macOS when cloning\n * azureblob: add --azureblob-use-az to force the use of the Azure CLI for auth\n * azureblob: add --azureblob-disable-instance-discovery\n * s3: add initial --s3-directory-bucket to support AWS Directory Buckets\n * Add Lawrence Murray to contributors\n * backend/protondrive: improve performance of Proton Drive backend\n * ftp: implement --ftp-no-check-upload to allow upload to write only dirs\n * docs: document that fusermount3 may be needed when mounting/unmounting\n * Add rishi.sridhar to contributors\n * Add quiescens to contributors\n * docs/zoho: update options\n * zoho: make upload cutoff configurable\n * zoho: add support for private spaces\n * zoho: try to handle rate limits a bit better\n * zoho: print clear error message when missing oauth scope\n * zoho: switch to large file upload API for larger files, fix missing URL encoding of filenames for the upload API\n * zoho: use download server to accelerate downloads\n * opendrive: add about support to backend\n * pikpak: fix login issue where token retrieval fails\n * webdav: nextcloud: implement backoff and retry for 423 LOCKED errors\n * s3: fix rclone ignoring static credentials when env_auth=true\n * fs: fix setting stringArray config values from environment variables\n * rc: fix default value of --metrics-addr\n * fs: fix --dump filters not always appearing\n * docs: correct notes on docker manual build\n * Add ttionya to contributors\n * build: fix docker release build - fixes #8062\n * docs: add section for improving performance for s3\n * onedrive: fix spurious \"Couldn\u0027t decode error response: EOF\" DEBUG\n * Add Divyam to contributors\n * serve docker: add missing vfs-read-chunk-streams option in docker volume driver\n * Start v1.69.0-DEV development\n\n- Update to version 1.68.2:\n * Version v1.68.2\n * s3: fix multitenant multipart uploads with CEPH\n * local: fix permission and ownership on symlinks with --links and --metadata\n CVE-2024-52522 boo#1233422\n * bisync: fix output capture restoring the wrong output for logrus\n * build: fix comments after golangci-lint upgrade\n * build(deps): bump github.com/golang-jwt/jwt/v4 from 4.5.0 to 4.5.1\n * pikpak: fix fatal crash on startup with token that can\u0027t be refreshed\n * serve s3: fix excess locking which was making serve s3 single threaded\n * onedrive: fix Retry-After handling to look at 503 errors also\n * s3: Storj provider: fix server-side copy of files bigger than 5GB\n * docs: mention that inline comments are not supported in a filter-file\n * docs: fix forward refs in step 9 of using your own client id\n * docs: fix Scaleway Glacier website URL\n * dlna: fix loggingResponseWriter disregarding log level\n * s3: fix crash when using --s3-download-url after migration to SDKv2\n * docs: update overview to show pcloud can set modtime\n * Add RcloneView as a sponsor\n * accounting: fix wrong message on SIGUSR2 to enable/disable bwlimit\n * pikpak: fix cid/gcid calculations for fs.OverrideRemote\n * local: fix --copy-links on macOS when cloning\n * Start v1.68.2-DEV development\n\n- CVE-2024-51744: updated jwt to v4.5.1 (bsc#1232964).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Leap-16.0-packagehub-213",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2026_20620-1.json"
},
{
"category": "self",
"summary": "SUSE Bug 1232964",
"url": "https://bugzilla.suse.com/1232964"
},
{
"category": "self",
"summary": "SUSE Bug 1233422",
"url": "https://bugzilla.suse.com/1233422"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-45337 page",
"url": "https://www.suse.com/security/cve/CVE-2024-45337/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-45338 page",
"url": "https://www.suse.com/security/cve/CVE-2024-45338/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-51744 page",
"url": "https://www.suse.com/security/cve/CVE-2024-51744/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-52522 page",
"url": "https://www.suse.com/security/cve/CVE-2024-52522/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22869 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22869/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22870 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22870/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-30204 page",
"url": "https://www.suse.com/security/cve/CVE-2025-30204/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-58181 page",
"url": "https://www.suse.com/security/cve/CVE-2025-58181/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68121 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68121/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-1229 page",
"url": "https://www.suse.com/security/cve/CVE-2026-1229/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-27141 page",
"url": "https://www.suse.com/security/cve/CVE-2026-27141/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-33186 page",
"url": "https://www.suse.com/security/cve/CVE-2026-33186/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-41176 page",
"url": "https://www.suse.com/security/cve/CVE-2026-41176/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-41179 page",
"url": "https://www.suse.com/security/cve/CVE-2026-41179/"
}
],
"title": "Security update for rclone",
"tracking": {
"current_release_date": "2026-04-23T16:22:47Z",
"generator": {
"date": "2026-04-23T16:22:47Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2026:20620-1",
"initial_release_date": "2026-04-23T16:22:47Z",
"revision_history": [
{
"date": "2026-04-23T16:22:47Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "rclone-1.73.5-bp160.1.1.aarch64",
"product": {
"name": "rclone-1.73.5-bp160.1.1.aarch64",
"product_id": "rclone-1.73.5-bp160.1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "rclone-bash-completion-1.73.5-bp160.1.1.noarch",
"product": {
"name": "rclone-bash-completion-1.73.5-bp160.1.1.noarch",
"product_id": "rclone-bash-completion-1.73.5-bp160.1.1.noarch"
}
},
{
"category": "product_version",
"name": "rclone-zsh-completion-1.73.5-bp160.1.1.noarch",
"product": {
"name": "rclone-zsh-completion-1.73.5-bp160.1.1.noarch",
"product_id": "rclone-zsh-completion-1.73.5-bp160.1.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "rclone-1.73.5-bp160.1.1.ppc64le",
"product": {
"name": "rclone-1.73.5-bp160.1.1.ppc64le",
"product_id": "rclone-1.73.5-bp160.1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "rclone-1.73.5-bp160.1.1.x86_64",
"product": {
"name": "rclone-1.73.5-bp160.1.1.x86_64",
"product_id": "rclone-1.73.5-bp160.1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 16.0",
"product": {
"name": "openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0"
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "rclone-1.73.5-bp160.1.1.aarch64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:rclone-1.73.5-bp160.1.1.aarch64"
},
"product_reference": "rclone-1.73.5-bp160.1.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rclone-1.73.5-bp160.1.1.ppc64le as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:rclone-1.73.5-bp160.1.1.ppc64le"
},
"product_reference": "rclone-1.73.5-bp160.1.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rclone-1.73.5-bp160.1.1.x86_64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:rclone-1.73.5-bp160.1.1.x86_64"
},
"product_reference": "rclone-1.73.5-bp160.1.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rclone-bash-completion-1.73.5-bp160.1.1.noarch as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:rclone-bash-completion-1.73.5-bp160.1.1.noarch"
},
"product_reference": "rclone-bash-completion-1.73.5-bp160.1.1.noarch",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rclone-zsh-completion-1.73.5-bp160.1.1.noarch as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:rclone-zsh-completion-1.73.5-bp160.1.1.noarch"
},
"product_reference": "rclone-zsh-completion-1.73.5-bp160.1.1.noarch",
"relates_to_product_reference": "openSUSE Leap 16.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-45337",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-45337"
}
],
"notes": [
{
"category": "general",
"text": "Applications and libraries which misuse connection.serverAuthenticate (via callback field ServerConfig.PublicKeyCallback) may be susceptible to an authorization bypass. The documentation for ServerConfig.PublicKeyCallback says that \"A call to this function does not guarantee that the key offered is in fact used to authenticate.\" Specifically, the SSH protocol allows clients to inquire about whether a public key is acceptable before proving control of the corresponding private key. PublicKeyCallback may be called with multiple keys, and the order in which the keys were provided cannot be used to infer which key the client successfully authenticated with, if any. Some applications, which store the key(s) passed to PublicKeyCallback (or derived information) and make security relevant determinations based on it once the connection is established, may make incorrect assumptions. For example, an attacker may send public keys A and B, and then authenticate with A. PublicKeyCallback would be called only twice, first with A and then with B. A vulnerable application may then make authorization decisions based on key B for which the attacker does not actually control the private key. Since this API is widely misused, as a partial mitigation golang.org/x/cry...@v0.31.0 enforces the property that, when successfully authenticating via public key, the last key passed to ServerConfig.PublicKeyCallback will be the key used to authenticate the connection. PublicKeyCallback will now be called multiple times with the same key, if necessary. Note that the client may still not control the last key passed to PublicKeyCallback if the connection is then authenticated with a different method, such as PasswordCallback, KeyboardInteractiveCallback, or NoClientAuth. Users should be using the Extensions field of the Permissions return value from the various authentication callbacks to record data associated with the authentication attempt instead of referencing external state. Once the connection is established the state corresponding to the successful authentication attempt can be retrieved via the ServerConn.Permissions field. Note that some third-party libraries misuse the Permissions type by sharing it across authentication attempts; users of third-party libraries should refer to the relevant projects for guidance.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:rclone-1.73.5-bp160.1.1.aarch64",
"openSUSE Leap 16.0:rclone-1.73.5-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:rclone-1.73.5-bp160.1.1.x86_64",
"openSUSE Leap 16.0:rclone-bash-completion-1.73.5-bp160.1.1.noarch",
"openSUSE Leap 16.0:rclone-zsh-completion-1.73.5-bp160.1.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-45337",
"url": "https://www.suse.com/security/cve/CVE-2024-45337"
},
{
"category": "external",
"summary": "SUSE Bug 1234482 for CVE-2024-45337",
"url": "https://bugzilla.suse.com/1234482"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:rclone-1.73.5-bp160.1.1.aarch64",
"openSUSE Leap 16.0:rclone-1.73.5-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:rclone-1.73.5-bp160.1.1.x86_64",
"openSUSE Leap 16.0:rclone-bash-completion-1.73.5-bp160.1.1.noarch",
"openSUSE Leap 16.0:rclone-zsh-completion-1.73.5-bp160.1.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:rclone-1.73.5-bp160.1.1.aarch64",
"openSUSE Leap 16.0:rclone-1.73.5-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:rclone-1.73.5-bp160.1.1.x86_64",
"openSUSE Leap 16.0:rclone-bash-completion-1.73.5-bp160.1.1.noarch",
"openSUSE Leap 16.0:rclone-zsh-completion-1.73.5-bp160.1.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-23T16:22:47Z",
"details": "important"
}
],
"title": "CVE-2024-45337"
},
{
"cve": "CVE-2024-45338",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-45338"
}
],
"notes": [
{
"category": "general",
"text": "An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could cause a denial of service.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:rclone-1.73.5-bp160.1.1.aarch64",
"openSUSE Leap 16.0:rclone-1.73.5-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:rclone-1.73.5-bp160.1.1.x86_64",
"openSUSE Leap 16.0:rclone-bash-completion-1.73.5-bp160.1.1.noarch",
"openSUSE Leap 16.0:rclone-zsh-completion-1.73.5-bp160.1.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-45338",
"url": "https://www.suse.com/security/cve/CVE-2024-45338"
},
{
"category": "external",
"summary": "SUSE Bug 1234794 for CVE-2024-45338",
"url": "https://bugzilla.suse.com/1234794"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:rclone-1.73.5-bp160.1.1.aarch64",
"openSUSE Leap 16.0:rclone-1.73.5-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:rclone-1.73.5-bp160.1.1.x86_64",
"openSUSE Leap 16.0:rclone-bash-completion-1.73.5-bp160.1.1.noarch",
"openSUSE Leap 16.0:rclone-zsh-completion-1.73.5-bp160.1.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:rclone-1.73.5-bp160.1.1.aarch64",
"openSUSE Leap 16.0:rclone-1.73.5-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:rclone-1.73.5-bp160.1.1.x86_64",
"openSUSE Leap 16.0:rclone-bash-completion-1.73.5-bp160.1.1.noarch",
"openSUSE Leap 16.0:rclone-zsh-completion-1.73.5-bp160.1.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-23T16:22:47Z",
"details": "moderate"
}
],
"title": "CVE-2024-45338"
},
{
"cve": "CVE-2024-51744",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-51744"
}
],
"notes": [
{
"category": "general",
"text": "golang-jwt is a Go implementation of JSON Web Tokens. Unclear documentation of the error behavior in `ParseWithClaims` can lead to situation where users are potentially not checking errors in the way they should be. Especially, if a token is both expired and invalid, the errors returned by `ParseWithClaims` return both error codes. If users only check for the `jwt.ErrTokenExpired ` using `error.Is`, they will ignore the embedded `jwt.ErrTokenSignatureInvalid` and thus potentially accept invalid tokens. A fix has been back-ported with the error handling logic from the `v5` branch to the `v4` branch. In this logic, the `ParseWithClaims` function will immediately return in \"dangerous\" situations (e.g., an invalid signature), limiting the combined errors only to situations where the signature is valid, but further validation failed (e.g., if the signature is valid, but is expired AND has the wrong audience). This fix is part of the 4.5.1 release. We are aware that this changes the behaviour of an established function and is not 100 % backwards compatible, so updating to 4.5.1 might break your code. In case you cannot update to 4.5.0, please make sure that you are properly checking for all errors (\"dangerous\" ones first), so that you are not running in the case detailed above.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:rclone-1.73.5-bp160.1.1.aarch64",
"openSUSE Leap 16.0:rclone-1.73.5-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:rclone-1.73.5-bp160.1.1.x86_64",
"openSUSE Leap 16.0:rclone-bash-completion-1.73.5-bp160.1.1.noarch",
"openSUSE Leap 16.0:rclone-zsh-completion-1.73.5-bp160.1.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-51744",
"url": "https://www.suse.com/security/cve/CVE-2024-51744"
},
{
"category": "external",
"summary": "SUSE Bug 1232936 for CVE-2024-51744",
"url": "https://bugzilla.suse.com/1232936"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:rclone-1.73.5-bp160.1.1.aarch64",
"openSUSE Leap 16.0:rclone-1.73.5-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:rclone-1.73.5-bp160.1.1.x86_64",
"openSUSE Leap 16.0:rclone-bash-completion-1.73.5-bp160.1.1.noarch",
"openSUSE Leap 16.0:rclone-zsh-completion-1.73.5-bp160.1.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.1,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:rclone-1.73.5-bp160.1.1.aarch64",
"openSUSE Leap 16.0:rclone-1.73.5-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:rclone-1.73.5-bp160.1.1.x86_64",
"openSUSE Leap 16.0:rclone-bash-completion-1.73.5-bp160.1.1.noarch",
"openSUSE Leap 16.0:rclone-zsh-completion-1.73.5-bp160.1.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-23T16:22:47Z",
"details": "moderate"
}
],
"title": "CVE-2024-51744"
},
{
"cve": "CVE-2024-52522",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-52522"
}
],
"notes": [
{
"category": "general",
"text": "Rclone is a command-line program to sync files and directories to and from different cloud storage providers. Insecure handling of symlinks with --links and --metadata in rclone while copying to local disk allows unprivileged users to indirectly modify ownership and permissions on symlink target files when a superuser or privileged process performs a copy. This vulnerability could enable privilege escalation and unauthorized access to critical system files, compromising system integrity, confidentiality, and availability. This vulnerability is fixed in 1.68.2.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:rclone-1.73.5-bp160.1.1.aarch64",
"openSUSE Leap 16.0:rclone-1.73.5-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:rclone-1.73.5-bp160.1.1.x86_64",
"openSUSE Leap 16.0:rclone-bash-completion-1.73.5-bp160.1.1.noarch",
"openSUSE Leap 16.0:rclone-zsh-completion-1.73.5-bp160.1.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-52522",
"url": "https://www.suse.com/security/cve/CVE-2024-52522"
},
{
"category": "external",
"summary": "SUSE Bug 1233422 for CVE-2024-52522",
"url": "https://bugzilla.suse.com/1233422"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:rclone-1.73.5-bp160.1.1.aarch64",
"openSUSE Leap 16.0:rclone-1.73.5-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:rclone-1.73.5-bp160.1.1.x86_64",
"openSUSE Leap 16.0:rclone-bash-completion-1.73.5-bp160.1.1.noarch",
"openSUSE Leap 16.0:rclone-zsh-completion-1.73.5-bp160.1.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-23T16:22:47Z",
"details": "moderate"
}
],
"title": "CVE-2024-52522"
},
{
"cve": "CVE-2025-22869",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22869"
}
],
"notes": [
{
"category": "general",
"text": "SSH servers which implement file transfer protocols are vulnerable to a denial of service attack from clients which complete the key exchange slowly, or not at all, causing pending content to be read into memory, but never transmitted.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:rclone-1.73.5-bp160.1.1.aarch64",
"openSUSE Leap 16.0:rclone-1.73.5-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:rclone-1.73.5-bp160.1.1.x86_64",
"openSUSE Leap 16.0:rclone-bash-completion-1.73.5-bp160.1.1.noarch",
"openSUSE Leap 16.0:rclone-zsh-completion-1.73.5-bp160.1.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22869",
"url": "https://www.suse.com/security/cve/CVE-2025-22869"
},
{
"category": "external",
"summary": "SUSE Bug 1239322 for CVE-2025-22869",
"url": "https://bugzilla.suse.com/1239322"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:rclone-1.73.5-bp160.1.1.aarch64",
"openSUSE Leap 16.0:rclone-1.73.5-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:rclone-1.73.5-bp160.1.1.x86_64",
"openSUSE Leap 16.0:rclone-bash-completion-1.73.5-bp160.1.1.noarch",
"openSUSE Leap 16.0:rclone-zsh-completion-1.73.5-bp160.1.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:rclone-1.73.5-bp160.1.1.aarch64",
"openSUSE Leap 16.0:rclone-1.73.5-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:rclone-1.73.5-bp160.1.1.x86_64",
"openSUSE Leap 16.0:rclone-bash-completion-1.73.5-bp160.1.1.noarch",
"openSUSE Leap 16.0:rclone-zsh-completion-1.73.5-bp160.1.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-23T16:22:47Z",
"details": "important"
}
],
"title": "CVE-2025-22869"
},
{
"cve": "CVE-2025-22870",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22870"
}
],
"notes": [
{
"category": "general",
"text": "Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NO_PROXY environment variable is set to \"*.example.com\", a request to \"[::1%25.example.com]:80` will incorrectly match and not be proxied.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:rclone-1.73.5-bp160.1.1.aarch64",
"openSUSE Leap 16.0:rclone-1.73.5-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:rclone-1.73.5-bp160.1.1.x86_64",
"openSUSE Leap 16.0:rclone-bash-completion-1.73.5-bp160.1.1.noarch",
"openSUSE Leap 16.0:rclone-zsh-completion-1.73.5-bp160.1.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22870",
"url": "https://www.suse.com/security/cve/CVE-2025-22870"
},
{
"category": "external",
"summary": "SUSE Bug 1238572 for CVE-2025-22870",
"url": "https://bugzilla.suse.com/1238572"
},
{
"category": "external",
"summary": "SUSE Bug 1238611 for CVE-2025-22870",
"url": "https://bugzilla.suse.com/1238611"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:rclone-1.73.5-bp160.1.1.aarch64",
"openSUSE Leap 16.0:rclone-1.73.5-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:rclone-1.73.5-bp160.1.1.x86_64",
"openSUSE Leap 16.0:rclone-bash-completion-1.73.5-bp160.1.1.noarch",
"openSUSE Leap 16.0:rclone-zsh-completion-1.73.5-bp160.1.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:rclone-1.73.5-bp160.1.1.aarch64",
"openSUSE Leap 16.0:rclone-1.73.5-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:rclone-1.73.5-bp160.1.1.x86_64",
"openSUSE Leap 16.0:rclone-bash-completion-1.73.5-bp160.1.1.noarch",
"openSUSE Leap 16.0:rclone-zsh-completion-1.73.5-bp160.1.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-23T16:22:47Z",
"details": "moderate"
}
],
"title": "CVE-2025-22870"
},
{
"cve": "CVE-2025-30204",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-30204"
}
],
"notes": [
{
"category": "general",
"text": "golang-jwt is a Go implementation of JSON Web Tokens. Starting in version 3.2.0 and prior to versions 5.2.2 and 4.5.2, the function parse.ParseUnverified splits (via a call to strings.Split) its argument (which is untrusted data) on periods. As a result, in the face of a malicious request whose Authorization header consists of Bearer followed by many period characters, a call to that function incurs allocations to the tune of O(n) bytes (where n stands for the length of the function\u0027s argument), with a constant factor of about 16. This issue is fixed in 5.2.2 and 4.5.2.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:rclone-1.73.5-bp160.1.1.aarch64",
"openSUSE Leap 16.0:rclone-1.73.5-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:rclone-1.73.5-bp160.1.1.x86_64",
"openSUSE Leap 16.0:rclone-bash-completion-1.73.5-bp160.1.1.noarch",
"openSUSE Leap 16.0:rclone-zsh-completion-1.73.5-bp160.1.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-30204",
"url": "https://www.suse.com/security/cve/CVE-2025-30204"
},
{
"category": "external",
"summary": "SUSE Bug 1240441 for CVE-2025-30204",
"url": "https://bugzilla.suse.com/1240441"
},
{
"category": "external",
"summary": "SUSE Bug 1240442 for CVE-2025-30204",
"url": "https://bugzilla.suse.com/1240442"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:rclone-1.73.5-bp160.1.1.aarch64",
"openSUSE Leap 16.0:rclone-1.73.5-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:rclone-1.73.5-bp160.1.1.x86_64",
"openSUSE Leap 16.0:rclone-bash-completion-1.73.5-bp160.1.1.noarch",
"openSUSE Leap 16.0:rclone-zsh-completion-1.73.5-bp160.1.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:rclone-1.73.5-bp160.1.1.aarch64",
"openSUSE Leap 16.0:rclone-1.73.5-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:rclone-1.73.5-bp160.1.1.x86_64",
"openSUSE Leap 16.0:rclone-bash-completion-1.73.5-bp160.1.1.noarch",
"openSUSE Leap 16.0:rclone-zsh-completion-1.73.5-bp160.1.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-23T16:22:47Z",
"details": "important"
}
],
"title": "CVE-2025-30204"
},
{
"cve": "CVE-2025-58181",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-58181"
}
],
"notes": [
{
"category": "general",
"text": "SSH servers parsing GSSAPI authentication requests do not validate the number of mechanisms specified in the request, allowing an attacker to cause unbounded memory consumption.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:rclone-1.73.5-bp160.1.1.aarch64",
"openSUSE Leap 16.0:rclone-1.73.5-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:rclone-1.73.5-bp160.1.1.x86_64",
"openSUSE Leap 16.0:rclone-bash-completion-1.73.5-bp160.1.1.noarch",
"openSUSE Leap 16.0:rclone-zsh-completion-1.73.5-bp160.1.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-58181",
"url": "https://www.suse.com/security/cve/CVE-2025-58181"
},
{
"category": "external",
"summary": "SUSE Bug 1253784 for CVE-2025-58181",
"url": "https://bugzilla.suse.com/1253784"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:rclone-1.73.5-bp160.1.1.aarch64",
"openSUSE Leap 16.0:rclone-1.73.5-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:rclone-1.73.5-bp160.1.1.x86_64",
"openSUSE Leap 16.0:rclone-bash-completion-1.73.5-bp160.1.1.noarch",
"openSUSE Leap 16.0:rclone-zsh-completion-1.73.5-bp160.1.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:rclone-1.73.5-bp160.1.1.aarch64",
"openSUSE Leap 16.0:rclone-1.73.5-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:rclone-1.73.5-bp160.1.1.x86_64",
"openSUSE Leap 16.0:rclone-bash-completion-1.73.5-bp160.1.1.noarch",
"openSUSE Leap 16.0:rclone-zsh-completion-1.73.5-bp160.1.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-23T16:22:47Z",
"details": "moderate"
}
],
"title": "CVE-2025-58181"
},
{
"cve": "CVE-2025-68121",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68121"
}
],
"notes": [
{
"category": "general",
"text": "During session resumption in crypto/tls, if the underlying Config has its ClientCAs or RootCAs fields mutated between the initial handshake and the resumed handshake, the resumed handshake may succeed when it should have failed. This may happen when a user calls Config.Clone and mutates the returned Config, or uses Config.GetConfigForClient. This can cause a client to resume a session with a server that it would not have resumed with during the initial handshake, or cause a server to resume a session with a client that it would not have resumed with during the initial handshake.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:rclone-1.73.5-bp160.1.1.aarch64",
"openSUSE Leap 16.0:rclone-1.73.5-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:rclone-1.73.5-bp160.1.1.x86_64",
"openSUSE Leap 16.0:rclone-bash-completion-1.73.5-bp160.1.1.noarch",
"openSUSE Leap 16.0:rclone-zsh-completion-1.73.5-bp160.1.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68121",
"url": "https://www.suse.com/security/cve/CVE-2025-68121"
},
{
"category": "external",
"summary": "SUSE Bug 1256818 for CVE-2025-68121",
"url": "https://bugzilla.suse.com/1256818"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:rclone-1.73.5-bp160.1.1.aarch64",
"openSUSE Leap 16.0:rclone-1.73.5-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:rclone-1.73.5-bp160.1.1.x86_64",
"openSUSE Leap 16.0:rclone-bash-completion-1.73.5-bp160.1.1.noarch",
"openSUSE Leap 16.0:rclone-zsh-completion-1.73.5-bp160.1.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:rclone-1.73.5-bp160.1.1.aarch64",
"openSUSE Leap 16.0:rclone-1.73.5-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:rclone-1.73.5-bp160.1.1.x86_64",
"openSUSE Leap 16.0:rclone-bash-completion-1.73.5-bp160.1.1.noarch",
"openSUSE Leap 16.0:rclone-zsh-completion-1.73.5-bp160.1.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-23T16:22:47Z",
"details": "important"
}
],
"title": "CVE-2025-68121"
},
{
"cve": "CVE-2026-1229",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-1229"
}
],
"notes": [
{
"category": "general",
"text": "The CombinedMult function in the CIRCL ecc/p384 package (secp384r1 curve) produces an incorrect value for specific inputs. The issue is fixed by using complete addition formulas.\nECDH and ECDSA signing relying on this curve are not affected.\n\nThe bug was fixed in v1.6.3 https://github.com/cloudflare/circl/releases/tag/v1.6.3 .",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:rclone-1.73.5-bp160.1.1.aarch64",
"openSUSE Leap 16.0:rclone-1.73.5-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:rclone-1.73.5-bp160.1.1.x86_64",
"openSUSE Leap 16.0:rclone-bash-completion-1.73.5-bp160.1.1.noarch",
"openSUSE Leap 16.0:rclone-zsh-completion-1.73.5-bp160.1.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-1229",
"url": "https://www.suse.com/security/cve/CVE-2026-1229"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:rclone-1.73.5-bp160.1.1.aarch64",
"openSUSE Leap 16.0:rclone-1.73.5-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:rclone-1.73.5-bp160.1.1.x86_64",
"openSUSE Leap 16.0:rclone-bash-completion-1.73.5-bp160.1.1.noarch",
"openSUSE Leap 16.0:rclone-zsh-completion-1.73.5-bp160.1.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:rclone-1.73.5-bp160.1.1.aarch64",
"openSUSE Leap 16.0:rclone-1.73.5-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:rclone-1.73.5-bp160.1.1.x86_64",
"openSUSE Leap 16.0:rclone-bash-completion-1.73.5-bp160.1.1.noarch",
"openSUSE Leap 16.0:rclone-zsh-completion-1.73.5-bp160.1.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-23T16:22:47Z",
"details": "critical"
}
],
"title": "CVE-2026-1229"
},
{
"cve": "CVE-2026-27141",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-27141"
}
],
"notes": [
{
"category": "general",
"text": "Due to missing nil check, sending 0x0a-0x0f HTTP/2 frames will cause a running server to panic",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:rclone-1.73.5-bp160.1.1.aarch64",
"openSUSE Leap 16.0:rclone-1.73.5-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:rclone-1.73.5-bp160.1.1.x86_64",
"openSUSE Leap 16.0:rclone-bash-completion-1.73.5-bp160.1.1.noarch",
"openSUSE Leap 16.0:rclone-zsh-completion-1.73.5-bp160.1.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-27141",
"url": "https://www.suse.com/security/cve/CVE-2026-27141"
},
{
"category": "external",
"summary": "SUSE Bug 1259062 for CVE-2026-27141",
"url": "https://bugzilla.suse.com/1259062"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:rclone-1.73.5-bp160.1.1.aarch64",
"openSUSE Leap 16.0:rclone-1.73.5-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:rclone-1.73.5-bp160.1.1.x86_64",
"openSUSE Leap 16.0:rclone-bash-completion-1.73.5-bp160.1.1.noarch",
"openSUSE Leap 16.0:rclone-zsh-completion-1.73.5-bp160.1.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:rclone-1.73.5-bp160.1.1.aarch64",
"openSUSE Leap 16.0:rclone-1.73.5-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:rclone-1.73.5-bp160.1.1.x86_64",
"openSUSE Leap 16.0:rclone-bash-completion-1.73.5-bp160.1.1.noarch",
"openSUSE Leap 16.0:rclone-zsh-completion-1.73.5-bp160.1.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-23T16:22:47Z",
"details": "important"
}
],
"title": "CVE-2026-27141"
},
{
"cve": "CVE-2026-33186",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-33186"
}
],
"notes": [
{
"category": "general",
"text": "gRPC-Go is the Go language implementation of gRPC. Versions prior to 1.79.3 have an authorization bypass resulting from improper input validation of the HTTP/2 `:path` pseudo-header. The gRPC-Go server was too lenient in its routing logic, accepting requests where the `:path` omitted the mandatory leading slash (e.g., `Service/Method` instead of `/Service/Method`). While the server successfully routed these requests to the correct handler, authorization interceptors (including the official `grpc/authz` package) evaluated the raw, non-canonical path string. Consequently, \"deny\" rules defined using canonical paths (starting with `/`) failed to match the incoming request, allowing it to bypass the policy if a fallback \"allow\" rule was present. This affects gRPC-Go servers that use path-based authorization interceptors, such as the official RBAC implementation in `google.golang.org/grpc/authz` or custom interceptors relying on `info.FullMethod` or `grpc.Method(ctx)`; AND that have a security policy contains specific \"deny\" rules for canonical paths but allows other requests by default (a fallback \"allow\" rule). The vulnerability is exploitable by an attacker who can send raw HTTP/2 frames with malformed `:path` headers directly to the gRPC server. The fix in version 1.79.3 ensures that any request with a `:path` that does not start with a leading slash is immediately rejected with a `codes.Unimplemented` error, preventing it from reaching authorization interceptors or handlers with a non-canonical path string. While upgrading is the most secure and recommended path, users can mitigate the vulnerability using one of the following methods: Use a validating interceptor (recommended mitigation); infrastructure-level normalization; and/or policy hardening.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:rclone-1.73.5-bp160.1.1.aarch64",
"openSUSE Leap 16.0:rclone-1.73.5-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:rclone-1.73.5-bp160.1.1.x86_64",
"openSUSE Leap 16.0:rclone-bash-completion-1.73.5-bp160.1.1.noarch",
"openSUSE Leap 16.0:rclone-zsh-completion-1.73.5-bp160.1.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-33186",
"url": "https://www.suse.com/security/cve/CVE-2026-33186"
},
{
"category": "external",
"summary": "SUSE Bug 1260085 for CVE-2026-33186",
"url": "https://bugzilla.suse.com/1260085"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:rclone-1.73.5-bp160.1.1.aarch64",
"openSUSE Leap 16.0:rclone-1.73.5-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:rclone-1.73.5-bp160.1.1.x86_64",
"openSUSE Leap 16.0:rclone-bash-completion-1.73.5-bp160.1.1.noarch",
"openSUSE Leap 16.0:rclone-zsh-completion-1.73.5-bp160.1.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:rclone-1.73.5-bp160.1.1.aarch64",
"openSUSE Leap 16.0:rclone-1.73.5-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:rclone-1.73.5-bp160.1.1.x86_64",
"openSUSE Leap 16.0:rclone-bash-completion-1.73.5-bp160.1.1.noarch",
"openSUSE Leap 16.0:rclone-zsh-completion-1.73.5-bp160.1.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-23T16:22:47Z",
"details": "important"
}
],
"title": "CVE-2026-33186"
},
{
"cve": "CVE-2026-41176",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-41176"
}
],
"notes": [
{
"category": "general",
"text": "Rclone is a command-line program to sync files and directories to and from different cloud storage providers. The RC endpoint `options/set` is exposed without `AuthRequired: true`, but it can mutate global runtime configuration, including the RC option block itself. Starting in version 1.45.0 and prior to version 1.73.5, an unauthenticated attacker can set `rc.NoAuth=true`, which disables the authorization gate for many RC methods registered with `AuthRequired: true` on reachable RC servers that are started without global HTTP authentication. This can lead to unauthorized access to sensitive administrative functionality, including configuration and operational RC methods. Version 1.73.5 patches the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:rclone-1.73.5-bp160.1.1.aarch64",
"openSUSE Leap 16.0:rclone-1.73.5-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:rclone-1.73.5-bp160.1.1.x86_64",
"openSUSE Leap 16.0:rclone-bash-completion-1.73.5-bp160.1.1.noarch",
"openSUSE Leap 16.0:rclone-zsh-completion-1.73.5-bp160.1.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-41176",
"url": "https://www.suse.com/security/cve/CVE-2026-41176"
},
{
"category": "external",
"summary": "SUSE Bug 1262438 for CVE-2026-41176",
"url": "https://bugzilla.suse.com/1262438"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:rclone-1.73.5-bp160.1.1.aarch64",
"openSUSE Leap 16.0:rclone-1.73.5-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:rclone-1.73.5-bp160.1.1.x86_64",
"openSUSE Leap 16.0:rclone-bash-completion-1.73.5-bp160.1.1.noarch",
"openSUSE Leap 16.0:rclone-zsh-completion-1.73.5-bp160.1.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-23T16:22:47Z",
"details": "moderate"
}
],
"title": "CVE-2026-41176"
},
{
"cve": "CVE-2026-41179",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-41179"
}
],
"notes": [
{
"category": "general",
"text": "Rclone is a command-line program to sync files and directories to and from different cloud storage providers. Starting in version 1.48.0 and prior to version 1.73.5, the RC endpoint `operations/fsinfo` is exposed without `AuthRequired: true` and accepts attacker-controlled `fs` input. Because `rc.GetFs(...)` supports inline backend definitions, an unauthenticated attacker can instantiate an attacker-controlled backend on demand. For the WebDAV backend, `bearer_token_command` is executed during backend initialization, making single-request unauthenticated local command execution possible on reachable RC deployments without global HTTP authentication. Version 1.73.5 patches the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:rclone-1.73.5-bp160.1.1.aarch64",
"openSUSE Leap 16.0:rclone-1.73.5-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:rclone-1.73.5-bp160.1.1.x86_64",
"openSUSE Leap 16.0:rclone-bash-completion-1.73.5-bp160.1.1.noarch",
"openSUSE Leap 16.0:rclone-zsh-completion-1.73.5-bp160.1.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-41179",
"url": "https://www.suse.com/security/cve/CVE-2026-41179"
},
{
"category": "external",
"summary": "SUSE Bug 1262439 for CVE-2026-41179",
"url": "https://bugzilla.suse.com/1262439"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:rclone-1.73.5-bp160.1.1.aarch64",
"openSUSE Leap 16.0:rclone-1.73.5-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:rclone-1.73.5-bp160.1.1.x86_64",
"openSUSE Leap 16.0:rclone-bash-completion-1.73.5-bp160.1.1.noarch",
"openSUSE Leap 16.0:rclone-zsh-completion-1.73.5-bp160.1.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-23T16:22:47Z",
"details": "moderate"
}
],
"title": "CVE-2026-41179"
}
]
}
RHSA-2026:10125
Vulnerability from csaf_redhat - Published: 2026-04-23 12:15 - Updated: 2026-06-27 19:49Summary
Red Hat Security Advisory: RHTAS 1.3.4 - Red Hat Trusted Artifact Signer Release
Severity
Important
Notes
Topic: The 1.3.4 release of Red Hat Trusted Artifact Signer OpenShift Operator.
For more details please visit the product documentation at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.3
Details: The RHTAS Operator can be used with OpenShift Container Platform 4.16, 4.17, 4.18, 4.19, 4.20 and 4.21
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in the crypto/tls component. This vulnerability occurs during Transport Layer Security (TLS) session resumption when certificate authority (CA) settings are modified between the initial and resumed handshakes. An attacker could exploit this to bypass certificate validation, allowing a client or server to establish a connection that should have been rejected. This could lead to an authentication bypass under specific conditions.
7.4 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/client-server-rhel9@sha256:9607f5c16d8e9d7ee2491ac04db78a52eb13ee0e93eeef79ff8bb6c8f9430c72_amd64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/client-server-rhel9@sha256:9607f5c16d8e9d7ee2491ac04db78a52eb13ee0e93eeef79ff8bb6c8f9430c72_amd64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A certificate validation flaw has been discovered in the golang crypto/x509 module. When verifying a certificate chain which contains a certificate containing multiple email address constraints which share common local portions but different domain portions, these constraints will not be properly applied, and only the last constraint will be considered.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/client-server-rhel9@sha256:9607f5c16d8e9d7ee2491ac04db78a52eb13ee0e93eeef79ff8bb6c8f9430c72_amd64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in gRPC-Go, the Go language implementation of gRPC. This vulnerability, an authorization bypass, is caused by improper input validation of the HTTP/2 `:path` pseudo-header. A remote attacker can exploit this by sending raw HTTP/2 frames with a malformed `:path` that omits the mandatory leading slash. This allows the attacker to bypass defined security policies, potentially leading to unauthorized access to services or information disclosure.
9.1 (Critical)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/client-server-rhel9@sha256:9607f5c16d8e9d7ee2491ac04db78a52eb13ee0e93eeef79ff8bb6c8f9430c72_amd64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in Tekton Pipelines, specifically in the Tekton Pipelines git resolver. A tenant with permissions to create ResolutionRequests can exploit a path traversal vulnerability via the `pathInRepo` parameter. This allows the tenant to read arbitrary files from the resolver pod's filesystem, leading to information disclosure, including sensitive ServiceAccount tokens. The contents of these files are returned in a base64-encoded format.
9.6 (Critical)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/client-server-rhel9@sha256:9607f5c16d8e9d7ee2491ac04db78a52eb13ee0e93eeef79ff8bb6c8f9430c72_amd64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in BuildKit, a toolkit for converting source code to build artifacts. An untrusted BuildKit frontend can be leveraged to craft a malicious API message, allowing files to be written outside of the designated BuildKit state directory. This vulnerability, which is a form of arbitrary file write, could enable an attacker to execute unauthorized code or escalate their privileges on the system. This issue arises when custom BuildKit frontends are used with specific configuration options.
8.2 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/client-server-rhel9@sha256:9607f5c16d8e9d7ee2491ac04db78a52eb13ee0e93eeef79ff8bb6c8f9430c72_amd64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in BuildKit. Insufficient validation of Git URL fragment subdirectory components may allow a remote attacker to access files outside the checked-out Git repository root. This access is limited to files on the same mounted filesystem. This vulnerability could lead to unauthorized information disclosure.
6.5 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/client-server-rhel9@sha256:9607f5c16d8e9d7ee2491ac04db78a52eb13ee0e93eeef79ff8bb6c8f9430c72_amd64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in Go JOSE, a library for handling JSON Web Encryption (JWE) objects. A remote attacker could exploit this vulnerability by providing a specially crafted JWE object. When decrypting such an object, if a key wrapping algorithm is specified but the encrypted key field is empty, the application can crash. This leads to a denial of service (DoS), making the affected service unavailable to legitimate users.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/client-server-rhel9@sha256:9607f5c16d8e9d7ee2491ac04db78a52eb13ee0e93eeef79ff8bb6c8f9430c72_amd64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
References
71 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "The 1.3.4 release of Red Hat Trusted Artifact Signer OpenShift Operator.\nFor more details please visit the product documentation at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.3",
"title": "Topic"
},
{
"category": "general",
"text": "The RHTAS Operator can be used with OpenShift Container Platform 4.16, 4.17, 4.18, 4.19, 4.20 and 4.21",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:10125",
"url": "https://access.redhat.com/errata/RHSA-2026:10125"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.3",
"url": "https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.3"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.3/html-single/release_notes/index",
"url": "https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.3/html-single/release_notes/index"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-68121",
"url": "https://access.redhat.com/security/cve/CVE-2025-68121"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-25679",
"url": "https://access.redhat.com/security/cve/CVE-2026-25679"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-27137",
"url": "https://access.redhat.com/security/cve/CVE-2026-27137"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-33186",
"url": "https://access.redhat.com/security/cve/CVE-2026-33186"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-33211",
"url": "https://access.redhat.com/security/cve/CVE-2026-33211"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-33747",
"url": "https://access.redhat.com/security/cve/CVE-2026-33747"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-33748",
"url": "https://access.redhat.com/security/cve/CVE-2026-33748"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-34986",
"url": "https://access.redhat.com/security/cve/CVE-2026-34986"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_10125.json"
}
],
"title": "Red Hat Security Advisory: RHTAS 1.3.4 - Red Hat Trusted Artifact Signer Release",
"tracking": {
"current_release_date": "2026-06-27T19:49:58+00:00",
"generator": {
"date": "2026-06-27T19:49:58+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.2.6"
}
},
"id": "RHSA-2026:10125",
"initial_release_date": "2026-04-23T12:15:28+00:00",
"revision_history": [
{
"date": "2026-04-23T12:15:28+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-04-23T12:15:40+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-27T19:49:58+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Trusted Artifact Signer 1.3",
"product": {
"name": "Red Hat Trusted Artifact Signer 1.3",
"product_id": "Red Hat Trusted Artifact Signer 1.3",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:trusted_artifact_signer:1.3::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat Trusted Artifact Signer"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/rhtas/client-server-rhel9@sha256:9607f5c16d8e9d7ee2491ac04db78a52eb13ee0e93eeef79ff8bb6c8f9430c72_amd64",
"product": {
"name": "registry.redhat.io/rhtas/client-server-rhel9@sha256:9607f5c16d8e9d7ee2491ac04db78a52eb13ee0e93eeef79ff8bb6c8f9430c72_amd64",
"product_id": "registry.redhat.io/rhtas/client-server-rhel9@sha256:9607f5c16d8e9d7ee2491ac04db78a52eb13ee0e93eeef79ff8bb6c8f9430c72_amd64",
"product_identification_helper": {
"purl": "pkg:oci/client-server-rhel9@sha256%3A9607f5c16d8e9d7ee2491ac04db78a52eb13ee0e93eeef79ff8bb6c8f9430c72?arch=amd64\u0026repository_url=registry.redhat.io/rhtas\u0026tag=1776339099"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhtas/client-server-rhel9@sha256:9607f5c16d8e9d7ee2491ac04db78a52eb13ee0e93eeef79ff8bb6c8f9430c72_amd64 as a component of Red Hat Trusted Artifact Signer 1.3",
"product_id": "Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/client-server-rhel9@sha256:9607f5c16d8e9d7ee2491ac04db78a52eb13ee0e93eeef79ff8bb6c8f9430c72_amd64"
},
"product_reference": "registry.redhat.io/rhtas/client-server-rhel9@sha256:9607f5c16d8e9d7ee2491ac04db78a52eb13ee0e93eeef79ff8bb6c8f9430c72_amd64",
"relates_to_product_reference": "Red Hat Trusted Artifact Signer 1.3"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-68121",
"discovery_date": "2026-02-05T18:01:30.086058+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2437111"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the crypto/tls component. This vulnerability occurs during Transport Layer Security (TLS) session resumption when certificate authority (CA) settings are modified between the initial and resumed handshakes. An attacker could exploit this to bypass certificate validation, allowing a client or server to establish a connection that should have been rejected. This could lead to an authentication bypass under specific conditions.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is a moderate flaw because it only occurs under specific conditions, such as TLS session resumption with runtime changes to certificate authority settings. Exploitation is not straightforward and requires a controlled setup. The impact is limited to certificate validation within the same component and does not affect system availability.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/client-server-rhel9@sha256:9607f5c16d8e9d7ee2491ac04db78a52eb13ee0e93eeef79ff8bb6c8f9430c72_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-68121"
},
{
"category": "external",
"summary": "RHBZ#2437111",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2437111"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-68121",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68121"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-68121",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68121"
},
{
"category": "external",
"summary": "https://go.dev/cl/737700",
"url": "https://go.dev/cl/737700"
},
{
"category": "external",
"summary": "https://go.dev/issue/77217",
"url": "https://go.dev/issue/77217"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk",
"url": "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4337",
"url": "https://pkg.go.dev/vuln/GO-2026-4337"
}
],
"release_date": "2026-02-05T17:48:44.141000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-23T12:15:28+00:00",
"details": "Red Hat Trusted Artifact Signer simplifies cryptographic signing and verifying of software artifacts such as container images, binaries and source code changes. It is a self-managed on-premise deployment of the Sigstore project available at https://sigstore.dev\n\nPlatform Engineers, Software Developers and Security Professionals may use RHTAS to ensure the integrity, transparency and assurance of their organization\u0027s software supply chain.\n\nFor details on using the operator, refer to the product documentation at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.3\n\nYou can find the release notes for this version of Red Hat Trusted Artifact Signer at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.3/html-single/release_notes/index",
"product_ids": [
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/client-server-rhel9@sha256:9607f5c16d8e9d7ee2491ac04db78a52eb13ee0e93eeef79ff8bb6c8f9430c72_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:10125"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/client-server-rhel9@sha256:9607f5c16d8e9d7ee2491ac04db78a52eb13ee0e93eeef79ff8bb6c8f9430c72_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption"
},
{
"cve": "CVE-2026-25679",
"cwe": {
"id": "CWE-1286",
"name": "Improper Validation of Syntactic Correctness of Input"
},
"discovery_date": "2026-03-06T22:02:11.567841+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2445356"
}
],
"notes": [
{
"category": "description",
"text": "The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "net/url: Incorrect parsing of IPv6 host literals in net/url",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/client-server-rhel9@sha256:9607f5c16d8e9d7ee2491ac04db78a52eb13ee0e93eeef79ff8bb6c8f9430c72_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-25679"
},
{
"category": "external",
"summary": "RHBZ#2445356",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445356"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-25679",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25679"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-25679",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25679"
},
{
"category": "external",
"summary": "https://go.dev/cl/752180",
"url": "https://go.dev/cl/752180"
},
{
"category": "external",
"summary": "https://go.dev/issue/77578",
"url": "https://go.dev/issue/77578"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk",
"url": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4601",
"url": "https://pkg.go.dev/vuln/GO-2026-4601"
}
],
"release_date": "2026-03-06T21:28:14.211000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-23T12:15:28+00:00",
"details": "Red Hat Trusted Artifact Signer simplifies cryptographic signing and verifying of software artifacts such as container images, binaries and source code changes. It is a self-managed on-premise deployment of the Sigstore project available at https://sigstore.dev\n\nPlatform Engineers, Software Developers and Security Professionals may use RHTAS to ensure the integrity, transparency and assurance of their organization\u0027s software supply chain.\n\nFor details on using the operator, refer to the product documentation at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.3\n\nYou can find the release notes for this version of Red Hat Trusted Artifact Signer at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.3/html-single/release_notes/index",
"product_ids": [
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/client-server-rhel9@sha256:9607f5c16d8e9d7ee2491ac04db78a52eb13ee0e93eeef79ff8bb6c8f9430c72_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:10125"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/client-server-rhel9@sha256:9607f5c16d8e9d7ee2491ac04db78a52eb13ee0e93eeef79ff8bb6c8f9430c72_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/client-server-rhel9@sha256:9607f5c16d8e9d7ee2491ac04db78a52eb13ee0e93eeef79ff8bb6c8f9430c72_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "net/url: Incorrect parsing of IPv6 host literals in net/url"
},
{
"cve": "CVE-2026-27137",
"cwe": {
"id": "CWE-295",
"name": "Improper Certificate Validation"
},
"discovery_date": "2026-03-06T22:01:38.859733+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2445345"
}
],
"notes": [
{
"category": "description",
"text": "A certificate validation flaw has been discovered in the golang crypto/x509 module. When verifying a certificate chain which contains a certificate containing multiple email address constraints which share common local portions but different domain portions, these constraints will not be properly applied, and only the last constraint will be considered.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: Incorrect enforcement of email constraints in crypto/x509",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/client-server-rhel9@sha256:9607f5c16d8e9d7ee2491ac04db78a52eb13ee0e93eeef79ff8bb6c8f9430c72_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-27137"
},
{
"category": "external",
"summary": "RHBZ#2445345",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445345"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-27137",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27137"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-27137",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27137"
},
{
"category": "external",
"summary": "https://go.dev/cl/752182",
"url": "https://go.dev/cl/752182"
},
{
"category": "external",
"summary": "https://go.dev/issue/77952",
"url": "https://go.dev/issue/77952"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk",
"url": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4599",
"url": "https://pkg.go.dev/vuln/GO-2026-4599"
}
],
"release_date": "2026-03-06T21:28:13.748000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-23T12:15:28+00:00",
"details": "Red Hat Trusted Artifact Signer simplifies cryptographic signing and verifying of software artifacts such as container images, binaries and source code changes. It is a self-managed on-premise deployment of the Sigstore project available at https://sigstore.dev\n\nPlatform Engineers, Software Developers and Security Professionals may use RHTAS to ensure the integrity, transparency and assurance of their organization\u0027s software supply chain.\n\nFor details on using the operator, refer to the product documentation at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.3\n\nYou can find the release notes for this version of Red Hat Trusted Artifact Signer at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.3/html-single/release_notes/index",
"product_ids": [
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/client-server-rhel9@sha256:9607f5c16d8e9d7ee2491ac04db78a52eb13ee0e93eeef79ff8bb6c8f9430c72_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:10125"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/client-server-rhel9@sha256:9607f5c16d8e9d7ee2491ac04db78a52eb13ee0e93eeef79ff8bb6c8f9430c72_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/client-server-rhel9@sha256:9607f5c16d8e9d7ee2491ac04db78a52eb13ee0e93eeef79ff8bb6c8f9430c72_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crypto/x509: Incorrect enforcement of email constraints in crypto/x509"
},
{
"cve": "CVE-2026-33186",
"cwe": {
"id": "CWE-551",
"name": "Incorrect Behavior Order: Authorization Before Parsing and Canonicalization"
},
"discovery_date": "2026-03-20T23:02:27.802640+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2449833"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in gRPC-Go, the Go language implementation of gRPC. This vulnerability, an authorization bypass, is caused by improper input validation of the HTTP/2 `:path` pseudo-header. A remote attacker can exploit this by sending raw HTTP/2 frames with a malformed `:path` that omits the mandatory leading slash. This allows the attacker to bypass defined security policies, potentially leading to unauthorized access to services or information disclosure.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "google.golang.org/grpc/grpc-go: google.golang.org/grpc/authz: gRPC-Go: Authorization bypass due to improper HTTP/2 path validation",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/client-server-rhel9@sha256:9607f5c16d8e9d7ee2491ac04db78a52eb13ee0e93eeef79ff8bb6c8f9430c72_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-33186"
},
{
"category": "external",
"summary": "RHBZ#2449833",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2449833"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-33186",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33186"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-33186",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33186"
},
{
"category": "external",
"summary": "https://github.com/grpc/grpc-go/security/advisories/GHSA-p77j-4mvh-x3m3",
"url": "https://github.com/grpc/grpc-go/security/advisories/GHSA-p77j-4mvh-x3m3"
}
],
"release_date": "2026-03-20T22:23:32.147000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-23T12:15:28+00:00",
"details": "Red Hat Trusted Artifact Signer simplifies cryptographic signing and verifying of software artifacts such as container images, binaries and source code changes. It is a self-managed on-premise deployment of the Sigstore project available at https://sigstore.dev\n\nPlatform Engineers, Software Developers and Security Professionals may use RHTAS to ensure the integrity, transparency and assurance of their organization\u0027s software supply chain.\n\nFor details on using the operator, refer to the product documentation at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.3\n\nYou can find the release notes for this version of Red Hat Trusted Artifact Signer at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.3/html-single/release_notes/index",
"product_ids": [
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/client-server-rhel9@sha256:9607f5c16d8e9d7ee2491ac04db78a52eb13ee0e93eeef79ff8bb6c8f9430c72_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:10125"
},
{
"category": "workaround",
"details": "To mitigate this issue, implement infrastructure-level normalization to ensure all incoming HTTP/2 `:path` headers are properly formatted with a leading slash before reaching the gRPC-Go server. This can be achieved by configuring a reverse proxy or API gateway to validate and normalize the `:path` header. Ensure that any such intermediary is properly configured and restarted to apply the changes, which may temporarily impact service availability.",
"product_ids": [
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/client-server-rhel9@sha256:9607f5c16d8e9d7ee2491ac04db78a52eb13ee0e93eeef79ff8bb6c8f9430c72_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/client-server-rhel9@sha256:9607f5c16d8e9d7ee2491ac04db78a52eb13ee0e93eeef79ff8bb6c8f9430c72_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "google.golang.org/grpc/grpc-go: google.golang.org/grpc/authz: gRPC-Go: Authorization bypass due to improper HTTP/2 path validation"
},
{
"cve": "CVE-2026-33211",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2026-03-24T00:02:20.093480+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2450554"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Tekton Pipelines, specifically in the Tekton Pipelines git resolver. A tenant with permissions to create ResolutionRequests can exploit a path traversal vulnerability via the `pathInRepo` parameter. This allows the tenant to read arbitrary files from the resolver pod\u0027s filesystem, leading to information disclosure, including sensitive ServiceAccount tokens. The contents of these files are returned in a base64-encoded format.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Tekton Pipelines: github.com/tektoncd/pipeline: Tekton Pipelines: Information disclosure via path traversal in git resolver",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker needs to have the permission to create ResolutionRequests (e.g., by creating TaskRuns or PipelineRuns that use the git resolver) within at least one specific namespace, limiting the exposure of this issue to authenticated users. Also, an attacker can read any file readable by the resolver pod process, including cluster secrets, allowing an escalation of privileges from namespace-scoped access to cluster-wide access. Due to these reasons, this vulnerability has been rated with an important severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/client-server-rhel9@sha256:9607f5c16d8e9d7ee2491ac04db78a52eb13ee0e93eeef79ff8bb6c8f9430c72_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-33211"
},
{
"category": "external",
"summary": "RHBZ#2450554",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450554"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-33211",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33211"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-33211",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33211"
},
{
"category": "external",
"summary": "https://github.com/tektoncd/pipeline/commit/10fa538f9a2b6d01c75138f1ed7ba3da0e34687c",
"url": "https://github.com/tektoncd/pipeline/commit/10fa538f9a2b6d01c75138f1ed7ba3da0e34687c"
},
{
"category": "external",
"summary": "https://github.com/tektoncd/pipeline/commit/318006c4e3a5",
"url": "https://github.com/tektoncd/pipeline/commit/318006c4e3a5"
},
{
"category": "external",
"summary": "https://github.com/tektoncd/pipeline/commit/3ca7bc6e6dd1d97f80b84f78370d91edaf023cbd",
"url": "https://github.com/tektoncd/pipeline/commit/3ca7bc6e6dd1d97f80b84f78370d91edaf023cbd"
},
{
"category": "external",
"summary": "https://github.com/tektoncd/pipeline/commit/961388fcf3374bc7656d28ab58ca84987e0a75ae",
"url": "https://github.com/tektoncd/pipeline/commit/961388fcf3374bc7656d28ab58ca84987e0a75ae"
},
{
"category": "external",
"summary": "https://github.com/tektoncd/pipeline/commit/b1fee65b88aa969069c14c120045e97c37d9ee5e",
"url": "https://github.com/tektoncd/pipeline/commit/b1fee65b88aa969069c14c120045e97c37d9ee5e"
},
{
"category": "external",
"summary": "https://github.com/tektoncd/pipeline/commit/cdb4e1e97a4f3170f9bc2cbfff83a6c8107bc3db",
"url": "https://github.com/tektoncd/pipeline/commit/cdb4e1e97a4f3170f9bc2cbfff83a6c8107bc3db"
},
{
"category": "external",
"summary": "https://github.com/tektoncd/pipeline/commit/ec7755031a183b345cf9e64bea0e0505c1b9cb78",
"url": "https://github.com/tektoncd/pipeline/commit/ec7755031a183b345cf9e64bea0e0505c1b9cb78"
},
{
"category": "external",
"summary": "https://github.com/tektoncd/pipeline/security/advisories/GHSA-j5q5-j9gm-2w5c",
"url": "https://github.com/tektoncd/pipeline/security/advisories/GHSA-j5q5-j9gm-2w5c"
}
],
"release_date": "2026-03-23T23:55:54.089000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-23T12:15:28+00:00",
"details": "Red Hat Trusted Artifact Signer simplifies cryptographic signing and verifying of software artifacts such as container images, binaries and source code changes. It is a self-managed on-premise deployment of the Sigstore project available at https://sigstore.dev\n\nPlatform Engineers, Software Developers and Security Professionals may use RHTAS to ensure the integrity, transparency and assurance of their organization\u0027s software supply chain.\n\nFor details on using the operator, refer to the product documentation at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.3\n\nYou can find the release notes for this version of Red Hat Trusted Artifact Signer at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.3/html-single/release_notes/index",
"product_ids": [
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/client-server-rhel9@sha256:9607f5c16d8e9d7ee2491ac04db78a52eb13ee0e93eeef79ff8bb6c8f9430c72_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:10125"
},
{
"category": "workaround",
"details": "To mitigate this vulnerability, restrict the creation of ResolutionRequests to trusted users and service accounts. Implement strict Role-Based Access Control (RBAC) policies to limit which tenants can create TaskRuns or PipelineRuns that utilize the Tekton Pipelines git resolver. This reduces the exposure by preventing unauthorized access to the resolver pod\u0027s filesystem.",
"product_ids": [
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/client-server-rhel9@sha256:9607f5c16d8e9d7ee2491ac04db78a52eb13ee0e93eeef79ff8bb6c8f9430c72_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/client-server-rhel9@sha256:9607f5c16d8e9d7ee2491ac04db78a52eb13ee0e93eeef79ff8bb6c8f9430c72_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Tekton Pipelines: github.com/tektoncd/pipeline: Tekton Pipelines: Information disclosure via path traversal in git resolver"
},
{
"cve": "CVE-2026-33747",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2026-03-27T02:01:29.921765+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2452076"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in BuildKit, a toolkit for converting source code to build artifacts. An untrusted BuildKit frontend can be leveraged to craft a malicious API message, allowing files to be written outside of the designated BuildKit state directory. This vulnerability, which is a form of arbitrary file write, could enable an attacker to execute unauthorized code or escalate their privileges on the system. This issue arises when custom BuildKit frontends are used with specific configuration options.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "BuildKit: github.com/moby/buildkit: BuildKit: Arbitrary file write and code execution via untrusted frontend",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/client-server-rhel9@sha256:9607f5c16d8e9d7ee2491ac04db78a52eb13ee0e93eeef79ff8bb6c8f9430c72_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-33747"
},
{
"category": "external",
"summary": "RHBZ#2452076",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2452076"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-33747",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33747"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-33747",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33747"
},
{
"category": "external",
"summary": "https://github.com/moby/buildkit/releases/tag/v0.28.1",
"url": "https://github.com/moby/buildkit/releases/tag/v0.28.1"
},
{
"category": "external",
"summary": "https://github.com/moby/buildkit/security/advisories/GHSA-4c29-8rgm-jvjj",
"url": "https://github.com/moby/buildkit/security/advisories/GHSA-4c29-8rgm-jvjj"
}
],
"release_date": "2026-03-27T00:49:06.165000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-23T12:15:28+00:00",
"details": "Red Hat Trusted Artifact Signer simplifies cryptographic signing and verifying of software artifacts such as container images, binaries and source code changes. It is a self-managed on-premise deployment of the Sigstore project available at https://sigstore.dev\n\nPlatform Engineers, Software Developers and Security Professionals may use RHTAS to ensure the integrity, transparency and assurance of their organization\u0027s software supply chain.\n\nFor details on using the operator, refer to the product documentation at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.3\n\nYou can find the release notes for this version of Red Hat Trusted Artifact Signer at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.3/html-single/release_notes/index",
"product_ids": [
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/client-server-rhel9@sha256:9607f5c16d8e9d7ee2491ac04db78a52eb13ee0e93eeef79ff8bb6c8f9430c72_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:10125"
},
{
"category": "workaround",
"details": "To mitigate this vulnerability, avoid using untrusted BuildKit frontends. Restrict the use of custom BuildKit frontends to only those from verified and trusted sources. Do not specify untrusted frontends via `#syntax` or `--build-arg BUILDKIT_SYNTAX`.",
"product_ids": [
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/client-server-rhel9@sha256:9607f5c16d8e9d7ee2491ac04db78a52eb13ee0e93eeef79ff8bb6c8f9430c72_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/client-server-rhel9@sha256:9607f5c16d8e9d7ee2491ac04db78a52eb13ee0e93eeef79ff8bb6c8f9430c72_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "BuildKit: github.com/moby/buildkit: BuildKit: Arbitrary file write and code execution via untrusted frontend"
},
{
"cve": "CVE-2026-33748",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2026-03-27T15:02:00.107493+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2452271"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in BuildKit. Insufficient validation of Git URL fragment subdirectory components may allow a remote attacker to access files outside the checked-out Git repository root. This access is limited to files on the same mounted filesystem. This vulnerability could lead to unauthorized information disclosure.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "github.com/moby/buildkit: BuildKit: Unauthorized file access via Git URL fragment subdir components",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/client-server-rhel9@sha256:9607f5c16d8e9d7ee2491ac04db78a52eb13ee0e93eeef79ff8bb6c8f9430c72_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-33748"
},
{
"category": "external",
"summary": "RHBZ#2452271",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2452271"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-33748",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33748"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-33748",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33748"
},
{
"category": "external",
"summary": "https://docs.docker.com/build/concepts/context/#url-fragments",
"url": "https://docs.docker.com/build/concepts/context/#url-fragments"
},
{
"category": "external",
"summary": "https://github.com/moby/buildkit/releases/tag/v0.28.1",
"url": "https://github.com/moby/buildkit/releases/tag/v0.28.1"
},
{
"category": "external",
"summary": "https://github.com/moby/buildkit/security/advisories/GHSA-4vrq-3vrq-g6gg",
"url": "https://github.com/moby/buildkit/security/advisories/GHSA-4vrq-3vrq-g6gg"
}
],
"release_date": "2026-03-27T14:00:21.200000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-23T12:15:28+00:00",
"details": "Red Hat Trusted Artifact Signer simplifies cryptographic signing and verifying of software artifacts such as container images, binaries and source code changes. It is a self-managed on-premise deployment of the Sigstore project available at https://sigstore.dev\n\nPlatform Engineers, Software Developers and Security Professionals may use RHTAS to ensure the integrity, transparency and assurance of their organization\u0027s software supply chain.\n\nFor details on using the operator, refer to the product documentation at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.3\n\nYou can find the release notes for this version of Red Hat Trusted Artifact Signer at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.3/html-single/release_notes/index",
"product_ids": [
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/client-server-rhel9@sha256:9607f5c16d8e9d7ee2491ac04db78a52eb13ee0e93eeef79ff8bb6c8f9430c72_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:10125"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/client-server-rhel9@sha256:9607f5c16d8e9d7ee2491ac04db78a52eb13ee0e93eeef79ff8bb6c8f9430c72_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/client-server-rhel9@sha256:9607f5c16d8e9d7ee2491ac04db78a52eb13ee0e93eeef79ff8bb6c8f9430c72_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "github.com/moby/buildkit: BuildKit: Unauthorized file access via Git URL fragment subdir components"
},
{
"cve": "CVE-2026-34986",
"cwe": {
"id": "CWE-131",
"name": "Incorrect Calculation of Buffer Size"
},
"discovery_date": "2026-04-06T17:01:34.639203+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2455470"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Go JOSE, a library for handling JSON Web Encryption (JWE) objects. A remote attacker could exploit this vulnerability by providing a specially crafted JWE object. When decrypting such an object, if a key wrapping algorithm is specified but the encrypted key field is empty, the application can crash. This leads to a denial of service (DoS), making the affected service unavailable to legitimate users.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "github.com/go-jose/go-jose/v3: github.com/go-jose/go-jose/v4: Go JOSE: Denial of Service via crafted JSON Web Encryption (JWE) object",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/client-server-rhel9@sha256:9607f5c16d8e9d7ee2491ac04db78a52eb13ee0e93eeef79ff8bb6c8f9430c72_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-34986"
},
{
"category": "external",
"summary": "RHBZ#2455470",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2455470"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-34986",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34986"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-34986",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34986"
},
{
"category": "external",
"summary": "https://github.com/go-jose/go-jose/security/advisories/GHSA-78h2-9frx-2jm8",
"url": "https://github.com/go-jose/go-jose/security/advisories/GHSA-78h2-9frx-2jm8"
},
{
"category": "external",
"summary": "https://pkg.go.dev/github.com/go-jose/go-jose/v4#pkg-constants",
"url": "https://pkg.go.dev/github.com/go-jose/go-jose/v4#pkg-constants"
}
],
"release_date": "2026-04-06T16:22:45.353000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-23T12:15:28+00:00",
"details": "Red Hat Trusted Artifact Signer simplifies cryptographic signing and verifying of software artifacts such as container images, binaries and source code changes. It is a self-managed on-premise deployment of the Sigstore project available at https://sigstore.dev\n\nPlatform Engineers, Software Developers and Security Professionals may use RHTAS to ensure the integrity, transparency and assurance of their organization\u0027s software supply chain.\n\nFor details on using the operator, refer to the product documentation at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.3\n\nYou can find the release notes for this version of Red Hat Trusted Artifact Signer at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.3/html-single/release_notes/index",
"product_ids": [
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/client-server-rhel9@sha256:9607f5c16d8e9d7ee2491ac04db78a52eb13ee0e93eeef79ff8bb6c8f9430c72_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:10125"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/client-server-rhel9@sha256:9607f5c16d8e9d7ee2491ac04db78a52eb13ee0e93eeef79ff8bb6c8f9430c72_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/client-server-rhel9@sha256:9607f5c16d8e9d7ee2491ac04db78a52eb13ee0e93eeef79ff8bb6c8f9430c72_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "github.com/go-jose/go-jose/v3: github.com/go-jose/go-jose/v4: Go JOSE: Denial of Service via crafted JSON Web Encryption (JWE) object"
}
]
}
RHSA-2026:10158
Vulnerability from csaf_redhat - Published: 2026-04-23 14:13 - Updated: 2026-06-27 19:50Summary
Red Hat Security Advisory: Red Hat OpenShift Builds 1.7.2
Severity
Important
Notes
Topic: Red Hat OpenShift Builds 1.7.2
Details: Releases of Red Hat OpenShift Builds 1.7.2
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in the crypto/tls component. This vulnerability occurs during Transport Layer Security (TLS) session resumption when certificate authority (CA) settings are modified between the initial and resumed handshakes. An attacker could exploit this to bypass certificate validation, allowing a client or server to establish a connection that should have been rejected. This could lead to an authentication bypass under specific conditions.
7.4 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:153f9e059139e6dbaeb2e5166d21bfeec59a59aa5cd8045e11dbfa091479b4bb_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:b2173caa314ae26d2a300f61cfa94031c34fe7676fd007418849212082db3636_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:cd9ada6b38c080eec45e1d053ec305dde2d574899019ffb01a28dbe1dd582912_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:f17eb032f7250aa4a3bb99e2754fa4cb0dbfc9fbbb8c787f70ad30b71b27b5a2_ppc64le | — |
Vendor Fix
fix
|
Known not affected
33 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:5008dcb0428a0837b9abd827963e7008c8e16af8cfcbd432421286fca63fe714_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:5856cba3fe26ab7f756ba93e06caa6e522336ff36ff4c515132a8d35c85a2f64_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:6ddf185f2714d45fab92c831bf32673da55c7a43dbcf1bd22090b203791e03b2_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:eb32b129ea6a10b4aada4313ff11b04c33b99877eea9a5e567245d361d69f140_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:165f6085028f3859f6ede9176d413274ee1a457b72cd9c437795146c20b0722c_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:7a39f26f51bcbb4ef395208db01e2b0ee8b1fe9b15b3701c9c35d8f636f790d9_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:a4d609ff22b610b625a74fffd22883d5debe93c2e0c6ae2bcbbfd8f5f6b2cf12_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:ec02f5f031fefd5a610b69a81be5350f96e54511e2d2c619e8b9fe8f193297b6_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:0070df2a8c7882ae021000c498ead96b19f1bd6819e46657d5898cb71e6ec506_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:4b578a8ef1579d7168b7f0a1b7cebe66213003f8225a86cfdd4c9f24a5e2d871_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:8d6371a5fe374e3bc5c19a930ea712d266fab13a722768204b128bc71e928c97_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:985b19d79b3e54fc8b99b9b0239b74dcf6d0102d3ff0cd5363ae4627069d2ee1_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:2a0a6ea6465a6d165f072ef782a1825cc16ecfb2f8c58d5ec58c1d40d02e5208_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:679b470190ff7a7fc04e283884be4f24d1b0c475d0730fb718f2f45c60551b61_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:9734d0dc0367884e128837b7d02038a3b4136c4865ed3dc90902801393e178b4_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:f5f35702e424cd4e9b768c59d44928844b2d09fbb98d368ae7b54b7ec0771d13_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-operator-bundle@sha256:093834bac2e2f7f01968ef542b9bcbf5fbe530c9f0dd86521825797abb4a33a2_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:190edd3effb60c56c885fc964d3eb48076293e1e43d745c4615ed00ef7daa145_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:382be8775c61942123adac2acec9f48085ebf7fd2b286c20e36a33ea6462baa7_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:5e83175abaef1e3046bac94621a86e036317833c740cdd6d235f1133a1388dd3_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:7173a298b07cbde3cd9ff12ca25f26ccf79b9ff8cfcb35a001c9f8c0b0291436_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:16cf5e33f297c027686d3ba9c6cbb01dba7a39299e2765fe4eaacc892b32f0d1_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:4715242f98234d2018f8317d9a57f63ff23b4d63be96491d55af2a2ef4572261_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:678c8d38900d994c4aa2e23669b7901747028690a4c5e4ba9aced4cbfe22b248_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:b39a2930e310d432a840798f03f7e55b8da42ff16ccda31790f85558d2be2537_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:1d01e27a3cdea6c99a985b877e29629d1c1fb00203f4a90c45db6df7a602e2cc_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:88b38ad10068e0574d2e5934849b98429c69305633b42aa4d19822ede2a6e10d_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:b020334c46f2d7276ba0c3aa8be7951254b197b2da310f0c22d2e16681a6a265_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:f2c222424cd66659ebea6787b6934c2d01d9eeb4f7db03ebfa16ab7b65aeb5b2_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:1a57b53f8642ccb95884687efc251ad52e8ee3e718b55d0f4d21f800dfd3f5fa_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:6234cfecf4dd75b8c4ff1c527ad4eb306d966cfa0170ecdb8ea4bc69c2cdc495_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:779e75a94141db7f8223b9861ba2fa3ba8baf6fa470bb0ab109945d75e20121b_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:e593bebc4e753ac3c4cdd1be05711452dbda6e3b015b37926fa804851bdad6a8_s390x | — |
Threats
Impact
Moderate
The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:153f9e059139e6dbaeb2e5166d21bfeec59a59aa5cd8045e11dbfa091479b4bb_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:b2173caa314ae26d2a300f61cfa94031c34fe7676fd007418849212082db3636_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:cd9ada6b38c080eec45e1d053ec305dde2d574899019ffb01a28dbe1dd582912_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:f17eb032f7250aa4a3bb99e2754fa4cb0dbfc9fbbb8c787f70ad30b71b27b5a2_ppc64le | — |
Vendor Fix
fix
Workaround
|
Known not affected
33 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:5008dcb0428a0837b9abd827963e7008c8e16af8cfcbd432421286fca63fe714_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:5856cba3fe26ab7f756ba93e06caa6e522336ff36ff4c515132a8d35c85a2f64_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:6ddf185f2714d45fab92c831bf32673da55c7a43dbcf1bd22090b203791e03b2_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:eb32b129ea6a10b4aada4313ff11b04c33b99877eea9a5e567245d361d69f140_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:165f6085028f3859f6ede9176d413274ee1a457b72cd9c437795146c20b0722c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:7a39f26f51bcbb4ef395208db01e2b0ee8b1fe9b15b3701c9c35d8f636f790d9_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:a4d609ff22b610b625a74fffd22883d5debe93c2e0c6ae2bcbbfd8f5f6b2cf12_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:ec02f5f031fefd5a610b69a81be5350f96e54511e2d2c619e8b9fe8f193297b6_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:0070df2a8c7882ae021000c498ead96b19f1bd6819e46657d5898cb71e6ec506_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:4b578a8ef1579d7168b7f0a1b7cebe66213003f8225a86cfdd4c9f24a5e2d871_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:8d6371a5fe374e3bc5c19a930ea712d266fab13a722768204b128bc71e928c97_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:985b19d79b3e54fc8b99b9b0239b74dcf6d0102d3ff0cd5363ae4627069d2ee1_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:2a0a6ea6465a6d165f072ef782a1825cc16ecfb2f8c58d5ec58c1d40d02e5208_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:679b470190ff7a7fc04e283884be4f24d1b0c475d0730fb718f2f45c60551b61_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:9734d0dc0367884e128837b7d02038a3b4136c4865ed3dc90902801393e178b4_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:f5f35702e424cd4e9b768c59d44928844b2d09fbb98d368ae7b54b7ec0771d13_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-operator-bundle@sha256:093834bac2e2f7f01968ef542b9bcbf5fbe530c9f0dd86521825797abb4a33a2_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:190edd3effb60c56c885fc964d3eb48076293e1e43d745c4615ed00ef7daa145_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:382be8775c61942123adac2acec9f48085ebf7fd2b286c20e36a33ea6462baa7_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:5e83175abaef1e3046bac94621a86e036317833c740cdd6d235f1133a1388dd3_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:7173a298b07cbde3cd9ff12ca25f26ccf79b9ff8cfcb35a001c9f8c0b0291436_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:16cf5e33f297c027686d3ba9c6cbb01dba7a39299e2765fe4eaacc892b32f0d1_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:4715242f98234d2018f8317d9a57f63ff23b4d63be96491d55af2a2ef4572261_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:678c8d38900d994c4aa2e23669b7901747028690a4c5e4ba9aced4cbfe22b248_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:b39a2930e310d432a840798f03f7e55b8da42ff16ccda31790f85558d2be2537_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:1d01e27a3cdea6c99a985b877e29629d1c1fb00203f4a90c45db6df7a602e2cc_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:88b38ad10068e0574d2e5934849b98429c69305633b42aa4d19822ede2a6e10d_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:b020334c46f2d7276ba0c3aa8be7951254b197b2da310f0c22d2e16681a6a265_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:f2c222424cd66659ebea6787b6934c2d01d9eeb4f7db03ebfa16ab7b65aeb5b2_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:1a57b53f8642ccb95884687efc251ad52e8ee3e718b55d0f4d21f800dfd3f5fa_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:6234cfecf4dd75b8c4ff1c527ad4eb306d966cfa0170ecdb8ea4bc69c2cdc495_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:779e75a94141db7f8223b9861ba2fa3ba8baf6fa470bb0ab109945d75e20121b_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:e593bebc4e753ac3c4cdd1be05711452dbda6e3b015b37926fa804851bdad6a8_s390x | — |
Workaround
|
Threats
Impact
Important
A certificate validation flaw has been discovered in the golang crypto/x509 module. When verifying a certificate chain which contains a certificate containing multiple email address constraints which share common local portions but different domain portions, these constraints will not be properly applied, and only the last constraint will be considered.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:153f9e059139e6dbaeb2e5166d21bfeec59a59aa5cd8045e11dbfa091479b4bb_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:b2173caa314ae26d2a300f61cfa94031c34fe7676fd007418849212082db3636_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:cd9ada6b38c080eec45e1d053ec305dde2d574899019ffb01a28dbe1dd582912_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:f17eb032f7250aa4a3bb99e2754fa4cb0dbfc9fbbb8c787f70ad30b71b27b5a2_ppc64le | — |
Vendor Fix
fix
Workaround
|
Known not affected
33 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:5008dcb0428a0837b9abd827963e7008c8e16af8cfcbd432421286fca63fe714_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:5856cba3fe26ab7f756ba93e06caa6e522336ff36ff4c515132a8d35c85a2f64_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:6ddf185f2714d45fab92c831bf32673da55c7a43dbcf1bd22090b203791e03b2_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:eb32b129ea6a10b4aada4313ff11b04c33b99877eea9a5e567245d361d69f140_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:165f6085028f3859f6ede9176d413274ee1a457b72cd9c437795146c20b0722c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:7a39f26f51bcbb4ef395208db01e2b0ee8b1fe9b15b3701c9c35d8f636f790d9_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:a4d609ff22b610b625a74fffd22883d5debe93c2e0c6ae2bcbbfd8f5f6b2cf12_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:ec02f5f031fefd5a610b69a81be5350f96e54511e2d2c619e8b9fe8f193297b6_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:0070df2a8c7882ae021000c498ead96b19f1bd6819e46657d5898cb71e6ec506_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:4b578a8ef1579d7168b7f0a1b7cebe66213003f8225a86cfdd4c9f24a5e2d871_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:8d6371a5fe374e3bc5c19a930ea712d266fab13a722768204b128bc71e928c97_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:985b19d79b3e54fc8b99b9b0239b74dcf6d0102d3ff0cd5363ae4627069d2ee1_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:2a0a6ea6465a6d165f072ef782a1825cc16ecfb2f8c58d5ec58c1d40d02e5208_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:679b470190ff7a7fc04e283884be4f24d1b0c475d0730fb718f2f45c60551b61_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:9734d0dc0367884e128837b7d02038a3b4136c4865ed3dc90902801393e178b4_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:f5f35702e424cd4e9b768c59d44928844b2d09fbb98d368ae7b54b7ec0771d13_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-operator-bundle@sha256:093834bac2e2f7f01968ef542b9bcbf5fbe530c9f0dd86521825797abb4a33a2_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:190edd3effb60c56c885fc964d3eb48076293e1e43d745c4615ed00ef7daa145_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:382be8775c61942123adac2acec9f48085ebf7fd2b286c20e36a33ea6462baa7_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:5e83175abaef1e3046bac94621a86e036317833c740cdd6d235f1133a1388dd3_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:7173a298b07cbde3cd9ff12ca25f26ccf79b9ff8cfcb35a001c9f8c0b0291436_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:16cf5e33f297c027686d3ba9c6cbb01dba7a39299e2765fe4eaacc892b32f0d1_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:4715242f98234d2018f8317d9a57f63ff23b4d63be96491d55af2a2ef4572261_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:678c8d38900d994c4aa2e23669b7901747028690a4c5e4ba9aced4cbfe22b248_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:b39a2930e310d432a840798f03f7e55b8da42ff16ccda31790f85558d2be2537_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:1d01e27a3cdea6c99a985b877e29629d1c1fb00203f4a90c45db6df7a602e2cc_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:88b38ad10068e0574d2e5934849b98429c69305633b42aa4d19822ede2a6e10d_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:b020334c46f2d7276ba0c3aa8be7951254b197b2da310f0c22d2e16681a6a265_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:f2c222424cd66659ebea6787b6934c2d01d9eeb4f7db03ebfa16ab7b65aeb5b2_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:1a57b53f8642ccb95884687efc251ad52e8ee3e718b55d0f4d21f800dfd3f5fa_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:6234cfecf4dd75b8c4ff1c527ad4eb306d966cfa0170ecdb8ea4bc69c2cdc495_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:779e75a94141db7f8223b9861ba2fa3ba8baf6fa470bb0ab109945d75e20121b_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:e593bebc4e753ac3c4cdd1be05711452dbda6e3b015b37926fa804851bdad6a8_s390x | — |
Workaround
|
Threats
Impact
Important
A flaw was found in gRPC-Go, the Go language implementation of gRPC. This vulnerability, an authorization bypass, is caused by improper input validation of the HTTP/2 `:path` pseudo-header. A remote attacker can exploit this by sending raw HTTP/2 frames with a malformed `:path` that omits the mandatory leading slash. This allows the attacker to bypass defined security policies, potentially leading to unauthorized access to services or information disclosure.
9.1 (Critical)
Affected products
Fixed
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:190edd3effb60c56c885fc964d3eb48076293e1e43d745c4615ed00ef7daa145_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:382be8775c61942123adac2acec9f48085ebf7fd2b286c20e36a33ea6462baa7_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:5e83175abaef1e3046bac94621a86e036317833c740cdd6d235f1133a1388dd3_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:7173a298b07cbde3cd9ff12ca25f26ccf79b9ff8cfcb35a001c9f8c0b0291436_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:16cf5e33f297c027686d3ba9c6cbb01dba7a39299e2765fe4eaacc892b32f0d1_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:4715242f98234d2018f8317d9a57f63ff23b4d63be96491d55af2a2ef4572261_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:678c8d38900d994c4aa2e23669b7901747028690a4c5e4ba9aced4cbfe22b248_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:b39a2930e310d432a840798f03f7e55b8da42ff16ccda31790f85558d2be2537_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:1d01e27a3cdea6c99a985b877e29629d1c1fb00203f4a90c45db6df7a602e2cc_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:88b38ad10068e0574d2e5934849b98429c69305633b42aa4d19822ede2a6e10d_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:b020334c46f2d7276ba0c3aa8be7951254b197b2da310f0c22d2e16681a6a265_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:f2c222424cd66659ebea6787b6934c2d01d9eeb4f7db03ebfa16ab7b65aeb5b2_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
25 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:5008dcb0428a0837b9abd827963e7008c8e16af8cfcbd432421286fca63fe714_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:5856cba3fe26ab7f756ba93e06caa6e522336ff36ff4c515132a8d35c85a2f64_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:6ddf185f2714d45fab92c831bf32673da55c7a43dbcf1bd22090b203791e03b2_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:eb32b129ea6a10b4aada4313ff11b04c33b99877eea9a5e567245d361d69f140_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:165f6085028f3859f6ede9176d413274ee1a457b72cd9c437795146c20b0722c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:7a39f26f51bcbb4ef395208db01e2b0ee8b1fe9b15b3701c9c35d8f636f790d9_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:a4d609ff22b610b625a74fffd22883d5debe93c2e0c6ae2bcbbfd8f5f6b2cf12_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:ec02f5f031fefd5a610b69a81be5350f96e54511e2d2c619e8b9fe8f193297b6_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:0070df2a8c7882ae021000c498ead96b19f1bd6819e46657d5898cb71e6ec506_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:4b578a8ef1579d7168b7f0a1b7cebe66213003f8225a86cfdd4c9f24a5e2d871_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:8d6371a5fe374e3bc5c19a930ea712d266fab13a722768204b128bc71e928c97_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:985b19d79b3e54fc8b99b9b0239b74dcf6d0102d3ff0cd5363ae4627069d2ee1_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:2a0a6ea6465a6d165f072ef782a1825cc16ecfb2f8c58d5ec58c1d40d02e5208_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:679b470190ff7a7fc04e283884be4f24d1b0c475d0730fb718f2f45c60551b61_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:9734d0dc0367884e128837b7d02038a3b4136c4865ed3dc90902801393e178b4_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:f5f35702e424cd4e9b768c59d44928844b2d09fbb98d368ae7b54b7ec0771d13_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-operator-bundle@sha256:093834bac2e2f7f01968ef542b9bcbf5fbe530c9f0dd86521825797abb4a33a2_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:153f9e059139e6dbaeb2e5166d21bfeec59a59aa5cd8045e11dbfa091479b4bb_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:b2173caa314ae26d2a300f61cfa94031c34fe7676fd007418849212082db3636_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:cd9ada6b38c080eec45e1d053ec305dde2d574899019ffb01a28dbe1dd582912_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:f17eb032f7250aa4a3bb99e2754fa4cb0dbfc9fbbb8c787f70ad30b71b27b5a2_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:1a57b53f8642ccb95884687efc251ad52e8ee3e718b55d0f4d21f800dfd3f5fa_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:6234cfecf4dd75b8c4ff1c527ad4eb306d966cfa0170ecdb8ea4bc69c2cdc495_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:779e75a94141db7f8223b9861ba2fa3ba8baf6fa470bb0ab109945d75e20121b_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:e593bebc4e753ac3c4cdd1be05711452dbda6e3b015b37926fa804851bdad6a8_s390x | — |
Workaround
|
Threats
Impact
Important
A flaw was found in Tekton Pipelines, specifically in the Tekton Pipelines git resolver. A tenant with permissions to create ResolutionRequests can exploit a path traversal vulnerability via the `pathInRepo` parameter. This allows the tenant to read arbitrary files from the resolver pod's filesystem, leading to information disclosure, including sensitive ServiceAccount tokens. The contents of these files are returned in a base64-encoded format.
9.6 (Critical)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:190edd3effb60c56c885fc964d3eb48076293e1e43d745c4615ed00ef7daa145_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:382be8775c61942123adac2acec9f48085ebf7fd2b286c20e36a33ea6462baa7_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:5e83175abaef1e3046bac94621a86e036317833c740cdd6d235f1133a1388dd3_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:7173a298b07cbde3cd9ff12ca25f26ccf79b9ff8cfcb35a001c9f8c0b0291436_s390x | — |
Vendor Fix
fix
Workaround
|
Known not affected
33 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:5008dcb0428a0837b9abd827963e7008c8e16af8cfcbd432421286fca63fe714_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:5856cba3fe26ab7f756ba93e06caa6e522336ff36ff4c515132a8d35c85a2f64_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:6ddf185f2714d45fab92c831bf32673da55c7a43dbcf1bd22090b203791e03b2_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:eb32b129ea6a10b4aada4313ff11b04c33b99877eea9a5e567245d361d69f140_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:165f6085028f3859f6ede9176d413274ee1a457b72cd9c437795146c20b0722c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:7a39f26f51bcbb4ef395208db01e2b0ee8b1fe9b15b3701c9c35d8f636f790d9_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:a4d609ff22b610b625a74fffd22883d5debe93c2e0c6ae2bcbbfd8f5f6b2cf12_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:ec02f5f031fefd5a610b69a81be5350f96e54511e2d2c619e8b9fe8f193297b6_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:0070df2a8c7882ae021000c498ead96b19f1bd6819e46657d5898cb71e6ec506_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:4b578a8ef1579d7168b7f0a1b7cebe66213003f8225a86cfdd4c9f24a5e2d871_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:8d6371a5fe374e3bc5c19a930ea712d266fab13a722768204b128bc71e928c97_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:985b19d79b3e54fc8b99b9b0239b74dcf6d0102d3ff0cd5363ae4627069d2ee1_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:2a0a6ea6465a6d165f072ef782a1825cc16ecfb2f8c58d5ec58c1d40d02e5208_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:679b470190ff7a7fc04e283884be4f24d1b0c475d0730fb718f2f45c60551b61_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:9734d0dc0367884e128837b7d02038a3b4136c4865ed3dc90902801393e178b4_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:f5f35702e424cd4e9b768c59d44928844b2d09fbb98d368ae7b54b7ec0771d13_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-operator-bundle@sha256:093834bac2e2f7f01968ef542b9bcbf5fbe530c9f0dd86521825797abb4a33a2_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:16cf5e33f297c027686d3ba9c6cbb01dba7a39299e2765fe4eaacc892b32f0d1_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:4715242f98234d2018f8317d9a57f63ff23b4d63be96491d55af2a2ef4572261_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:678c8d38900d994c4aa2e23669b7901747028690a4c5e4ba9aced4cbfe22b248_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:b39a2930e310d432a840798f03f7e55b8da42ff16ccda31790f85558d2be2537_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:1d01e27a3cdea6c99a985b877e29629d1c1fb00203f4a90c45db6df7a602e2cc_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:88b38ad10068e0574d2e5934849b98429c69305633b42aa4d19822ede2a6e10d_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:b020334c46f2d7276ba0c3aa8be7951254b197b2da310f0c22d2e16681a6a265_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:f2c222424cd66659ebea6787b6934c2d01d9eeb4f7db03ebfa16ab7b65aeb5b2_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:153f9e059139e6dbaeb2e5166d21bfeec59a59aa5cd8045e11dbfa091479b4bb_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:b2173caa314ae26d2a300f61cfa94031c34fe7676fd007418849212082db3636_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:cd9ada6b38c080eec45e1d053ec305dde2d574899019ffb01a28dbe1dd582912_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:f17eb032f7250aa4a3bb99e2754fa4cb0dbfc9fbbb8c787f70ad30b71b27b5a2_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:1a57b53f8642ccb95884687efc251ad52e8ee3e718b55d0f4d21f800dfd3f5fa_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:6234cfecf4dd75b8c4ff1c527ad4eb306d966cfa0170ecdb8ea4bc69c2cdc495_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:779e75a94141db7f8223b9861ba2fa3ba8baf6fa470bb0ab109945d75e20121b_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:e593bebc4e753ac3c4cdd1be05711452dbda6e3b015b37926fa804851bdad6a8_s390x | — |
Workaround
|
Threats
Impact
Important
A flaw was found in the `crypto/x509` package within Go (golang). When verifying a certificate chain, excluded DNS (Domain Name System) constraints are not correctly applied to wildcard DNS Subject Alternative Names (SANs) if the case of the SAN differs from the constraint. This oversight could allow an attacker to bypass certificate validation, potentially leading to the acceptance of a malicious certificate that should have been rejected. This issue specifically impacts the validation of trusted certificate chains.
8.8 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:153f9e059139e6dbaeb2e5166d21bfeec59a59aa5cd8045e11dbfa091479b4bb_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:b2173caa314ae26d2a300f61cfa94031c34fe7676fd007418849212082db3636_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:cd9ada6b38c080eec45e1d053ec305dde2d574899019ffb01a28dbe1dd582912_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:f17eb032f7250aa4a3bb99e2754fa4cb0dbfc9fbbb8c787f70ad30b71b27b5a2_ppc64le | — |
Vendor Fix
fix
|
Known not affected
33 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:5008dcb0428a0837b9abd827963e7008c8e16af8cfcbd432421286fca63fe714_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:5856cba3fe26ab7f756ba93e06caa6e522336ff36ff4c515132a8d35c85a2f64_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:6ddf185f2714d45fab92c831bf32673da55c7a43dbcf1bd22090b203791e03b2_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:eb32b129ea6a10b4aada4313ff11b04c33b99877eea9a5e567245d361d69f140_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:165f6085028f3859f6ede9176d413274ee1a457b72cd9c437795146c20b0722c_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:7a39f26f51bcbb4ef395208db01e2b0ee8b1fe9b15b3701c9c35d8f636f790d9_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:a4d609ff22b610b625a74fffd22883d5debe93c2e0c6ae2bcbbfd8f5f6b2cf12_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:ec02f5f031fefd5a610b69a81be5350f96e54511e2d2c619e8b9fe8f193297b6_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:0070df2a8c7882ae021000c498ead96b19f1bd6819e46657d5898cb71e6ec506_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:4b578a8ef1579d7168b7f0a1b7cebe66213003f8225a86cfdd4c9f24a5e2d871_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:8d6371a5fe374e3bc5c19a930ea712d266fab13a722768204b128bc71e928c97_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:985b19d79b3e54fc8b99b9b0239b74dcf6d0102d3ff0cd5363ae4627069d2ee1_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:2a0a6ea6465a6d165f072ef782a1825cc16ecfb2f8c58d5ec58c1d40d02e5208_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:679b470190ff7a7fc04e283884be4f24d1b0c475d0730fb718f2f45c60551b61_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:9734d0dc0367884e128837b7d02038a3b4136c4865ed3dc90902801393e178b4_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:f5f35702e424cd4e9b768c59d44928844b2d09fbb98d368ae7b54b7ec0771d13_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-operator-bundle@sha256:093834bac2e2f7f01968ef542b9bcbf5fbe530c9f0dd86521825797abb4a33a2_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:190edd3effb60c56c885fc964d3eb48076293e1e43d745c4615ed00ef7daa145_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:382be8775c61942123adac2acec9f48085ebf7fd2b286c20e36a33ea6462baa7_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:5e83175abaef1e3046bac94621a86e036317833c740cdd6d235f1133a1388dd3_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:7173a298b07cbde3cd9ff12ca25f26ccf79b9ff8cfcb35a001c9f8c0b0291436_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:16cf5e33f297c027686d3ba9c6cbb01dba7a39299e2765fe4eaacc892b32f0d1_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:4715242f98234d2018f8317d9a57f63ff23b4d63be96491d55af2a2ef4572261_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:678c8d38900d994c4aa2e23669b7901747028690a4c5e4ba9aced4cbfe22b248_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:b39a2930e310d432a840798f03f7e55b8da42ff16ccda31790f85558d2be2537_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:1d01e27a3cdea6c99a985b877e29629d1c1fb00203f4a90c45db6df7a602e2cc_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:88b38ad10068e0574d2e5934849b98429c69305633b42aa4d19822ede2a6e10d_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:b020334c46f2d7276ba0c3aa8be7951254b197b2da310f0c22d2e16681a6a265_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:f2c222424cd66659ebea6787b6934c2d01d9eeb4f7db03ebfa16ab7b65aeb5b2_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:1a57b53f8642ccb95884687efc251ad52e8ee3e718b55d0f4d21f800dfd3f5fa_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:6234cfecf4dd75b8c4ff1c527ad4eb306d966cfa0170ecdb8ea4bc69c2cdc495_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:779e75a94141db7f8223b9861ba2fa3ba8baf6fa470bb0ab109945d75e20121b_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:e593bebc4e753ac3c4cdd1be05711452dbda6e3b015b37926fa804851bdad6a8_s390x | — |
Threats
Impact
Important
References
58 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat OpenShift Builds 1.7.2",
"title": "Topic"
},
{
"category": "general",
"text": "Releases of Red Hat OpenShift Builds 1.7.2",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:10158",
"url": "https://access.redhat.com/errata/RHSA-2026:10158"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-68121",
"url": "https://access.redhat.com/security/cve/CVE-2025-68121"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-25679",
"url": "https://access.redhat.com/security/cve/CVE-2026-25679"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-27137",
"url": "https://access.redhat.com/security/cve/CVE-2026-27137"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-33186",
"url": "https://access.redhat.com/security/cve/CVE-2026-33186"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-33211",
"url": "https://access.redhat.com/security/cve/CVE-2026-33211"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-33810",
"url": "https://access.redhat.com/security/cve/CVE-2026-33810"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "external",
"summary": "https://docs.redhat.com/en/documentation/builds_for_red_hat_openshift/1.7",
"url": "https://docs.redhat.com/en/documentation/builds_for_red_hat_openshift/1.7"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_10158.json"
}
],
"title": "Red Hat Security Advisory: Red Hat OpenShift Builds 1.7.2",
"tracking": {
"current_release_date": "2026-06-27T19:50:01+00:00",
"generator": {
"date": "2026-06-27T19:50:01+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.2.6"
}
},
"id": "RHSA-2026:10158",
"initial_release_date": "2026-04-23T14:13:54+00:00",
"revision_history": [
{
"date": "2026-04-23T14:13:54+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-04-23T14:14:00+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-27T19:50:01+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift Builds 1.7.3",
"product": {
"name": "Red Hat OpenShift Builds 1.7.3",
"product_id": "Red Hat OpenShift Builds 1.7.3",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift_builds:1.7::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Builds"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:5008dcb0428a0837b9abd827963e7008c8e16af8cfcbd432421286fca63fe714_amd64",
"product": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:5008dcb0428a0837b9abd827963e7008c8e16af8cfcbd432421286fca63fe714_amd64",
"product_id": "registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:5008dcb0428a0837b9abd827963e7008c8e16af8cfcbd432421286fca63fe714_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-builds-controller-rhel9@sha256%3A5008dcb0428a0837b9abd827963e7008c8e16af8cfcbd432421286fca63fe714?arch=amd64\u0026repository_url=registry.redhat.io/openshift-builds\u0026tag=1776846689"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:165f6085028f3859f6ede9176d413274ee1a457b72cd9c437795146c20b0722c_amd64",
"product": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:165f6085028f3859f6ede9176d413274ee1a457b72cd9c437795146c20b0722c_amd64",
"product_id": "registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:165f6085028f3859f6ede9176d413274ee1a457b72cd9c437795146c20b0722c_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-builds-git-cloner-rhel9@sha256%3A165f6085028f3859f6ede9176d413274ee1a457b72cd9c437795146c20b0722c?arch=amd64\u0026repository_url=registry.redhat.io/openshift-builds\u0026tag=1776847166"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:985b19d79b3e54fc8b99b9b0239b74dcf6d0102d3ff0cd5363ae4627069d2ee1_amd64",
"product": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:985b19d79b3e54fc8b99b9b0239b74dcf6d0102d3ff0cd5363ae4627069d2ee1_amd64",
"product_id": "registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:985b19d79b3e54fc8b99b9b0239b74dcf6d0102d3ff0cd5363ae4627069d2ee1_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-builds-image-bundler-rhel9@sha256%3A985b19d79b3e54fc8b99b9b0239b74dcf6d0102d3ff0cd5363ae4627069d2ee1?arch=amd64\u0026repository_url=registry.redhat.io/openshift-builds\u0026tag=1776846372"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:f5f35702e424cd4e9b768c59d44928844b2d09fbb98d368ae7b54b7ec0771d13_amd64",
"product": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:f5f35702e424cd4e9b768c59d44928844b2d09fbb98d368ae7b54b7ec0771d13_amd64",
"product_id": "registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:f5f35702e424cd4e9b768c59d44928844b2d09fbb98d368ae7b54b7ec0771d13_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-builds-image-processing-rhel9@sha256%3Af5f35702e424cd4e9b768c59d44928844b2d09fbb98d368ae7b54b7ec0771d13?arch=amd64\u0026repository_url=registry.redhat.io/openshift-builds\u0026tag=1776849396"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:5e83175abaef1e3046bac94621a86e036317833c740cdd6d235f1133a1388dd3_amd64",
"product": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:5e83175abaef1e3046bac94621a86e036317833c740cdd6d235f1133a1388dd3_amd64",
"product_id": "registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:5e83175abaef1e3046bac94621a86e036317833c740cdd6d235f1133a1388dd3_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-builds-rhel9-operator@sha256%3A5e83175abaef1e3046bac94621a86e036317833c740cdd6d235f1133a1388dd3?arch=amd64\u0026repository_url=registry.redhat.io/openshift-builds\u0026tag=1776860241"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-builds/openshift-builds-operator-bundle@sha256:093834bac2e2f7f01968ef542b9bcbf5fbe530c9f0dd86521825797abb4a33a2_amd64",
"product": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-operator-bundle@sha256:093834bac2e2f7f01968ef542b9bcbf5fbe530c9f0dd86521825797abb4a33a2_amd64",
"product_id": "registry.redhat.io/openshift-builds/openshift-builds-operator-bundle@sha256:093834bac2e2f7f01968ef542b9bcbf5fbe530c9f0dd86521825797abb4a33a2_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-builds-operator-bundle@sha256%3A093834bac2e2f7f01968ef542b9bcbf5fbe530c9f0dd86521825797abb4a33a2?arch=amd64\u0026repository_url=registry.redhat.io/openshift-builds\u0026tag=1776937971"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:16cf5e33f297c027686d3ba9c6cbb01dba7a39299e2765fe4eaacc892b32f0d1_amd64",
"product": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:16cf5e33f297c027686d3ba9c6cbb01dba7a39299e2765fe4eaacc892b32f0d1_amd64",
"product_id": "registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:16cf5e33f297c027686d3ba9c6cbb01dba7a39299e2765fe4eaacc892b32f0d1_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-builds-shared-resource-rhel9@sha256%3A16cf5e33f297c027686d3ba9c6cbb01dba7a39299e2765fe4eaacc892b32f0d1?arch=amd64\u0026repository_url=registry.redhat.io/openshift-builds\u0026tag=1776851459"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:f2c222424cd66659ebea6787b6934c2d01d9eeb4f7db03ebfa16ab7b65aeb5b2_amd64",
"product": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:f2c222424cd66659ebea6787b6934c2d01d9eeb4f7db03ebfa16ab7b65aeb5b2_amd64",
"product_id": "registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:f2c222424cd66659ebea6787b6934c2d01d9eeb4f7db03ebfa16ab7b65aeb5b2_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-builds-shared-resource-webhook-rhel9@sha256%3Af2c222424cd66659ebea6787b6934c2d01d9eeb4f7db03ebfa16ab7b65aeb5b2?arch=amd64\u0026repository_url=registry.redhat.io/openshift-builds\u0026tag=1776852111"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:153f9e059139e6dbaeb2e5166d21bfeec59a59aa5cd8045e11dbfa091479b4bb_amd64",
"product": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:153f9e059139e6dbaeb2e5166d21bfeec59a59aa5cd8045e11dbfa091479b4bb_amd64",
"product_id": "registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:153f9e059139e6dbaeb2e5166d21bfeec59a59aa5cd8045e11dbfa091479b4bb_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-builds-waiters-rhel9@sha256%3A153f9e059139e6dbaeb2e5166d21bfeec59a59aa5cd8045e11dbfa091479b4bb?arch=amd64\u0026repository_url=registry.redhat.io/openshift-builds\u0026tag=1776846936"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:6234cfecf4dd75b8c4ff1c527ad4eb306d966cfa0170ecdb8ea4bc69c2cdc495_amd64",
"product": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:6234cfecf4dd75b8c4ff1c527ad4eb306d966cfa0170ecdb8ea4bc69c2cdc495_amd64",
"product_id": "registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:6234cfecf4dd75b8c4ff1c527ad4eb306d966cfa0170ecdb8ea4bc69c2cdc495_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-builds-webhook-rhel9@sha256%3A6234cfecf4dd75b8c4ff1c527ad4eb306d966cfa0170ecdb8ea4bc69c2cdc495?arch=amd64\u0026repository_url=registry.redhat.io/openshift-builds\u0026tag=1776846493"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:eb32b129ea6a10b4aada4313ff11b04c33b99877eea9a5e567245d361d69f140_arm64",
"product": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:eb32b129ea6a10b4aada4313ff11b04c33b99877eea9a5e567245d361d69f140_arm64",
"product_id": "registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:eb32b129ea6a10b4aada4313ff11b04c33b99877eea9a5e567245d361d69f140_arm64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-builds-controller-rhel9@sha256%3Aeb32b129ea6a10b4aada4313ff11b04c33b99877eea9a5e567245d361d69f140?arch=arm64\u0026repository_url=registry.redhat.io/openshift-builds\u0026tag=1776846689"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:7a39f26f51bcbb4ef395208db01e2b0ee8b1fe9b15b3701c9c35d8f636f790d9_arm64",
"product": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:7a39f26f51bcbb4ef395208db01e2b0ee8b1fe9b15b3701c9c35d8f636f790d9_arm64",
"product_id": "registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:7a39f26f51bcbb4ef395208db01e2b0ee8b1fe9b15b3701c9c35d8f636f790d9_arm64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-builds-git-cloner-rhel9@sha256%3A7a39f26f51bcbb4ef395208db01e2b0ee8b1fe9b15b3701c9c35d8f636f790d9?arch=arm64\u0026repository_url=registry.redhat.io/openshift-builds\u0026tag=1776847166"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:0070df2a8c7882ae021000c498ead96b19f1bd6819e46657d5898cb71e6ec506_arm64",
"product": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:0070df2a8c7882ae021000c498ead96b19f1bd6819e46657d5898cb71e6ec506_arm64",
"product_id": "registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:0070df2a8c7882ae021000c498ead96b19f1bd6819e46657d5898cb71e6ec506_arm64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-builds-image-bundler-rhel9@sha256%3A0070df2a8c7882ae021000c498ead96b19f1bd6819e46657d5898cb71e6ec506?arch=arm64\u0026repository_url=registry.redhat.io/openshift-builds\u0026tag=1776846372"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:2a0a6ea6465a6d165f072ef782a1825cc16ecfb2f8c58d5ec58c1d40d02e5208_arm64",
"product": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:2a0a6ea6465a6d165f072ef782a1825cc16ecfb2f8c58d5ec58c1d40d02e5208_arm64",
"product_id": "registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:2a0a6ea6465a6d165f072ef782a1825cc16ecfb2f8c58d5ec58c1d40d02e5208_arm64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-builds-image-processing-rhel9@sha256%3A2a0a6ea6465a6d165f072ef782a1825cc16ecfb2f8c58d5ec58c1d40d02e5208?arch=arm64\u0026repository_url=registry.redhat.io/openshift-builds\u0026tag=1776849396"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:382be8775c61942123adac2acec9f48085ebf7fd2b286c20e36a33ea6462baa7_arm64",
"product": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:382be8775c61942123adac2acec9f48085ebf7fd2b286c20e36a33ea6462baa7_arm64",
"product_id": "registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:382be8775c61942123adac2acec9f48085ebf7fd2b286c20e36a33ea6462baa7_arm64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-builds-rhel9-operator@sha256%3A382be8775c61942123adac2acec9f48085ebf7fd2b286c20e36a33ea6462baa7?arch=arm64\u0026repository_url=registry.redhat.io/openshift-builds\u0026tag=1776860241"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:4715242f98234d2018f8317d9a57f63ff23b4d63be96491d55af2a2ef4572261_arm64",
"product": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:4715242f98234d2018f8317d9a57f63ff23b4d63be96491d55af2a2ef4572261_arm64",
"product_id": "registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:4715242f98234d2018f8317d9a57f63ff23b4d63be96491d55af2a2ef4572261_arm64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-builds-shared-resource-rhel9@sha256%3A4715242f98234d2018f8317d9a57f63ff23b4d63be96491d55af2a2ef4572261?arch=arm64\u0026repository_url=registry.redhat.io/openshift-builds\u0026tag=1776851459"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:b020334c46f2d7276ba0c3aa8be7951254b197b2da310f0c22d2e16681a6a265_arm64",
"product": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:b020334c46f2d7276ba0c3aa8be7951254b197b2da310f0c22d2e16681a6a265_arm64",
"product_id": "registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:b020334c46f2d7276ba0c3aa8be7951254b197b2da310f0c22d2e16681a6a265_arm64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-builds-shared-resource-webhook-rhel9@sha256%3Ab020334c46f2d7276ba0c3aa8be7951254b197b2da310f0c22d2e16681a6a265?arch=arm64\u0026repository_url=registry.redhat.io/openshift-builds\u0026tag=1776852111"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:cd9ada6b38c080eec45e1d053ec305dde2d574899019ffb01a28dbe1dd582912_arm64",
"product": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:cd9ada6b38c080eec45e1d053ec305dde2d574899019ffb01a28dbe1dd582912_arm64",
"product_id": "registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:cd9ada6b38c080eec45e1d053ec305dde2d574899019ffb01a28dbe1dd582912_arm64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-builds-waiters-rhel9@sha256%3Acd9ada6b38c080eec45e1d053ec305dde2d574899019ffb01a28dbe1dd582912?arch=arm64\u0026repository_url=registry.redhat.io/openshift-builds\u0026tag=1776846936"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:1a57b53f8642ccb95884687efc251ad52e8ee3e718b55d0f4d21f800dfd3f5fa_arm64",
"product": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:1a57b53f8642ccb95884687efc251ad52e8ee3e718b55d0f4d21f800dfd3f5fa_arm64",
"product_id": "registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:1a57b53f8642ccb95884687efc251ad52e8ee3e718b55d0f4d21f800dfd3f5fa_arm64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-builds-webhook-rhel9@sha256%3A1a57b53f8642ccb95884687efc251ad52e8ee3e718b55d0f4d21f800dfd3f5fa?arch=arm64\u0026repository_url=registry.redhat.io/openshift-builds\u0026tag=1776846493"
}
}
}
],
"category": "architecture",
"name": "arm64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:6ddf185f2714d45fab92c831bf32673da55c7a43dbcf1bd22090b203791e03b2_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:6ddf185f2714d45fab92c831bf32673da55c7a43dbcf1bd22090b203791e03b2_ppc64le",
"product_id": "registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:6ddf185f2714d45fab92c831bf32673da55c7a43dbcf1bd22090b203791e03b2_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/openshift-builds-controller-rhel9@sha256%3A6ddf185f2714d45fab92c831bf32673da55c7a43dbcf1bd22090b203791e03b2?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-builds\u0026tag=1776846689"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:ec02f5f031fefd5a610b69a81be5350f96e54511e2d2c619e8b9fe8f193297b6_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:ec02f5f031fefd5a610b69a81be5350f96e54511e2d2c619e8b9fe8f193297b6_ppc64le",
"product_id": "registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:ec02f5f031fefd5a610b69a81be5350f96e54511e2d2c619e8b9fe8f193297b6_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/openshift-builds-git-cloner-rhel9@sha256%3Aec02f5f031fefd5a610b69a81be5350f96e54511e2d2c619e8b9fe8f193297b6?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-builds\u0026tag=1776847166"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:4b578a8ef1579d7168b7f0a1b7cebe66213003f8225a86cfdd4c9f24a5e2d871_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:4b578a8ef1579d7168b7f0a1b7cebe66213003f8225a86cfdd4c9f24a5e2d871_ppc64le",
"product_id": "registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:4b578a8ef1579d7168b7f0a1b7cebe66213003f8225a86cfdd4c9f24a5e2d871_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/openshift-builds-image-bundler-rhel9@sha256%3A4b578a8ef1579d7168b7f0a1b7cebe66213003f8225a86cfdd4c9f24a5e2d871?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-builds\u0026tag=1776846372"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:9734d0dc0367884e128837b7d02038a3b4136c4865ed3dc90902801393e178b4_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:9734d0dc0367884e128837b7d02038a3b4136c4865ed3dc90902801393e178b4_ppc64le",
"product_id": "registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:9734d0dc0367884e128837b7d02038a3b4136c4865ed3dc90902801393e178b4_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/openshift-builds-image-processing-rhel9@sha256%3A9734d0dc0367884e128837b7d02038a3b4136c4865ed3dc90902801393e178b4?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-builds\u0026tag=1776849396"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:190edd3effb60c56c885fc964d3eb48076293e1e43d745c4615ed00ef7daa145_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:190edd3effb60c56c885fc964d3eb48076293e1e43d745c4615ed00ef7daa145_ppc64le",
"product_id": "registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:190edd3effb60c56c885fc964d3eb48076293e1e43d745c4615ed00ef7daa145_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/openshift-builds-rhel9-operator@sha256%3A190edd3effb60c56c885fc964d3eb48076293e1e43d745c4615ed00ef7daa145?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-builds\u0026tag=1776860241"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:678c8d38900d994c4aa2e23669b7901747028690a4c5e4ba9aced4cbfe22b248_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:678c8d38900d994c4aa2e23669b7901747028690a4c5e4ba9aced4cbfe22b248_ppc64le",
"product_id": "registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:678c8d38900d994c4aa2e23669b7901747028690a4c5e4ba9aced4cbfe22b248_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/openshift-builds-shared-resource-rhel9@sha256%3A678c8d38900d994c4aa2e23669b7901747028690a4c5e4ba9aced4cbfe22b248?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-builds\u0026tag=1776851459"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:88b38ad10068e0574d2e5934849b98429c69305633b42aa4d19822ede2a6e10d_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:88b38ad10068e0574d2e5934849b98429c69305633b42aa4d19822ede2a6e10d_ppc64le",
"product_id": "registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:88b38ad10068e0574d2e5934849b98429c69305633b42aa4d19822ede2a6e10d_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/openshift-builds-shared-resource-webhook-rhel9@sha256%3A88b38ad10068e0574d2e5934849b98429c69305633b42aa4d19822ede2a6e10d?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-builds\u0026tag=1776852111"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:f17eb032f7250aa4a3bb99e2754fa4cb0dbfc9fbbb8c787f70ad30b71b27b5a2_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:f17eb032f7250aa4a3bb99e2754fa4cb0dbfc9fbbb8c787f70ad30b71b27b5a2_ppc64le",
"product_id": "registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:f17eb032f7250aa4a3bb99e2754fa4cb0dbfc9fbbb8c787f70ad30b71b27b5a2_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/openshift-builds-waiters-rhel9@sha256%3Af17eb032f7250aa4a3bb99e2754fa4cb0dbfc9fbbb8c787f70ad30b71b27b5a2?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-builds\u0026tag=1776846936"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:779e75a94141db7f8223b9861ba2fa3ba8baf6fa470bb0ab109945d75e20121b_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:779e75a94141db7f8223b9861ba2fa3ba8baf6fa470bb0ab109945d75e20121b_ppc64le",
"product_id": "registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:779e75a94141db7f8223b9861ba2fa3ba8baf6fa470bb0ab109945d75e20121b_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/openshift-builds-webhook-rhel9@sha256%3A779e75a94141db7f8223b9861ba2fa3ba8baf6fa470bb0ab109945d75e20121b?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-builds\u0026tag=1776846493"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:5856cba3fe26ab7f756ba93e06caa6e522336ff36ff4c515132a8d35c85a2f64_s390x",
"product": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:5856cba3fe26ab7f756ba93e06caa6e522336ff36ff4c515132a8d35c85a2f64_s390x",
"product_id": "registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:5856cba3fe26ab7f756ba93e06caa6e522336ff36ff4c515132a8d35c85a2f64_s390x",
"product_identification_helper": {
"purl": "pkg:oci/openshift-builds-controller-rhel9@sha256%3A5856cba3fe26ab7f756ba93e06caa6e522336ff36ff4c515132a8d35c85a2f64?arch=s390x\u0026repository_url=registry.redhat.io/openshift-builds\u0026tag=1776846689"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:a4d609ff22b610b625a74fffd22883d5debe93c2e0c6ae2bcbbfd8f5f6b2cf12_s390x",
"product": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:a4d609ff22b610b625a74fffd22883d5debe93c2e0c6ae2bcbbfd8f5f6b2cf12_s390x",
"product_id": "registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:a4d609ff22b610b625a74fffd22883d5debe93c2e0c6ae2bcbbfd8f5f6b2cf12_s390x",
"product_identification_helper": {
"purl": "pkg:oci/openshift-builds-git-cloner-rhel9@sha256%3Aa4d609ff22b610b625a74fffd22883d5debe93c2e0c6ae2bcbbfd8f5f6b2cf12?arch=s390x\u0026repository_url=registry.redhat.io/openshift-builds\u0026tag=1776847166"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:8d6371a5fe374e3bc5c19a930ea712d266fab13a722768204b128bc71e928c97_s390x",
"product": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:8d6371a5fe374e3bc5c19a930ea712d266fab13a722768204b128bc71e928c97_s390x",
"product_id": "registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:8d6371a5fe374e3bc5c19a930ea712d266fab13a722768204b128bc71e928c97_s390x",
"product_identification_helper": {
"purl": "pkg:oci/openshift-builds-image-bundler-rhel9@sha256%3A8d6371a5fe374e3bc5c19a930ea712d266fab13a722768204b128bc71e928c97?arch=s390x\u0026repository_url=registry.redhat.io/openshift-builds\u0026tag=1776846372"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:679b470190ff7a7fc04e283884be4f24d1b0c475d0730fb718f2f45c60551b61_s390x",
"product": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:679b470190ff7a7fc04e283884be4f24d1b0c475d0730fb718f2f45c60551b61_s390x",
"product_id": "registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:679b470190ff7a7fc04e283884be4f24d1b0c475d0730fb718f2f45c60551b61_s390x",
"product_identification_helper": {
"purl": "pkg:oci/openshift-builds-image-processing-rhel9@sha256%3A679b470190ff7a7fc04e283884be4f24d1b0c475d0730fb718f2f45c60551b61?arch=s390x\u0026repository_url=registry.redhat.io/openshift-builds\u0026tag=1776849396"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:7173a298b07cbde3cd9ff12ca25f26ccf79b9ff8cfcb35a001c9f8c0b0291436_s390x",
"product": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:7173a298b07cbde3cd9ff12ca25f26ccf79b9ff8cfcb35a001c9f8c0b0291436_s390x",
"product_id": "registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:7173a298b07cbde3cd9ff12ca25f26ccf79b9ff8cfcb35a001c9f8c0b0291436_s390x",
"product_identification_helper": {
"purl": "pkg:oci/openshift-builds-rhel9-operator@sha256%3A7173a298b07cbde3cd9ff12ca25f26ccf79b9ff8cfcb35a001c9f8c0b0291436?arch=s390x\u0026repository_url=registry.redhat.io/openshift-builds\u0026tag=1776860241"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:b39a2930e310d432a840798f03f7e55b8da42ff16ccda31790f85558d2be2537_s390x",
"product": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:b39a2930e310d432a840798f03f7e55b8da42ff16ccda31790f85558d2be2537_s390x",
"product_id": "registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:b39a2930e310d432a840798f03f7e55b8da42ff16ccda31790f85558d2be2537_s390x",
"product_identification_helper": {
"purl": "pkg:oci/openshift-builds-shared-resource-rhel9@sha256%3Ab39a2930e310d432a840798f03f7e55b8da42ff16ccda31790f85558d2be2537?arch=s390x\u0026repository_url=registry.redhat.io/openshift-builds\u0026tag=1776851459"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:1d01e27a3cdea6c99a985b877e29629d1c1fb00203f4a90c45db6df7a602e2cc_s390x",
"product": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:1d01e27a3cdea6c99a985b877e29629d1c1fb00203f4a90c45db6df7a602e2cc_s390x",
"product_id": "registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:1d01e27a3cdea6c99a985b877e29629d1c1fb00203f4a90c45db6df7a602e2cc_s390x",
"product_identification_helper": {
"purl": "pkg:oci/openshift-builds-shared-resource-webhook-rhel9@sha256%3A1d01e27a3cdea6c99a985b877e29629d1c1fb00203f4a90c45db6df7a602e2cc?arch=s390x\u0026repository_url=registry.redhat.io/openshift-builds\u0026tag=1776852111"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:b2173caa314ae26d2a300f61cfa94031c34fe7676fd007418849212082db3636_s390x",
"product": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:b2173caa314ae26d2a300f61cfa94031c34fe7676fd007418849212082db3636_s390x",
"product_id": "registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:b2173caa314ae26d2a300f61cfa94031c34fe7676fd007418849212082db3636_s390x",
"product_identification_helper": {
"purl": "pkg:oci/openshift-builds-waiters-rhel9@sha256%3Ab2173caa314ae26d2a300f61cfa94031c34fe7676fd007418849212082db3636?arch=s390x\u0026repository_url=registry.redhat.io/openshift-builds\u0026tag=1776846936"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:e593bebc4e753ac3c4cdd1be05711452dbda6e3b015b37926fa804851bdad6a8_s390x",
"product": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:e593bebc4e753ac3c4cdd1be05711452dbda6e3b015b37926fa804851bdad6a8_s390x",
"product_id": "registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:e593bebc4e753ac3c4cdd1be05711452dbda6e3b015b37926fa804851bdad6a8_s390x",
"product_identification_helper": {
"purl": "pkg:oci/openshift-builds-webhook-rhel9@sha256%3Ae593bebc4e753ac3c4cdd1be05711452dbda6e3b015b37926fa804851bdad6a8?arch=s390x\u0026repository_url=registry.redhat.io/openshift-builds\u0026tag=1776846493"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:5008dcb0428a0837b9abd827963e7008c8e16af8cfcbd432421286fca63fe714_amd64 as a component of Red Hat OpenShift Builds 1.7.3",
"product_id": "Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:5008dcb0428a0837b9abd827963e7008c8e16af8cfcbd432421286fca63fe714_amd64"
},
"product_reference": "registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:5008dcb0428a0837b9abd827963e7008c8e16af8cfcbd432421286fca63fe714_amd64",
"relates_to_product_reference": "Red Hat OpenShift Builds 1.7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:5856cba3fe26ab7f756ba93e06caa6e522336ff36ff4c515132a8d35c85a2f64_s390x as a component of Red Hat OpenShift Builds 1.7.3",
"product_id": "Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:5856cba3fe26ab7f756ba93e06caa6e522336ff36ff4c515132a8d35c85a2f64_s390x"
},
"product_reference": "registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:5856cba3fe26ab7f756ba93e06caa6e522336ff36ff4c515132a8d35c85a2f64_s390x",
"relates_to_product_reference": "Red Hat OpenShift Builds 1.7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:6ddf185f2714d45fab92c831bf32673da55c7a43dbcf1bd22090b203791e03b2_ppc64le as a component of Red Hat OpenShift Builds 1.7.3",
"product_id": "Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:6ddf185f2714d45fab92c831bf32673da55c7a43dbcf1bd22090b203791e03b2_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:6ddf185f2714d45fab92c831bf32673da55c7a43dbcf1bd22090b203791e03b2_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Builds 1.7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:eb32b129ea6a10b4aada4313ff11b04c33b99877eea9a5e567245d361d69f140_arm64 as a component of Red Hat OpenShift Builds 1.7.3",
"product_id": "Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:eb32b129ea6a10b4aada4313ff11b04c33b99877eea9a5e567245d361d69f140_arm64"
},
"product_reference": "registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:eb32b129ea6a10b4aada4313ff11b04c33b99877eea9a5e567245d361d69f140_arm64",
"relates_to_product_reference": "Red Hat OpenShift Builds 1.7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:165f6085028f3859f6ede9176d413274ee1a457b72cd9c437795146c20b0722c_amd64 as a component of Red Hat OpenShift Builds 1.7.3",
"product_id": "Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:165f6085028f3859f6ede9176d413274ee1a457b72cd9c437795146c20b0722c_amd64"
},
"product_reference": "registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:165f6085028f3859f6ede9176d413274ee1a457b72cd9c437795146c20b0722c_amd64",
"relates_to_product_reference": "Red Hat OpenShift Builds 1.7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:7a39f26f51bcbb4ef395208db01e2b0ee8b1fe9b15b3701c9c35d8f636f790d9_arm64 as a component of Red Hat OpenShift Builds 1.7.3",
"product_id": "Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:7a39f26f51bcbb4ef395208db01e2b0ee8b1fe9b15b3701c9c35d8f636f790d9_arm64"
},
"product_reference": "registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:7a39f26f51bcbb4ef395208db01e2b0ee8b1fe9b15b3701c9c35d8f636f790d9_arm64",
"relates_to_product_reference": "Red Hat OpenShift Builds 1.7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:a4d609ff22b610b625a74fffd22883d5debe93c2e0c6ae2bcbbfd8f5f6b2cf12_s390x as a component of Red Hat OpenShift Builds 1.7.3",
"product_id": "Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:a4d609ff22b610b625a74fffd22883d5debe93c2e0c6ae2bcbbfd8f5f6b2cf12_s390x"
},
"product_reference": "registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:a4d609ff22b610b625a74fffd22883d5debe93c2e0c6ae2bcbbfd8f5f6b2cf12_s390x",
"relates_to_product_reference": "Red Hat OpenShift Builds 1.7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:ec02f5f031fefd5a610b69a81be5350f96e54511e2d2c619e8b9fe8f193297b6_ppc64le as a component of Red Hat OpenShift Builds 1.7.3",
"product_id": "Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:ec02f5f031fefd5a610b69a81be5350f96e54511e2d2c619e8b9fe8f193297b6_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:ec02f5f031fefd5a610b69a81be5350f96e54511e2d2c619e8b9fe8f193297b6_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Builds 1.7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:0070df2a8c7882ae021000c498ead96b19f1bd6819e46657d5898cb71e6ec506_arm64 as a component of Red Hat OpenShift Builds 1.7.3",
"product_id": "Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:0070df2a8c7882ae021000c498ead96b19f1bd6819e46657d5898cb71e6ec506_arm64"
},
"product_reference": "registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:0070df2a8c7882ae021000c498ead96b19f1bd6819e46657d5898cb71e6ec506_arm64",
"relates_to_product_reference": "Red Hat OpenShift Builds 1.7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:4b578a8ef1579d7168b7f0a1b7cebe66213003f8225a86cfdd4c9f24a5e2d871_ppc64le as a component of Red Hat OpenShift Builds 1.7.3",
"product_id": "Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:4b578a8ef1579d7168b7f0a1b7cebe66213003f8225a86cfdd4c9f24a5e2d871_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:4b578a8ef1579d7168b7f0a1b7cebe66213003f8225a86cfdd4c9f24a5e2d871_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Builds 1.7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:8d6371a5fe374e3bc5c19a930ea712d266fab13a722768204b128bc71e928c97_s390x as a component of Red Hat OpenShift Builds 1.7.3",
"product_id": "Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:8d6371a5fe374e3bc5c19a930ea712d266fab13a722768204b128bc71e928c97_s390x"
},
"product_reference": "registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:8d6371a5fe374e3bc5c19a930ea712d266fab13a722768204b128bc71e928c97_s390x",
"relates_to_product_reference": "Red Hat OpenShift Builds 1.7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:985b19d79b3e54fc8b99b9b0239b74dcf6d0102d3ff0cd5363ae4627069d2ee1_amd64 as a component of Red Hat OpenShift Builds 1.7.3",
"product_id": "Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:985b19d79b3e54fc8b99b9b0239b74dcf6d0102d3ff0cd5363ae4627069d2ee1_amd64"
},
"product_reference": "registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:985b19d79b3e54fc8b99b9b0239b74dcf6d0102d3ff0cd5363ae4627069d2ee1_amd64",
"relates_to_product_reference": "Red Hat OpenShift Builds 1.7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:2a0a6ea6465a6d165f072ef782a1825cc16ecfb2f8c58d5ec58c1d40d02e5208_arm64 as a component of Red Hat OpenShift Builds 1.7.3",
"product_id": "Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:2a0a6ea6465a6d165f072ef782a1825cc16ecfb2f8c58d5ec58c1d40d02e5208_arm64"
},
"product_reference": "registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:2a0a6ea6465a6d165f072ef782a1825cc16ecfb2f8c58d5ec58c1d40d02e5208_arm64",
"relates_to_product_reference": "Red Hat OpenShift Builds 1.7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:679b470190ff7a7fc04e283884be4f24d1b0c475d0730fb718f2f45c60551b61_s390x as a component of Red Hat OpenShift Builds 1.7.3",
"product_id": "Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:679b470190ff7a7fc04e283884be4f24d1b0c475d0730fb718f2f45c60551b61_s390x"
},
"product_reference": "registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:679b470190ff7a7fc04e283884be4f24d1b0c475d0730fb718f2f45c60551b61_s390x",
"relates_to_product_reference": "Red Hat OpenShift Builds 1.7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:9734d0dc0367884e128837b7d02038a3b4136c4865ed3dc90902801393e178b4_ppc64le as a component of Red Hat OpenShift Builds 1.7.3",
"product_id": "Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:9734d0dc0367884e128837b7d02038a3b4136c4865ed3dc90902801393e178b4_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:9734d0dc0367884e128837b7d02038a3b4136c4865ed3dc90902801393e178b4_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Builds 1.7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:f5f35702e424cd4e9b768c59d44928844b2d09fbb98d368ae7b54b7ec0771d13_amd64 as a component of Red Hat OpenShift Builds 1.7.3",
"product_id": "Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:f5f35702e424cd4e9b768c59d44928844b2d09fbb98d368ae7b54b7ec0771d13_amd64"
},
"product_reference": "registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:f5f35702e424cd4e9b768c59d44928844b2d09fbb98d368ae7b54b7ec0771d13_amd64",
"relates_to_product_reference": "Red Hat OpenShift Builds 1.7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-operator-bundle@sha256:093834bac2e2f7f01968ef542b9bcbf5fbe530c9f0dd86521825797abb4a33a2_amd64 as a component of Red Hat OpenShift Builds 1.7.3",
"product_id": "Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-operator-bundle@sha256:093834bac2e2f7f01968ef542b9bcbf5fbe530c9f0dd86521825797abb4a33a2_amd64"
},
"product_reference": "registry.redhat.io/openshift-builds/openshift-builds-operator-bundle@sha256:093834bac2e2f7f01968ef542b9bcbf5fbe530c9f0dd86521825797abb4a33a2_amd64",
"relates_to_product_reference": "Red Hat OpenShift Builds 1.7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:190edd3effb60c56c885fc964d3eb48076293e1e43d745c4615ed00ef7daa145_ppc64le as a component of Red Hat OpenShift Builds 1.7.3",
"product_id": "Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:190edd3effb60c56c885fc964d3eb48076293e1e43d745c4615ed00ef7daa145_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:190edd3effb60c56c885fc964d3eb48076293e1e43d745c4615ed00ef7daa145_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Builds 1.7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:382be8775c61942123adac2acec9f48085ebf7fd2b286c20e36a33ea6462baa7_arm64 as a component of Red Hat OpenShift Builds 1.7.3",
"product_id": "Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:382be8775c61942123adac2acec9f48085ebf7fd2b286c20e36a33ea6462baa7_arm64"
},
"product_reference": "registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:382be8775c61942123adac2acec9f48085ebf7fd2b286c20e36a33ea6462baa7_arm64",
"relates_to_product_reference": "Red Hat OpenShift Builds 1.7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:5e83175abaef1e3046bac94621a86e036317833c740cdd6d235f1133a1388dd3_amd64 as a component of Red Hat OpenShift Builds 1.7.3",
"product_id": "Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:5e83175abaef1e3046bac94621a86e036317833c740cdd6d235f1133a1388dd3_amd64"
},
"product_reference": "registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:5e83175abaef1e3046bac94621a86e036317833c740cdd6d235f1133a1388dd3_amd64",
"relates_to_product_reference": "Red Hat OpenShift Builds 1.7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:7173a298b07cbde3cd9ff12ca25f26ccf79b9ff8cfcb35a001c9f8c0b0291436_s390x as a component of Red Hat OpenShift Builds 1.7.3",
"product_id": "Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:7173a298b07cbde3cd9ff12ca25f26ccf79b9ff8cfcb35a001c9f8c0b0291436_s390x"
},
"product_reference": "registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:7173a298b07cbde3cd9ff12ca25f26ccf79b9ff8cfcb35a001c9f8c0b0291436_s390x",
"relates_to_product_reference": "Red Hat OpenShift Builds 1.7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:16cf5e33f297c027686d3ba9c6cbb01dba7a39299e2765fe4eaacc892b32f0d1_amd64 as a component of Red Hat OpenShift Builds 1.7.3",
"product_id": "Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:16cf5e33f297c027686d3ba9c6cbb01dba7a39299e2765fe4eaacc892b32f0d1_amd64"
},
"product_reference": "registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:16cf5e33f297c027686d3ba9c6cbb01dba7a39299e2765fe4eaacc892b32f0d1_amd64",
"relates_to_product_reference": "Red Hat OpenShift Builds 1.7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:4715242f98234d2018f8317d9a57f63ff23b4d63be96491d55af2a2ef4572261_arm64 as a component of Red Hat OpenShift Builds 1.7.3",
"product_id": "Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:4715242f98234d2018f8317d9a57f63ff23b4d63be96491d55af2a2ef4572261_arm64"
},
"product_reference": "registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:4715242f98234d2018f8317d9a57f63ff23b4d63be96491d55af2a2ef4572261_arm64",
"relates_to_product_reference": "Red Hat OpenShift Builds 1.7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:678c8d38900d994c4aa2e23669b7901747028690a4c5e4ba9aced4cbfe22b248_ppc64le as a component of Red Hat OpenShift Builds 1.7.3",
"product_id": "Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:678c8d38900d994c4aa2e23669b7901747028690a4c5e4ba9aced4cbfe22b248_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:678c8d38900d994c4aa2e23669b7901747028690a4c5e4ba9aced4cbfe22b248_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Builds 1.7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:b39a2930e310d432a840798f03f7e55b8da42ff16ccda31790f85558d2be2537_s390x as a component of Red Hat OpenShift Builds 1.7.3",
"product_id": "Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:b39a2930e310d432a840798f03f7e55b8da42ff16ccda31790f85558d2be2537_s390x"
},
"product_reference": "registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:b39a2930e310d432a840798f03f7e55b8da42ff16ccda31790f85558d2be2537_s390x",
"relates_to_product_reference": "Red Hat OpenShift Builds 1.7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:1d01e27a3cdea6c99a985b877e29629d1c1fb00203f4a90c45db6df7a602e2cc_s390x as a component of Red Hat OpenShift Builds 1.7.3",
"product_id": "Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:1d01e27a3cdea6c99a985b877e29629d1c1fb00203f4a90c45db6df7a602e2cc_s390x"
},
"product_reference": "registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:1d01e27a3cdea6c99a985b877e29629d1c1fb00203f4a90c45db6df7a602e2cc_s390x",
"relates_to_product_reference": "Red Hat OpenShift Builds 1.7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:88b38ad10068e0574d2e5934849b98429c69305633b42aa4d19822ede2a6e10d_ppc64le as a component of Red Hat OpenShift Builds 1.7.3",
"product_id": "Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:88b38ad10068e0574d2e5934849b98429c69305633b42aa4d19822ede2a6e10d_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:88b38ad10068e0574d2e5934849b98429c69305633b42aa4d19822ede2a6e10d_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Builds 1.7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:b020334c46f2d7276ba0c3aa8be7951254b197b2da310f0c22d2e16681a6a265_arm64 as a component of Red Hat OpenShift Builds 1.7.3",
"product_id": "Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:b020334c46f2d7276ba0c3aa8be7951254b197b2da310f0c22d2e16681a6a265_arm64"
},
"product_reference": "registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:b020334c46f2d7276ba0c3aa8be7951254b197b2da310f0c22d2e16681a6a265_arm64",
"relates_to_product_reference": "Red Hat OpenShift Builds 1.7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:f2c222424cd66659ebea6787b6934c2d01d9eeb4f7db03ebfa16ab7b65aeb5b2_amd64 as a component of Red Hat OpenShift Builds 1.7.3",
"product_id": "Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:f2c222424cd66659ebea6787b6934c2d01d9eeb4f7db03ebfa16ab7b65aeb5b2_amd64"
},
"product_reference": "registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:f2c222424cd66659ebea6787b6934c2d01d9eeb4f7db03ebfa16ab7b65aeb5b2_amd64",
"relates_to_product_reference": "Red Hat OpenShift Builds 1.7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:153f9e059139e6dbaeb2e5166d21bfeec59a59aa5cd8045e11dbfa091479b4bb_amd64 as a component of Red Hat OpenShift Builds 1.7.3",
"product_id": "Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:153f9e059139e6dbaeb2e5166d21bfeec59a59aa5cd8045e11dbfa091479b4bb_amd64"
},
"product_reference": "registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:153f9e059139e6dbaeb2e5166d21bfeec59a59aa5cd8045e11dbfa091479b4bb_amd64",
"relates_to_product_reference": "Red Hat OpenShift Builds 1.7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:b2173caa314ae26d2a300f61cfa94031c34fe7676fd007418849212082db3636_s390x as a component of Red Hat OpenShift Builds 1.7.3",
"product_id": "Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:b2173caa314ae26d2a300f61cfa94031c34fe7676fd007418849212082db3636_s390x"
},
"product_reference": "registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:b2173caa314ae26d2a300f61cfa94031c34fe7676fd007418849212082db3636_s390x",
"relates_to_product_reference": "Red Hat OpenShift Builds 1.7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:cd9ada6b38c080eec45e1d053ec305dde2d574899019ffb01a28dbe1dd582912_arm64 as a component of Red Hat OpenShift Builds 1.7.3",
"product_id": "Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:cd9ada6b38c080eec45e1d053ec305dde2d574899019ffb01a28dbe1dd582912_arm64"
},
"product_reference": "registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:cd9ada6b38c080eec45e1d053ec305dde2d574899019ffb01a28dbe1dd582912_arm64",
"relates_to_product_reference": "Red Hat OpenShift Builds 1.7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:f17eb032f7250aa4a3bb99e2754fa4cb0dbfc9fbbb8c787f70ad30b71b27b5a2_ppc64le as a component of Red Hat OpenShift Builds 1.7.3",
"product_id": "Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:f17eb032f7250aa4a3bb99e2754fa4cb0dbfc9fbbb8c787f70ad30b71b27b5a2_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:f17eb032f7250aa4a3bb99e2754fa4cb0dbfc9fbbb8c787f70ad30b71b27b5a2_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Builds 1.7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:1a57b53f8642ccb95884687efc251ad52e8ee3e718b55d0f4d21f800dfd3f5fa_arm64 as a component of Red Hat OpenShift Builds 1.7.3",
"product_id": "Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:1a57b53f8642ccb95884687efc251ad52e8ee3e718b55d0f4d21f800dfd3f5fa_arm64"
},
"product_reference": "registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:1a57b53f8642ccb95884687efc251ad52e8ee3e718b55d0f4d21f800dfd3f5fa_arm64",
"relates_to_product_reference": "Red Hat OpenShift Builds 1.7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:6234cfecf4dd75b8c4ff1c527ad4eb306d966cfa0170ecdb8ea4bc69c2cdc495_amd64 as a component of Red Hat OpenShift Builds 1.7.3",
"product_id": "Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:6234cfecf4dd75b8c4ff1c527ad4eb306d966cfa0170ecdb8ea4bc69c2cdc495_amd64"
},
"product_reference": "registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:6234cfecf4dd75b8c4ff1c527ad4eb306d966cfa0170ecdb8ea4bc69c2cdc495_amd64",
"relates_to_product_reference": "Red Hat OpenShift Builds 1.7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:779e75a94141db7f8223b9861ba2fa3ba8baf6fa470bb0ab109945d75e20121b_ppc64le as a component of Red Hat OpenShift Builds 1.7.3",
"product_id": "Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:779e75a94141db7f8223b9861ba2fa3ba8baf6fa470bb0ab109945d75e20121b_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:779e75a94141db7f8223b9861ba2fa3ba8baf6fa470bb0ab109945d75e20121b_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Builds 1.7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:e593bebc4e753ac3c4cdd1be05711452dbda6e3b015b37926fa804851bdad6a8_s390x as a component of Red Hat OpenShift Builds 1.7.3",
"product_id": "Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:e593bebc4e753ac3c4cdd1be05711452dbda6e3b015b37926fa804851bdad6a8_s390x"
},
"product_reference": "registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:e593bebc4e753ac3c4cdd1be05711452dbda6e3b015b37926fa804851bdad6a8_s390x",
"relates_to_product_reference": "Red Hat OpenShift Builds 1.7.3"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-68121",
"discovery_date": "2026-02-05T18:01:30.086058+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:5008dcb0428a0837b9abd827963e7008c8e16af8cfcbd432421286fca63fe714_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:5856cba3fe26ab7f756ba93e06caa6e522336ff36ff4c515132a8d35c85a2f64_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:6ddf185f2714d45fab92c831bf32673da55c7a43dbcf1bd22090b203791e03b2_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:eb32b129ea6a10b4aada4313ff11b04c33b99877eea9a5e567245d361d69f140_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:165f6085028f3859f6ede9176d413274ee1a457b72cd9c437795146c20b0722c_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:7a39f26f51bcbb4ef395208db01e2b0ee8b1fe9b15b3701c9c35d8f636f790d9_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:a4d609ff22b610b625a74fffd22883d5debe93c2e0c6ae2bcbbfd8f5f6b2cf12_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:ec02f5f031fefd5a610b69a81be5350f96e54511e2d2c619e8b9fe8f193297b6_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:0070df2a8c7882ae021000c498ead96b19f1bd6819e46657d5898cb71e6ec506_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:4b578a8ef1579d7168b7f0a1b7cebe66213003f8225a86cfdd4c9f24a5e2d871_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:8d6371a5fe374e3bc5c19a930ea712d266fab13a722768204b128bc71e928c97_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:985b19d79b3e54fc8b99b9b0239b74dcf6d0102d3ff0cd5363ae4627069d2ee1_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:2a0a6ea6465a6d165f072ef782a1825cc16ecfb2f8c58d5ec58c1d40d02e5208_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:679b470190ff7a7fc04e283884be4f24d1b0c475d0730fb718f2f45c60551b61_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:9734d0dc0367884e128837b7d02038a3b4136c4865ed3dc90902801393e178b4_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:f5f35702e424cd4e9b768c59d44928844b2d09fbb98d368ae7b54b7ec0771d13_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-operator-bundle@sha256:093834bac2e2f7f01968ef542b9bcbf5fbe530c9f0dd86521825797abb4a33a2_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:190edd3effb60c56c885fc964d3eb48076293e1e43d745c4615ed00ef7daa145_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:382be8775c61942123adac2acec9f48085ebf7fd2b286c20e36a33ea6462baa7_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:5e83175abaef1e3046bac94621a86e036317833c740cdd6d235f1133a1388dd3_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:7173a298b07cbde3cd9ff12ca25f26ccf79b9ff8cfcb35a001c9f8c0b0291436_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:16cf5e33f297c027686d3ba9c6cbb01dba7a39299e2765fe4eaacc892b32f0d1_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:4715242f98234d2018f8317d9a57f63ff23b4d63be96491d55af2a2ef4572261_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:678c8d38900d994c4aa2e23669b7901747028690a4c5e4ba9aced4cbfe22b248_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:b39a2930e310d432a840798f03f7e55b8da42ff16ccda31790f85558d2be2537_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:1d01e27a3cdea6c99a985b877e29629d1c1fb00203f4a90c45db6df7a602e2cc_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:88b38ad10068e0574d2e5934849b98429c69305633b42aa4d19822ede2a6e10d_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:b020334c46f2d7276ba0c3aa8be7951254b197b2da310f0c22d2e16681a6a265_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:f2c222424cd66659ebea6787b6934c2d01d9eeb4f7db03ebfa16ab7b65aeb5b2_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:1a57b53f8642ccb95884687efc251ad52e8ee3e718b55d0f4d21f800dfd3f5fa_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:6234cfecf4dd75b8c4ff1c527ad4eb306d966cfa0170ecdb8ea4bc69c2cdc495_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:779e75a94141db7f8223b9861ba2fa3ba8baf6fa470bb0ab109945d75e20121b_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:e593bebc4e753ac3c4cdd1be05711452dbda6e3b015b37926fa804851bdad6a8_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2437111"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the crypto/tls component. This vulnerability occurs during Transport Layer Security (TLS) session resumption when certificate authority (CA) settings are modified between the initial and resumed handshakes. An attacker could exploit this to bypass certificate validation, allowing a client or server to establish a connection that should have been rejected. This could lead to an authentication bypass under specific conditions.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is a moderate flaw because it only occurs under specific conditions, such as TLS session resumption with runtime changes to certificate authority settings. Exploitation is not straightforward and requires a controlled setup. The impact is limited to certificate validation within the same component and does not affect system availability.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:153f9e059139e6dbaeb2e5166d21bfeec59a59aa5cd8045e11dbfa091479b4bb_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:b2173caa314ae26d2a300f61cfa94031c34fe7676fd007418849212082db3636_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:cd9ada6b38c080eec45e1d053ec305dde2d574899019ffb01a28dbe1dd582912_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:f17eb032f7250aa4a3bb99e2754fa4cb0dbfc9fbbb8c787f70ad30b71b27b5a2_ppc64le"
],
"known_not_affected": [
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:5008dcb0428a0837b9abd827963e7008c8e16af8cfcbd432421286fca63fe714_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:5856cba3fe26ab7f756ba93e06caa6e522336ff36ff4c515132a8d35c85a2f64_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:6ddf185f2714d45fab92c831bf32673da55c7a43dbcf1bd22090b203791e03b2_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:eb32b129ea6a10b4aada4313ff11b04c33b99877eea9a5e567245d361d69f140_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:165f6085028f3859f6ede9176d413274ee1a457b72cd9c437795146c20b0722c_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:7a39f26f51bcbb4ef395208db01e2b0ee8b1fe9b15b3701c9c35d8f636f790d9_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:a4d609ff22b610b625a74fffd22883d5debe93c2e0c6ae2bcbbfd8f5f6b2cf12_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:ec02f5f031fefd5a610b69a81be5350f96e54511e2d2c619e8b9fe8f193297b6_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:0070df2a8c7882ae021000c498ead96b19f1bd6819e46657d5898cb71e6ec506_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:4b578a8ef1579d7168b7f0a1b7cebe66213003f8225a86cfdd4c9f24a5e2d871_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:8d6371a5fe374e3bc5c19a930ea712d266fab13a722768204b128bc71e928c97_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:985b19d79b3e54fc8b99b9b0239b74dcf6d0102d3ff0cd5363ae4627069d2ee1_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:2a0a6ea6465a6d165f072ef782a1825cc16ecfb2f8c58d5ec58c1d40d02e5208_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:679b470190ff7a7fc04e283884be4f24d1b0c475d0730fb718f2f45c60551b61_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:9734d0dc0367884e128837b7d02038a3b4136c4865ed3dc90902801393e178b4_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:f5f35702e424cd4e9b768c59d44928844b2d09fbb98d368ae7b54b7ec0771d13_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-operator-bundle@sha256:093834bac2e2f7f01968ef542b9bcbf5fbe530c9f0dd86521825797abb4a33a2_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:190edd3effb60c56c885fc964d3eb48076293e1e43d745c4615ed00ef7daa145_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:382be8775c61942123adac2acec9f48085ebf7fd2b286c20e36a33ea6462baa7_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:5e83175abaef1e3046bac94621a86e036317833c740cdd6d235f1133a1388dd3_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:7173a298b07cbde3cd9ff12ca25f26ccf79b9ff8cfcb35a001c9f8c0b0291436_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:16cf5e33f297c027686d3ba9c6cbb01dba7a39299e2765fe4eaacc892b32f0d1_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:4715242f98234d2018f8317d9a57f63ff23b4d63be96491d55af2a2ef4572261_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:678c8d38900d994c4aa2e23669b7901747028690a4c5e4ba9aced4cbfe22b248_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:b39a2930e310d432a840798f03f7e55b8da42ff16ccda31790f85558d2be2537_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:1d01e27a3cdea6c99a985b877e29629d1c1fb00203f4a90c45db6df7a602e2cc_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:88b38ad10068e0574d2e5934849b98429c69305633b42aa4d19822ede2a6e10d_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:b020334c46f2d7276ba0c3aa8be7951254b197b2da310f0c22d2e16681a6a265_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:f2c222424cd66659ebea6787b6934c2d01d9eeb4f7db03ebfa16ab7b65aeb5b2_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:1a57b53f8642ccb95884687efc251ad52e8ee3e718b55d0f4d21f800dfd3f5fa_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:6234cfecf4dd75b8c4ff1c527ad4eb306d966cfa0170ecdb8ea4bc69c2cdc495_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:779e75a94141db7f8223b9861ba2fa3ba8baf6fa470bb0ab109945d75e20121b_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:e593bebc4e753ac3c4cdd1be05711452dbda6e3b015b37926fa804851bdad6a8_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-68121"
},
{
"category": "external",
"summary": "RHBZ#2437111",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2437111"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-68121",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68121"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-68121",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68121"
},
{
"category": "external",
"summary": "https://go.dev/cl/737700",
"url": "https://go.dev/cl/737700"
},
{
"category": "external",
"summary": "https://go.dev/issue/77217",
"url": "https://go.dev/issue/77217"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk",
"url": "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4337",
"url": "https://pkg.go.dev/vuln/GO-2026-4337"
}
],
"release_date": "2026-02-05T17:48:44.141000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-23T14:13:54+00:00",
"details": "It is recommended that existing users of Red Hat OpenShift Builds 1.7.1 upgrades to to 1.7.2",
"product_ids": [
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:153f9e059139e6dbaeb2e5166d21bfeec59a59aa5cd8045e11dbfa091479b4bb_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:b2173caa314ae26d2a300f61cfa94031c34fe7676fd007418849212082db3636_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:cd9ada6b38c080eec45e1d053ec305dde2d574899019ffb01a28dbe1dd582912_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:f17eb032f7250aa4a3bb99e2754fa4cb0dbfc9fbbb8c787f70ad30b71b27b5a2_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:10158"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:5008dcb0428a0837b9abd827963e7008c8e16af8cfcbd432421286fca63fe714_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:5856cba3fe26ab7f756ba93e06caa6e522336ff36ff4c515132a8d35c85a2f64_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:6ddf185f2714d45fab92c831bf32673da55c7a43dbcf1bd22090b203791e03b2_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:eb32b129ea6a10b4aada4313ff11b04c33b99877eea9a5e567245d361d69f140_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:165f6085028f3859f6ede9176d413274ee1a457b72cd9c437795146c20b0722c_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:7a39f26f51bcbb4ef395208db01e2b0ee8b1fe9b15b3701c9c35d8f636f790d9_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:a4d609ff22b610b625a74fffd22883d5debe93c2e0c6ae2bcbbfd8f5f6b2cf12_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:ec02f5f031fefd5a610b69a81be5350f96e54511e2d2c619e8b9fe8f193297b6_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:0070df2a8c7882ae021000c498ead96b19f1bd6819e46657d5898cb71e6ec506_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:4b578a8ef1579d7168b7f0a1b7cebe66213003f8225a86cfdd4c9f24a5e2d871_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:8d6371a5fe374e3bc5c19a930ea712d266fab13a722768204b128bc71e928c97_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:985b19d79b3e54fc8b99b9b0239b74dcf6d0102d3ff0cd5363ae4627069d2ee1_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:2a0a6ea6465a6d165f072ef782a1825cc16ecfb2f8c58d5ec58c1d40d02e5208_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:679b470190ff7a7fc04e283884be4f24d1b0c475d0730fb718f2f45c60551b61_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:9734d0dc0367884e128837b7d02038a3b4136c4865ed3dc90902801393e178b4_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:f5f35702e424cd4e9b768c59d44928844b2d09fbb98d368ae7b54b7ec0771d13_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-operator-bundle@sha256:093834bac2e2f7f01968ef542b9bcbf5fbe530c9f0dd86521825797abb4a33a2_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:190edd3effb60c56c885fc964d3eb48076293e1e43d745c4615ed00ef7daa145_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:382be8775c61942123adac2acec9f48085ebf7fd2b286c20e36a33ea6462baa7_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:5e83175abaef1e3046bac94621a86e036317833c740cdd6d235f1133a1388dd3_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:7173a298b07cbde3cd9ff12ca25f26ccf79b9ff8cfcb35a001c9f8c0b0291436_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:16cf5e33f297c027686d3ba9c6cbb01dba7a39299e2765fe4eaacc892b32f0d1_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:4715242f98234d2018f8317d9a57f63ff23b4d63be96491d55af2a2ef4572261_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:678c8d38900d994c4aa2e23669b7901747028690a4c5e4ba9aced4cbfe22b248_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:b39a2930e310d432a840798f03f7e55b8da42ff16ccda31790f85558d2be2537_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:1d01e27a3cdea6c99a985b877e29629d1c1fb00203f4a90c45db6df7a602e2cc_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:88b38ad10068e0574d2e5934849b98429c69305633b42aa4d19822ede2a6e10d_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:b020334c46f2d7276ba0c3aa8be7951254b197b2da310f0c22d2e16681a6a265_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:f2c222424cd66659ebea6787b6934c2d01d9eeb4f7db03ebfa16ab7b65aeb5b2_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:153f9e059139e6dbaeb2e5166d21bfeec59a59aa5cd8045e11dbfa091479b4bb_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:b2173caa314ae26d2a300f61cfa94031c34fe7676fd007418849212082db3636_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:cd9ada6b38c080eec45e1d053ec305dde2d574899019ffb01a28dbe1dd582912_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:f17eb032f7250aa4a3bb99e2754fa4cb0dbfc9fbbb8c787f70ad30b71b27b5a2_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:1a57b53f8642ccb95884687efc251ad52e8ee3e718b55d0f4d21f800dfd3f5fa_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:6234cfecf4dd75b8c4ff1c527ad4eb306d966cfa0170ecdb8ea4bc69c2cdc495_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:779e75a94141db7f8223b9861ba2fa3ba8baf6fa470bb0ab109945d75e20121b_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:e593bebc4e753ac3c4cdd1be05711452dbda6e3b015b37926fa804851bdad6a8_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption"
},
{
"cve": "CVE-2026-25679",
"cwe": {
"id": "CWE-1286",
"name": "Improper Validation of Syntactic Correctness of Input"
},
"discovery_date": "2026-03-06T22:02:11.567841+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:5008dcb0428a0837b9abd827963e7008c8e16af8cfcbd432421286fca63fe714_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:5856cba3fe26ab7f756ba93e06caa6e522336ff36ff4c515132a8d35c85a2f64_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:6ddf185f2714d45fab92c831bf32673da55c7a43dbcf1bd22090b203791e03b2_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:eb32b129ea6a10b4aada4313ff11b04c33b99877eea9a5e567245d361d69f140_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:165f6085028f3859f6ede9176d413274ee1a457b72cd9c437795146c20b0722c_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:7a39f26f51bcbb4ef395208db01e2b0ee8b1fe9b15b3701c9c35d8f636f790d9_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:a4d609ff22b610b625a74fffd22883d5debe93c2e0c6ae2bcbbfd8f5f6b2cf12_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:ec02f5f031fefd5a610b69a81be5350f96e54511e2d2c619e8b9fe8f193297b6_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:0070df2a8c7882ae021000c498ead96b19f1bd6819e46657d5898cb71e6ec506_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:4b578a8ef1579d7168b7f0a1b7cebe66213003f8225a86cfdd4c9f24a5e2d871_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:8d6371a5fe374e3bc5c19a930ea712d266fab13a722768204b128bc71e928c97_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:985b19d79b3e54fc8b99b9b0239b74dcf6d0102d3ff0cd5363ae4627069d2ee1_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:2a0a6ea6465a6d165f072ef782a1825cc16ecfb2f8c58d5ec58c1d40d02e5208_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:679b470190ff7a7fc04e283884be4f24d1b0c475d0730fb718f2f45c60551b61_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:9734d0dc0367884e128837b7d02038a3b4136c4865ed3dc90902801393e178b4_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:f5f35702e424cd4e9b768c59d44928844b2d09fbb98d368ae7b54b7ec0771d13_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-operator-bundle@sha256:093834bac2e2f7f01968ef542b9bcbf5fbe530c9f0dd86521825797abb4a33a2_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:190edd3effb60c56c885fc964d3eb48076293e1e43d745c4615ed00ef7daa145_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:382be8775c61942123adac2acec9f48085ebf7fd2b286c20e36a33ea6462baa7_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:5e83175abaef1e3046bac94621a86e036317833c740cdd6d235f1133a1388dd3_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:7173a298b07cbde3cd9ff12ca25f26ccf79b9ff8cfcb35a001c9f8c0b0291436_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:16cf5e33f297c027686d3ba9c6cbb01dba7a39299e2765fe4eaacc892b32f0d1_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:4715242f98234d2018f8317d9a57f63ff23b4d63be96491d55af2a2ef4572261_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:678c8d38900d994c4aa2e23669b7901747028690a4c5e4ba9aced4cbfe22b248_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:b39a2930e310d432a840798f03f7e55b8da42ff16ccda31790f85558d2be2537_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:1d01e27a3cdea6c99a985b877e29629d1c1fb00203f4a90c45db6df7a602e2cc_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:88b38ad10068e0574d2e5934849b98429c69305633b42aa4d19822ede2a6e10d_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:b020334c46f2d7276ba0c3aa8be7951254b197b2da310f0c22d2e16681a6a265_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:f2c222424cd66659ebea6787b6934c2d01d9eeb4f7db03ebfa16ab7b65aeb5b2_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:1a57b53f8642ccb95884687efc251ad52e8ee3e718b55d0f4d21f800dfd3f5fa_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:6234cfecf4dd75b8c4ff1c527ad4eb306d966cfa0170ecdb8ea4bc69c2cdc495_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:779e75a94141db7f8223b9861ba2fa3ba8baf6fa470bb0ab109945d75e20121b_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:e593bebc4e753ac3c4cdd1be05711452dbda6e3b015b37926fa804851bdad6a8_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2445356"
}
],
"notes": [
{
"category": "description",
"text": "The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "net/url: Incorrect parsing of IPv6 host literals in net/url",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:153f9e059139e6dbaeb2e5166d21bfeec59a59aa5cd8045e11dbfa091479b4bb_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:b2173caa314ae26d2a300f61cfa94031c34fe7676fd007418849212082db3636_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:cd9ada6b38c080eec45e1d053ec305dde2d574899019ffb01a28dbe1dd582912_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:f17eb032f7250aa4a3bb99e2754fa4cb0dbfc9fbbb8c787f70ad30b71b27b5a2_ppc64le"
],
"known_not_affected": [
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:5008dcb0428a0837b9abd827963e7008c8e16af8cfcbd432421286fca63fe714_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:5856cba3fe26ab7f756ba93e06caa6e522336ff36ff4c515132a8d35c85a2f64_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:6ddf185f2714d45fab92c831bf32673da55c7a43dbcf1bd22090b203791e03b2_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:eb32b129ea6a10b4aada4313ff11b04c33b99877eea9a5e567245d361d69f140_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:165f6085028f3859f6ede9176d413274ee1a457b72cd9c437795146c20b0722c_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:7a39f26f51bcbb4ef395208db01e2b0ee8b1fe9b15b3701c9c35d8f636f790d9_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:a4d609ff22b610b625a74fffd22883d5debe93c2e0c6ae2bcbbfd8f5f6b2cf12_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:ec02f5f031fefd5a610b69a81be5350f96e54511e2d2c619e8b9fe8f193297b6_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:0070df2a8c7882ae021000c498ead96b19f1bd6819e46657d5898cb71e6ec506_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:4b578a8ef1579d7168b7f0a1b7cebe66213003f8225a86cfdd4c9f24a5e2d871_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:8d6371a5fe374e3bc5c19a930ea712d266fab13a722768204b128bc71e928c97_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:985b19d79b3e54fc8b99b9b0239b74dcf6d0102d3ff0cd5363ae4627069d2ee1_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:2a0a6ea6465a6d165f072ef782a1825cc16ecfb2f8c58d5ec58c1d40d02e5208_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:679b470190ff7a7fc04e283884be4f24d1b0c475d0730fb718f2f45c60551b61_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:9734d0dc0367884e128837b7d02038a3b4136c4865ed3dc90902801393e178b4_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:f5f35702e424cd4e9b768c59d44928844b2d09fbb98d368ae7b54b7ec0771d13_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-operator-bundle@sha256:093834bac2e2f7f01968ef542b9bcbf5fbe530c9f0dd86521825797abb4a33a2_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:190edd3effb60c56c885fc964d3eb48076293e1e43d745c4615ed00ef7daa145_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:382be8775c61942123adac2acec9f48085ebf7fd2b286c20e36a33ea6462baa7_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:5e83175abaef1e3046bac94621a86e036317833c740cdd6d235f1133a1388dd3_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:7173a298b07cbde3cd9ff12ca25f26ccf79b9ff8cfcb35a001c9f8c0b0291436_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:16cf5e33f297c027686d3ba9c6cbb01dba7a39299e2765fe4eaacc892b32f0d1_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:4715242f98234d2018f8317d9a57f63ff23b4d63be96491d55af2a2ef4572261_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:678c8d38900d994c4aa2e23669b7901747028690a4c5e4ba9aced4cbfe22b248_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:b39a2930e310d432a840798f03f7e55b8da42ff16ccda31790f85558d2be2537_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:1d01e27a3cdea6c99a985b877e29629d1c1fb00203f4a90c45db6df7a602e2cc_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:88b38ad10068e0574d2e5934849b98429c69305633b42aa4d19822ede2a6e10d_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:b020334c46f2d7276ba0c3aa8be7951254b197b2da310f0c22d2e16681a6a265_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:f2c222424cd66659ebea6787b6934c2d01d9eeb4f7db03ebfa16ab7b65aeb5b2_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:1a57b53f8642ccb95884687efc251ad52e8ee3e718b55d0f4d21f800dfd3f5fa_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:6234cfecf4dd75b8c4ff1c527ad4eb306d966cfa0170ecdb8ea4bc69c2cdc495_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:779e75a94141db7f8223b9861ba2fa3ba8baf6fa470bb0ab109945d75e20121b_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:e593bebc4e753ac3c4cdd1be05711452dbda6e3b015b37926fa804851bdad6a8_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-25679"
},
{
"category": "external",
"summary": "RHBZ#2445356",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445356"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-25679",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25679"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-25679",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25679"
},
{
"category": "external",
"summary": "https://go.dev/cl/752180",
"url": "https://go.dev/cl/752180"
},
{
"category": "external",
"summary": "https://go.dev/issue/77578",
"url": "https://go.dev/issue/77578"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk",
"url": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4601",
"url": "https://pkg.go.dev/vuln/GO-2026-4601"
}
],
"release_date": "2026-03-06T21:28:14.211000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-23T14:13:54+00:00",
"details": "It is recommended that existing users of Red Hat OpenShift Builds 1.7.1 upgrades to to 1.7.2",
"product_ids": [
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:153f9e059139e6dbaeb2e5166d21bfeec59a59aa5cd8045e11dbfa091479b4bb_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:b2173caa314ae26d2a300f61cfa94031c34fe7676fd007418849212082db3636_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:cd9ada6b38c080eec45e1d053ec305dde2d574899019ffb01a28dbe1dd582912_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:f17eb032f7250aa4a3bb99e2754fa4cb0dbfc9fbbb8c787f70ad30b71b27b5a2_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:10158"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:5008dcb0428a0837b9abd827963e7008c8e16af8cfcbd432421286fca63fe714_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:5856cba3fe26ab7f756ba93e06caa6e522336ff36ff4c515132a8d35c85a2f64_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:6ddf185f2714d45fab92c831bf32673da55c7a43dbcf1bd22090b203791e03b2_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:eb32b129ea6a10b4aada4313ff11b04c33b99877eea9a5e567245d361d69f140_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:165f6085028f3859f6ede9176d413274ee1a457b72cd9c437795146c20b0722c_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:7a39f26f51bcbb4ef395208db01e2b0ee8b1fe9b15b3701c9c35d8f636f790d9_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:a4d609ff22b610b625a74fffd22883d5debe93c2e0c6ae2bcbbfd8f5f6b2cf12_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:ec02f5f031fefd5a610b69a81be5350f96e54511e2d2c619e8b9fe8f193297b6_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:0070df2a8c7882ae021000c498ead96b19f1bd6819e46657d5898cb71e6ec506_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:4b578a8ef1579d7168b7f0a1b7cebe66213003f8225a86cfdd4c9f24a5e2d871_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:8d6371a5fe374e3bc5c19a930ea712d266fab13a722768204b128bc71e928c97_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:985b19d79b3e54fc8b99b9b0239b74dcf6d0102d3ff0cd5363ae4627069d2ee1_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:2a0a6ea6465a6d165f072ef782a1825cc16ecfb2f8c58d5ec58c1d40d02e5208_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:679b470190ff7a7fc04e283884be4f24d1b0c475d0730fb718f2f45c60551b61_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:9734d0dc0367884e128837b7d02038a3b4136c4865ed3dc90902801393e178b4_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:f5f35702e424cd4e9b768c59d44928844b2d09fbb98d368ae7b54b7ec0771d13_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-operator-bundle@sha256:093834bac2e2f7f01968ef542b9bcbf5fbe530c9f0dd86521825797abb4a33a2_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:190edd3effb60c56c885fc964d3eb48076293e1e43d745c4615ed00ef7daa145_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:382be8775c61942123adac2acec9f48085ebf7fd2b286c20e36a33ea6462baa7_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:5e83175abaef1e3046bac94621a86e036317833c740cdd6d235f1133a1388dd3_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:7173a298b07cbde3cd9ff12ca25f26ccf79b9ff8cfcb35a001c9f8c0b0291436_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:16cf5e33f297c027686d3ba9c6cbb01dba7a39299e2765fe4eaacc892b32f0d1_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:4715242f98234d2018f8317d9a57f63ff23b4d63be96491d55af2a2ef4572261_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:678c8d38900d994c4aa2e23669b7901747028690a4c5e4ba9aced4cbfe22b248_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:b39a2930e310d432a840798f03f7e55b8da42ff16ccda31790f85558d2be2537_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:1d01e27a3cdea6c99a985b877e29629d1c1fb00203f4a90c45db6df7a602e2cc_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:88b38ad10068e0574d2e5934849b98429c69305633b42aa4d19822ede2a6e10d_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:b020334c46f2d7276ba0c3aa8be7951254b197b2da310f0c22d2e16681a6a265_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:f2c222424cd66659ebea6787b6934c2d01d9eeb4f7db03ebfa16ab7b65aeb5b2_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:153f9e059139e6dbaeb2e5166d21bfeec59a59aa5cd8045e11dbfa091479b4bb_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:b2173caa314ae26d2a300f61cfa94031c34fe7676fd007418849212082db3636_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:cd9ada6b38c080eec45e1d053ec305dde2d574899019ffb01a28dbe1dd582912_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:f17eb032f7250aa4a3bb99e2754fa4cb0dbfc9fbbb8c787f70ad30b71b27b5a2_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:1a57b53f8642ccb95884687efc251ad52e8ee3e718b55d0f4d21f800dfd3f5fa_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:6234cfecf4dd75b8c4ff1c527ad4eb306d966cfa0170ecdb8ea4bc69c2cdc495_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:779e75a94141db7f8223b9861ba2fa3ba8baf6fa470bb0ab109945d75e20121b_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:e593bebc4e753ac3c4cdd1be05711452dbda6e3b015b37926fa804851bdad6a8_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:5008dcb0428a0837b9abd827963e7008c8e16af8cfcbd432421286fca63fe714_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:5856cba3fe26ab7f756ba93e06caa6e522336ff36ff4c515132a8d35c85a2f64_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:6ddf185f2714d45fab92c831bf32673da55c7a43dbcf1bd22090b203791e03b2_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:eb32b129ea6a10b4aada4313ff11b04c33b99877eea9a5e567245d361d69f140_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:165f6085028f3859f6ede9176d413274ee1a457b72cd9c437795146c20b0722c_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:7a39f26f51bcbb4ef395208db01e2b0ee8b1fe9b15b3701c9c35d8f636f790d9_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:a4d609ff22b610b625a74fffd22883d5debe93c2e0c6ae2bcbbfd8f5f6b2cf12_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:ec02f5f031fefd5a610b69a81be5350f96e54511e2d2c619e8b9fe8f193297b6_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:0070df2a8c7882ae021000c498ead96b19f1bd6819e46657d5898cb71e6ec506_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:4b578a8ef1579d7168b7f0a1b7cebe66213003f8225a86cfdd4c9f24a5e2d871_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:8d6371a5fe374e3bc5c19a930ea712d266fab13a722768204b128bc71e928c97_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:985b19d79b3e54fc8b99b9b0239b74dcf6d0102d3ff0cd5363ae4627069d2ee1_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:2a0a6ea6465a6d165f072ef782a1825cc16ecfb2f8c58d5ec58c1d40d02e5208_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:679b470190ff7a7fc04e283884be4f24d1b0c475d0730fb718f2f45c60551b61_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:9734d0dc0367884e128837b7d02038a3b4136c4865ed3dc90902801393e178b4_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:f5f35702e424cd4e9b768c59d44928844b2d09fbb98d368ae7b54b7ec0771d13_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-operator-bundle@sha256:093834bac2e2f7f01968ef542b9bcbf5fbe530c9f0dd86521825797abb4a33a2_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:190edd3effb60c56c885fc964d3eb48076293e1e43d745c4615ed00ef7daa145_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:382be8775c61942123adac2acec9f48085ebf7fd2b286c20e36a33ea6462baa7_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:5e83175abaef1e3046bac94621a86e036317833c740cdd6d235f1133a1388dd3_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:7173a298b07cbde3cd9ff12ca25f26ccf79b9ff8cfcb35a001c9f8c0b0291436_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:16cf5e33f297c027686d3ba9c6cbb01dba7a39299e2765fe4eaacc892b32f0d1_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:4715242f98234d2018f8317d9a57f63ff23b4d63be96491d55af2a2ef4572261_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:678c8d38900d994c4aa2e23669b7901747028690a4c5e4ba9aced4cbfe22b248_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:b39a2930e310d432a840798f03f7e55b8da42ff16ccda31790f85558d2be2537_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:1d01e27a3cdea6c99a985b877e29629d1c1fb00203f4a90c45db6df7a602e2cc_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:88b38ad10068e0574d2e5934849b98429c69305633b42aa4d19822ede2a6e10d_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:b020334c46f2d7276ba0c3aa8be7951254b197b2da310f0c22d2e16681a6a265_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:f2c222424cd66659ebea6787b6934c2d01d9eeb4f7db03ebfa16ab7b65aeb5b2_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:153f9e059139e6dbaeb2e5166d21bfeec59a59aa5cd8045e11dbfa091479b4bb_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:b2173caa314ae26d2a300f61cfa94031c34fe7676fd007418849212082db3636_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:cd9ada6b38c080eec45e1d053ec305dde2d574899019ffb01a28dbe1dd582912_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:f17eb032f7250aa4a3bb99e2754fa4cb0dbfc9fbbb8c787f70ad30b71b27b5a2_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:1a57b53f8642ccb95884687efc251ad52e8ee3e718b55d0f4d21f800dfd3f5fa_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:6234cfecf4dd75b8c4ff1c527ad4eb306d966cfa0170ecdb8ea4bc69c2cdc495_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:779e75a94141db7f8223b9861ba2fa3ba8baf6fa470bb0ab109945d75e20121b_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:e593bebc4e753ac3c4cdd1be05711452dbda6e3b015b37926fa804851bdad6a8_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "net/url: Incorrect parsing of IPv6 host literals in net/url"
},
{
"cve": "CVE-2026-27137",
"cwe": {
"id": "CWE-295",
"name": "Improper Certificate Validation"
},
"discovery_date": "2026-03-06T22:01:38.859733+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:5008dcb0428a0837b9abd827963e7008c8e16af8cfcbd432421286fca63fe714_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:5856cba3fe26ab7f756ba93e06caa6e522336ff36ff4c515132a8d35c85a2f64_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:6ddf185f2714d45fab92c831bf32673da55c7a43dbcf1bd22090b203791e03b2_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:eb32b129ea6a10b4aada4313ff11b04c33b99877eea9a5e567245d361d69f140_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:165f6085028f3859f6ede9176d413274ee1a457b72cd9c437795146c20b0722c_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:7a39f26f51bcbb4ef395208db01e2b0ee8b1fe9b15b3701c9c35d8f636f790d9_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:a4d609ff22b610b625a74fffd22883d5debe93c2e0c6ae2bcbbfd8f5f6b2cf12_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:ec02f5f031fefd5a610b69a81be5350f96e54511e2d2c619e8b9fe8f193297b6_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:0070df2a8c7882ae021000c498ead96b19f1bd6819e46657d5898cb71e6ec506_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:4b578a8ef1579d7168b7f0a1b7cebe66213003f8225a86cfdd4c9f24a5e2d871_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:8d6371a5fe374e3bc5c19a930ea712d266fab13a722768204b128bc71e928c97_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:985b19d79b3e54fc8b99b9b0239b74dcf6d0102d3ff0cd5363ae4627069d2ee1_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:2a0a6ea6465a6d165f072ef782a1825cc16ecfb2f8c58d5ec58c1d40d02e5208_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:679b470190ff7a7fc04e283884be4f24d1b0c475d0730fb718f2f45c60551b61_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:9734d0dc0367884e128837b7d02038a3b4136c4865ed3dc90902801393e178b4_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:f5f35702e424cd4e9b768c59d44928844b2d09fbb98d368ae7b54b7ec0771d13_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-operator-bundle@sha256:093834bac2e2f7f01968ef542b9bcbf5fbe530c9f0dd86521825797abb4a33a2_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:190edd3effb60c56c885fc964d3eb48076293e1e43d745c4615ed00ef7daa145_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:382be8775c61942123adac2acec9f48085ebf7fd2b286c20e36a33ea6462baa7_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:5e83175abaef1e3046bac94621a86e036317833c740cdd6d235f1133a1388dd3_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:7173a298b07cbde3cd9ff12ca25f26ccf79b9ff8cfcb35a001c9f8c0b0291436_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:16cf5e33f297c027686d3ba9c6cbb01dba7a39299e2765fe4eaacc892b32f0d1_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:4715242f98234d2018f8317d9a57f63ff23b4d63be96491d55af2a2ef4572261_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:678c8d38900d994c4aa2e23669b7901747028690a4c5e4ba9aced4cbfe22b248_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:b39a2930e310d432a840798f03f7e55b8da42ff16ccda31790f85558d2be2537_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:1d01e27a3cdea6c99a985b877e29629d1c1fb00203f4a90c45db6df7a602e2cc_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:88b38ad10068e0574d2e5934849b98429c69305633b42aa4d19822ede2a6e10d_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:b020334c46f2d7276ba0c3aa8be7951254b197b2da310f0c22d2e16681a6a265_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:f2c222424cd66659ebea6787b6934c2d01d9eeb4f7db03ebfa16ab7b65aeb5b2_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:1a57b53f8642ccb95884687efc251ad52e8ee3e718b55d0f4d21f800dfd3f5fa_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:6234cfecf4dd75b8c4ff1c527ad4eb306d966cfa0170ecdb8ea4bc69c2cdc495_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:779e75a94141db7f8223b9861ba2fa3ba8baf6fa470bb0ab109945d75e20121b_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:e593bebc4e753ac3c4cdd1be05711452dbda6e3b015b37926fa804851bdad6a8_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2445345"
}
],
"notes": [
{
"category": "description",
"text": "A certificate validation flaw has been discovered in the golang crypto/x509 module. When verifying a certificate chain which contains a certificate containing multiple email address constraints which share common local portions but different domain portions, these constraints will not be properly applied, and only the last constraint will be considered.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: Incorrect enforcement of email constraints in crypto/x509",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:153f9e059139e6dbaeb2e5166d21bfeec59a59aa5cd8045e11dbfa091479b4bb_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:b2173caa314ae26d2a300f61cfa94031c34fe7676fd007418849212082db3636_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:cd9ada6b38c080eec45e1d053ec305dde2d574899019ffb01a28dbe1dd582912_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:f17eb032f7250aa4a3bb99e2754fa4cb0dbfc9fbbb8c787f70ad30b71b27b5a2_ppc64le"
],
"known_not_affected": [
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:5008dcb0428a0837b9abd827963e7008c8e16af8cfcbd432421286fca63fe714_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:5856cba3fe26ab7f756ba93e06caa6e522336ff36ff4c515132a8d35c85a2f64_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:6ddf185f2714d45fab92c831bf32673da55c7a43dbcf1bd22090b203791e03b2_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:eb32b129ea6a10b4aada4313ff11b04c33b99877eea9a5e567245d361d69f140_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:165f6085028f3859f6ede9176d413274ee1a457b72cd9c437795146c20b0722c_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:7a39f26f51bcbb4ef395208db01e2b0ee8b1fe9b15b3701c9c35d8f636f790d9_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:a4d609ff22b610b625a74fffd22883d5debe93c2e0c6ae2bcbbfd8f5f6b2cf12_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:ec02f5f031fefd5a610b69a81be5350f96e54511e2d2c619e8b9fe8f193297b6_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:0070df2a8c7882ae021000c498ead96b19f1bd6819e46657d5898cb71e6ec506_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:4b578a8ef1579d7168b7f0a1b7cebe66213003f8225a86cfdd4c9f24a5e2d871_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:8d6371a5fe374e3bc5c19a930ea712d266fab13a722768204b128bc71e928c97_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:985b19d79b3e54fc8b99b9b0239b74dcf6d0102d3ff0cd5363ae4627069d2ee1_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:2a0a6ea6465a6d165f072ef782a1825cc16ecfb2f8c58d5ec58c1d40d02e5208_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:679b470190ff7a7fc04e283884be4f24d1b0c475d0730fb718f2f45c60551b61_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:9734d0dc0367884e128837b7d02038a3b4136c4865ed3dc90902801393e178b4_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:f5f35702e424cd4e9b768c59d44928844b2d09fbb98d368ae7b54b7ec0771d13_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-operator-bundle@sha256:093834bac2e2f7f01968ef542b9bcbf5fbe530c9f0dd86521825797abb4a33a2_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:190edd3effb60c56c885fc964d3eb48076293e1e43d745c4615ed00ef7daa145_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:382be8775c61942123adac2acec9f48085ebf7fd2b286c20e36a33ea6462baa7_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:5e83175abaef1e3046bac94621a86e036317833c740cdd6d235f1133a1388dd3_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:7173a298b07cbde3cd9ff12ca25f26ccf79b9ff8cfcb35a001c9f8c0b0291436_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:16cf5e33f297c027686d3ba9c6cbb01dba7a39299e2765fe4eaacc892b32f0d1_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:4715242f98234d2018f8317d9a57f63ff23b4d63be96491d55af2a2ef4572261_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:678c8d38900d994c4aa2e23669b7901747028690a4c5e4ba9aced4cbfe22b248_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:b39a2930e310d432a840798f03f7e55b8da42ff16ccda31790f85558d2be2537_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:1d01e27a3cdea6c99a985b877e29629d1c1fb00203f4a90c45db6df7a602e2cc_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:88b38ad10068e0574d2e5934849b98429c69305633b42aa4d19822ede2a6e10d_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:b020334c46f2d7276ba0c3aa8be7951254b197b2da310f0c22d2e16681a6a265_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:f2c222424cd66659ebea6787b6934c2d01d9eeb4f7db03ebfa16ab7b65aeb5b2_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:1a57b53f8642ccb95884687efc251ad52e8ee3e718b55d0f4d21f800dfd3f5fa_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:6234cfecf4dd75b8c4ff1c527ad4eb306d966cfa0170ecdb8ea4bc69c2cdc495_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:779e75a94141db7f8223b9861ba2fa3ba8baf6fa470bb0ab109945d75e20121b_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:e593bebc4e753ac3c4cdd1be05711452dbda6e3b015b37926fa804851bdad6a8_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-27137"
},
{
"category": "external",
"summary": "RHBZ#2445345",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445345"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-27137",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27137"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-27137",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27137"
},
{
"category": "external",
"summary": "https://go.dev/cl/752182",
"url": "https://go.dev/cl/752182"
},
{
"category": "external",
"summary": "https://go.dev/issue/77952",
"url": "https://go.dev/issue/77952"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk",
"url": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4599",
"url": "https://pkg.go.dev/vuln/GO-2026-4599"
}
],
"release_date": "2026-03-06T21:28:13.748000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-23T14:13:54+00:00",
"details": "It is recommended that existing users of Red Hat OpenShift Builds 1.7.1 upgrades to to 1.7.2",
"product_ids": [
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:153f9e059139e6dbaeb2e5166d21bfeec59a59aa5cd8045e11dbfa091479b4bb_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:b2173caa314ae26d2a300f61cfa94031c34fe7676fd007418849212082db3636_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:cd9ada6b38c080eec45e1d053ec305dde2d574899019ffb01a28dbe1dd582912_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:f17eb032f7250aa4a3bb99e2754fa4cb0dbfc9fbbb8c787f70ad30b71b27b5a2_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:10158"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:5008dcb0428a0837b9abd827963e7008c8e16af8cfcbd432421286fca63fe714_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:5856cba3fe26ab7f756ba93e06caa6e522336ff36ff4c515132a8d35c85a2f64_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:6ddf185f2714d45fab92c831bf32673da55c7a43dbcf1bd22090b203791e03b2_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:eb32b129ea6a10b4aada4313ff11b04c33b99877eea9a5e567245d361d69f140_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:165f6085028f3859f6ede9176d413274ee1a457b72cd9c437795146c20b0722c_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:7a39f26f51bcbb4ef395208db01e2b0ee8b1fe9b15b3701c9c35d8f636f790d9_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:a4d609ff22b610b625a74fffd22883d5debe93c2e0c6ae2bcbbfd8f5f6b2cf12_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:ec02f5f031fefd5a610b69a81be5350f96e54511e2d2c619e8b9fe8f193297b6_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:0070df2a8c7882ae021000c498ead96b19f1bd6819e46657d5898cb71e6ec506_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:4b578a8ef1579d7168b7f0a1b7cebe66213003f8225a86cfdd4c9f24a5e2d871_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:8d6371a5fe374e3bc5c19a930ea712d266fab13a722768204b128bc71e928c97_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:985b19d79b3e54fc8b99b9b0239b74dcf6d0102d3ff0cd5363ae4627069d2ee1_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:2a0a6ea6465a6d165f072ef782a1825cc16ecfb2f8c58d5ec58c1d40d02e5208_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:679b470190ff7a7fc04e283884be4f24d1b0c475d0730fb718f2f45c60551b61_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:9734d0dc0367884e128837b7d02038a3b4136c4865ed3dc90902801393e178b4_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:f5f35702e424cd4e9b768c59d44928844b2d09fbb98d368ae7b54b7ec0771d13_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-operator-bundle@sha256:093834bac2e2f7f01968ef542b9bcbf5fbe530c9f0dd86521825797abb4a33a2_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:190edd3effb60c56c885fc964d3eb48076293e1e43d745c4615ed00ef7daa145_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:382be8775c61942123adac2acec9f48085ebf7fd2b286c20e36a33ea6462baa7_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:5e83175abaef1e3046bac94621a86e036317833c740cdd6d235f1133a1388dd3_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:7173a298b07cbde3cd9ff12ca25f26ccf79b9ff8cfcb35a001c9f8c0b0291436_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:16cf5e33f297c027686d3ba9c6cbb01dba7a39299e2765fe4eaacc892b32f0d1_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:4715242f98234d2018f8317d9a57f63ff23b4d63be96491d55af2a2ef4572261_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:678c8d38900d994c4aa2e23669b7901747028690a4c5e4ba9aced4cbfe22b248_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:b39a2930e310d432a840798f03f7e55b8da42ff16ccda31790f85558d2be2537_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:1d01e27a3cdea6c99a985b877e29629d1c1fb00203f4a90c45db6df7a602e2cc_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:88b38ad10068e0574d2e5934849b98429c69305633b42aa4d19822ede2a6e10d_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:b020334c46f2d7276ba0c3aa8be7951254b197b2da310f0c22d2e16681a6a265_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:f2c222424cd66659ebea6787b6934c2d01d9eeb4f7db03ebfa16ab7b65aeb5b2_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:153f9e059139e6dbaeb2e5166d21bfeec59a59aa5cd8045e11dbfa091479b4bb_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:b2173caa314ae26d2a300f61cfa94031c34fe7676fd007418849212082db3636_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:cd9ada6b38c080eec45e1d053ec305dde2d574899019ffb01a28dbe1dd582912_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:f17eb032f7250aa4a3bb99e2754fa4cb0dbfc9fbbb8c787f70ad30b71b27b5a2_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:1a57b53f8642ccb95884687efc251ad52e8ee3e718b55d0f4d21f800dfd3f5fa_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:6234cfecf4dd75b8c4ff1c527ad4eb306d966cfa0170ecdb8ea4bc69c2cdc495_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:779e75a94141db7f8223b9861ba2fa3ba8baf6fa470bb0ab109945d75e20121b_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:e593bebc4e753ac3c4cdd1be05711452dbda6e3b015b37926fa804851bdad6a8_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:5008dcb0428a0837b9abd827963e7008c8e16af8cfcbd432421286fca63fe714_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:5856cba3fe26ab7f756ba93e06caa6e522336ff36ff4c515132a8d35c85a2f64_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:6ddf185f2714d45fab92c831bf32673da55c7a43dbcf1bd22090b203791e03b2_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:eb32b129ea6a10b4aada4313ff11b04c33b99877eea9a5e567245d361d69f140_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:165f6085028f3859f6ede9176d413274ee1a457b72cd9c437795146c20b0722c_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:7a39f26f51bcbb4ef395208db01e2b0ee8b1fe9b15b3701c9c35d8f636f790d9_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:a4d609ff22b610b625a74fffd22883d5debe93c2e0c6ae2bcbbfd8f5f6b2cf12_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:ec02f5f031fefd5a610b69a81be5350f96e54511e2d2c619e8b9fe8f193297b6_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:0070df2a8c7882ae021000c498ead96b19f1bd6819e46657d5898cb71e6ec506_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:4b578a8ef1579d7168b7f0a1b7cebe66213003f8225a86cfdd4c9f24a5e2d871_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:8d6371a5fe374e3bc5c19a930ea712d266fab13a722768204b128bc71e928c97_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:985b19d79b3e54fc8b99b9b0239b74dcf6d0102d3ff0cd5363ae4627069d2ee1_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:2a0a6ea6465a6d165f072ef782a1825cc16ecfb2f8c58d5ec58c1d40d02e5208_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:679b470190ff7a7fc04e283884be4f24d1b0c475d0730fb718f2f45c60551b61_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:9734d0dc0367884e128837b7d02038a3b4136c4865ed3dc90902801393e178b4_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:f5f35702e424cd4e9b768c59d44928844b2d09fbb98d368ae7b54b7ec0771d13_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-operator-bundle@sha256:093834bac2e2f7f01968ef542b9bcbf5fbe530c9f0dd86521825797abb4a33a2_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:190edd3effb60c56c885fc964d3eb48076293e1e43d745c4615ed00ef7daa145_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:382be8775c61942123adac2acec9f48085ebf7fd2b286c20e36a33ea6462baa7_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:5e83175abaef1e3046bac94621a86e036317833c740cdd6d235f1133a1388dd3_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:7173a298b07cbde3cd9ff12ca25f26ccf79b9ff8cfcb35a001c9f8c0b0291436_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:16cf5e33f297c027686d3ba9c6cbb01dba7a39299e2765fe4eaacc892b32f0d1_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:4715242f98234d2018f8317d9a57f63ff23b4d63be96491d55af2a2ef4572261_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:678c8d38900d994c4aa2e23669b7901747028690a4c5e4ba9aced4cbfe22b248_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:b39a2930e310d432a840798f03f7e55b8da42ff16ccda31790f85558d2be2537_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:1d01e27a3cdea6c99a985b877e29629d1c1fb00203f4a90c45db6df7a602e2cc_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:88b38ad10068e0574d2e5934849b98429c69305633b42aa4d19822ede2a6e10d_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:b020334c46f2d7276ba0c3aa8be7951254b197b2da310f0c22d2e16681a6a265_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:f2c222424cd66659ebea6787b6934c2d01d9eeb4f7db03ebfa16ab7b65aeb5b2_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:153f9e059139e6dbaeb2e5166d21bfeec59a59aa5cd8045e11dbfa091479b4bb_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:b2173caa314ae26d2a300f61cfa94031c34fe7676fd007418849212082db3636_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:cd9ada6b38c080eec45e1d053ec305dde2d574899019ffb01a28dbe1dd582912_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:f17eb032f7250aa4a3bb99e2754fa4cb0dbfc9fbbb8c787f70ad30b71b27b5a2_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:1a57b53f8642ccb95884687efc251ad52e8ee3e718b55d0f4d21f800dfd3f5fa_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:6234cfecf4dd75b8c4ff1c527ad4eb306d966cfa0170ecdb8ea4bc69c2cdc495_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:779e75a94141db7f8223b9861ba2fa3ba8baf6fa470bb0ab109945d75e20121b_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:e593bebc4e753ac3c4cdd1be05711452dbda6e3b015b37926fa804851bdad6a8_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crypto/x509: Incorrect enforcement of email constraints in crypto/x509"
},
{
"cve": "CVE-2026-33186",
"cwe": {
"id": "CWE-551",
"name": "Incorrect Behavior Order: Authorization Before Parsing and Canonicalization"
},
"discovery_date": "2026-03-20T23:02:27.802640+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:5008dcb0428a0837b9abd827963e7008c8e16af8cfcbd432421286fca63fe714_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:5856cba3fe26ab7f756ba93e06caa6e522336ff36ff4c515132a8d35c85a2f64_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:6ddf185f2714d45fab92c831bf32673da55c7a43dbcf1bd22090b203791e03b2_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:eb32b129ea6a10b4aada4313ff11b04c33b99877eea9a5e567245d361d69f140_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:165f6085028f3859f6ede9176d413274ee1a457b72cd9c437795146c20b0722c_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:7a39f26f51bcbb4ef395208db01e2b0ee8b1fe9b15b3701c9c35d8f636f790d9_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:a4d609ff22b610b625a74fffd22883d5debe93c2e0c6ae2bcbbfd8f5f6b2cf12_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:ec02f5f031fefd5a610b69a81be5350f96e54511e2d2c619e8b9fe8f193297b6_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:0070df2a8c7882ae021000c498ead96b19f1bd6819e46657d5898cb71e6ec506_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:4b578a8ef1579d7168b7f0a1b7cebe66213003f8225a86cfdd4c9f24a5e2d871_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:8d6371a5fe374e3bc5c19a930ea712d266fab13a722768204b128bc71e928c97_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:985b19d79b3e54fc8b99b9b0239b74dcf6d0102d3ff0cd5363ae4627069d2ee1_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:2a0a6ea6465a6d165f072ef782a1825cc16ecfb2f8c58d5ec58c1d40d02e5208_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:679b470190ff7a7fc04e283884be4f24d1b0c475d0730fb718f2f45c60551b61_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:9734d0dc0367884e128837b7d02038a3b4136c4865ed3dc90902801393e178b4_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:f5f35702e424cd4e9b768c59d44928844b2d09fbb98d368ae7b54b7ec0771d13_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-operator-bundle@sha256:093834bac2e2f7f01968ef542b9bcbf5fbe530c9f0dd86521825797abb4a33a2_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:153f9e059139e6dbaeb2e5166d21bfeec59a59aa5cd8045e11dbfa091479b4bb_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:b2173caa314ae26d2a300f61cfa94031c34fe7676fd007418849212082db3636_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:cd9ada6b38c080eec45e1d053ec305dde2d574899019ffb01a28dbe1dd582912_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:f17eb032f7250aa4a3bb99e2754fa4cb0dbfc9fbbb8c787f70ad30b71b27b5a2_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:1a57b53f8642ccb95884687efc251ad52e8ee3e718b55d0f4d21f800dfd3f5fa_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:6234cfecf4dd75b8c4ff1c527ad4eb306d966cfa0170ecdb8ea4bc69c2cdc495_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:779e75a94141db7f8223b9861ba2fa3ba8baf6fa470bb0ab109945d75e20121b_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:e593bebc4e753ac3c4cdd1be05711452dbda6e3b015b37926fa804851bdad6a8_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2449833"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in gRPC-Go, the Go language implementation of gRPC. This vulnerability, an authorization bypass, is caused by improper input validation of the HTTP/2 `:path` pseudo-header. A remote attacker can exploit this by sending raw HTTP/2 frames with a malformed `:path` that omits the mandatory leading slash. This allows the attacker to bypass defined security policies, potentially leading to unauthorized access to services or information disclosure.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "google.golang.org/grpc/grpc-go: google.golang.org/grpc/authz: gRPC-Go: Authorization bypass due to improper HTTP/2 path validation",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:190edd3effb60c56c885fc964d3eb48076293e1e43d745c4615ed00ef7daa145_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:382be8775c61942123adac2acec9f48085ebf7fd2b286c20e36a33ea6462baa7_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:5e83175abaef1e3046bac94621a86e036317833c740cdd6d235f1133a1388dd3_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:7173a298b07cbde3cd9ff12ca25f26ccf79b9ff8cfcb35a001c9f8c0b0291436_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:16cf5e33f297c027686d3ba9c6cbb01dba7a39299e2765fe4eaacc892b32f0d1_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:4715242f98234d2018f8317d9a57f63ff23b4d63be96491d55af2a2ef4572261_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:678c8d38900d994c4aa2e23669b7901747028690a4c5e4ba9aced4cbfe22b248_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:b39a2930e310d432a840798f03f7e55b8da42ff16ccda31790f85558d2be2537_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:1d01e27a3cdea6c99a985b877e29629d1c1fb00203f4a90c45db6df7a602e2cc_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:88b38ad10068e0574d2e5934849b98429c69305633b42aa4d19822ede2a6e10d_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:b020334c46f2d7276ba0c3aa8be7951254b197b2da310f0c22d2e16681a6a265_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:f2c222424cd66659ebea6787b6934c2d01d9eeb4f7db03ebfa16ab7b65aeb5b2_amd64"
],
"known_not_affected": [
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:5008dcb0428a0837b9abd827963e7008c8e16af8cfcbd432421286fca63fe714_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:5856cba3fe26ab7f756ba93e06caa6e522336ff36ff4c515132a8d35c85a2f64_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:6ddf185f2714d45fab92c831bf32673da55c7a43dbcf1bd22090b203791e03b2_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:eb32b129ea6a10b4aada4313ff11b04c33b99877eea9a5e567245d361d69f140_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:165f6085028f3859f6ede9176d413274ee1a457b72cd9c437795146c20b0722c_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:7a39f26f51bcbb4ef395208db01e2b0ee8b1fe9b15b3701c9c35d8f636f790d9_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:a4d609ff22b610b625a74fffd22883d5debe93c2e0c6ae2bcbbfd8f5f6b2cf12_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:ec02f5f031fefd5a610b69a81be5350f96e54511e2d2c619e8b9fe8f193297b6_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:0070df2a8c7882ae021000c498ead96b19f1bd6819e46657d5898cb71e6ec506_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:4b578a8ef1579d7168b7f0a1b7cebe66213003f8225a86cfdd4c9f24a5e2d871_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:8d6371a5fe374e3bc5c19a930ea712d266fab13a722768204b128bc71e928c97_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:985b19d79b3e54fc8b99b9b0239b74dcf6d0102d3ff0cd5363ae4627069d2ee1_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:2a0a6ea6465a6d165f072ef782a1825cc16ecfb2f8c58d5ec58c1d40d02e5208_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:679b470190ff7a7fc04e283884be4f24d1b0c475d0730fb718f2f45c60551b61_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:9734d0dc0367884e128837b7d02038a3b4136c4865ed3dc90902801393e178b4_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:f5f35702e424cd4e9b768c59d44928844b2d09fbb98d368ae7b54b7ec0771d13_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-operator-bundle@sha256:093834bac2e2f7f01968ef542b9bcbf5fbe530c9f0dd86521825797abb4a33a2_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:153f9e059139e6dbaeb2e5166d21bfeec59a59aa5cd8045e11dbfa091479b4bb_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:b2173caa314ae26d2a300f61cfa94031c34fe7676fd007418849212082db3636_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:cd9ada6b38c080eec45e1d053ec305dde2d574899019ffb01a28dbe1dd582912_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:f17eb032f7250aa4a3bb99e2754fa4cb0dbfc9fbbb8c787f70ad30b71b27b5a2_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:1a57b53f8642ccb95884687efc251ad52e8ee3e718b55d0f4d21f800dfd3f5fa_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:6234cfecf4dd75b8c4ff1c527ad4eb306d966cfa0170ecdb8ea4bc69c2cdc495_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:779e75a94141db7f8223b9861ba2fa3ba8baf6fa470bb0ab109945d75e20121b_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:e593bebc4e753ac3c4cdd1be05711452dbda6e3b015b37926fa804851bdad6a8_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-33186"
},
{
"category": "external",
"summary": "RHBZ#2449833",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2449833"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-33186",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33186"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-33186",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33186"
},
{
"category": "external",
"summary": "https://github.com/grpc/grpc-go/security/advisories/GHSA-p77j-4mvh-x3m3",
"url": "https://github.com/grpc/grpc-go/security/advisories/GHSA-p77j-4mvh-x3m3"
}
],
"release_date": "2026-03-20T22:23:32.147000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-23T14:13:54+00:00",
"details": "It is recommended that existing users of Red Hat OpenShift Builds 1.7.1 upgrades to to 1.7.2",
"product_ids": [
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:190edd3effb60c56c885fc964d3eb48076293e1e43d745c4615ed00ef7daa145_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:382be8775c61942123adac2acec9f48085ebf7fd2b286c20e36a33ea6462baa7_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:5e83175abaef1e3046bac94621a86e036317833c740cdd6d235f1133a1388dd3_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:7173a298b07cbde3cd9ff12ca25f26ccf79b9ff8cfcb35a001c9f8c0b0291436_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:16cf5e33f297c027686d3ba9c6cbb01dba7a39299e2765fe4eaacc892b32f0d1_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:4715242f98234d2018f8317d9a57f63ff23b4d63be96491d55af2a2ef4572261_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:678c8d38900d994c4aa2e23669b7901747028690a4c5e4ba9aced4cbfe22b248_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:b39a2930e310d432a840798f03f7e55b8da42ff16ccda31790f85558d2be2537_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:1d01e27a3cdea6c99a985b877e29629d1c1fb00203f4a90c45db6df7a602e2cc_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:88b38ad10068e0574d2e5934849b98429c69305633b42aa4d19822ede2a6e10d_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:b020334c46f2d7276ba0c3aa8be7951254b197b2da310f0c22d2e16681a6a265_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:f2c222424cd66659ebea6787b6934c2d01d9eeb4f7db03ebfa16ab7b65aeb5b2_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:10158"
},
{
"category": "workaround",
"details": "To mitigate this issue, implement infrastructure-level normalization to ensure all incoming HTTP/2 `:path` headers are properly formatted with a leading slash before reaching the gRPC-Go server. This can be achieved by configuring a reverse proxy or API gateway to validate and normalize the `:path` header. Ensure that any such intermediary is properly configured and restarted to apply the changes, which may temporarily impact service availability.",
"product_ids": [
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:5008dcb0428a0837b9abd827963e7008c8e16af8cfcbd432421286fca63fe714_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:5856cba3fe26ab7f756ba93e06caa6e522336ff36ff4c515132a8d35c85a2f64_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:6ddf185f2714d45fab92c831bf32673da55c7a43dbcf1bd22090b203791e03b2_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:eb32b129ea6a10b4aada4313ff11b04c33b99877eea9a5e567245d361d69f140_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:165f6085028f3859f6ede9176d413274ee1a457b72cd9c437795146c20b0722c_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:7a39f26f51bcbb4ef395208db01e2b0ee8b1fe9b15b3701c9c35d8f636f790d9_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:a4d609ff22b610b625a74fffd22883d5debe93c2e0c6ae2bcbbfd8f5f6b2cf12_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:ec02f5f031fefd5a610b69a81be5350f96e54511e2d2c619e8b9fe8f193297b6_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:0070df2a8c7882ae021000c498ead96b19f1bd6819e46657d5898cb71e6ec506_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:4b578a8ef1579d7168b7f0a1b7cebe66213003f8225a86cfdd4c9f24a5e2d871_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:8d6371a5fe374e3bc5c19a930ea712d266fab13a722768204b128bc71e928c97_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:985b19d79b3e54fc8b99b9b0239b74dcf6d0102d3ff0cd5363ae4627069d2ee1_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:2a0a6ea6465a6d165f072ef782a1825cc16ecfb2f8c58d5ec58c1d40d02e5208_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:679b470190ff7a7fc04e283884be4f24d1b0c475d0730fb718f2f45c60551b61_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:9734d0dc0367884e128837b7d02038a3b4136c4865ed3dc90902801393e178b4_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:f5f35702e424cd4e9b768c59d44928844b2d09fbb98d368ae7b54b7ec0771d13_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-operator-bundle@sha256:093834bac2e2f7f01968ef542b9bcbf5fbe530c9f0dd86521825797abb4a33a2_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:190edd3effb60c56c885fc964d3eb48076293e1e43d745c4615ed00ef7daa145_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:382be8775c61942123adac2acec9f48085ebf7fd2b286c20e36a33ea6462baa7_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:5e83175abaef1e3046bac94621a86e036317833c740cdd6d235f1133a1388dd3_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:7173a298b07cbde3cd9ff12ca25f26ccf79b9ff8cfcb35a001c9f8c0b0291436_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:16cf5e33f297c027686d3ba9c6cbb01dba7a39299e2765fe4eaacc892b32f0d1_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:4715242f98234d2018f8317d9a57f63ff23b4d63be96491d55af2a2ef4572261_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:678c8d38900d994c4aa2e23669b7901747028690a4c5e4ba9aced4cbfe22b248_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:b39a2930e310d432a840798f03f7e55b8da42ff16ccda31790f85558d2be2537_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:1d01e27a3cdea6c99a985b877e29629d1c1fb00203f4a90c45db6df7a602e2cc_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:88b38ad10068e0574d2e5934849b98429c69305633b42aa4d19822ede2a6e10d_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:b020334c46f2d7276ba0c3aa8be7951254b197b2da310f0c22d2e16681a6a265_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:f2c222424cd66659ebea6787b6934c2d01d9eeb4f7db03ebfa16ab7b65aeb5b2_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:153f9e059139e6dbaeb2e5166d21bfeec59a59aa5cd8045e11dbfa091479b4bb_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:b2173caa314ae26d2a300f61cfa94031c34fe7676fd007418849212082db3636_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:cd9ada6b38c080eec45e1d053ec305dde2d574899019ffb01a28dbe1dd582912_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:f17eb032f7250aa4a3bb99e2754fa4cb0dbfc9fbbb8c787f70ad30b71b27b5a2_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:1a57b53f8642ccb95884687efc251ad52e8ee3e718b55d0f4d21f800dfd3f5fa_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:6234cfecf4dd75b8c4ff1c527ad4eb306d966cfa0170ecdb8ea4bc69c2cdc495_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:779e75a94141db7f8223b9861ba2fa3ba8baf6fa470bb0ab109945d75e20121b_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:e593bebc4e753ac3c4cdd1be05711452dbda6e3b015b37926fa804851bdad6a8_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:5008dcb0428a0837b9abd827963e7008c8e16af8cfcbd432421286fca63fe714_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:5856cba3fe26ab7f756ba93e06caa6e522336ff36ff4c515132a8d35c85a2f64_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:6ddf185f2714d45fab92c831bf32673da55c7a43dbcf1bd22090b203791e03b2_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:eb32b129ea6a10b4aada4313ff11b04c33b99877eea9a5e567245d361d69f140_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:165f6085028f3859f6ede9176d413274ee1a457b72cd9c437795146c20b0722c_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:7a39f26f51bcbb4ef395208db01e2b0ee8b1fe9b15b3701c9c35d8f636f790d9_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:a4d609ff22b610b625a74fffd22883d5debe93c2e0c6ae2bcbbfd8f5f6b2cf12_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:ec02f5f031fefd5a610b69a81be5350f96e54511e2d2c619e8b9fe8f193297b6_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:0070df2a8c7882ae021000c498ead96b19f1bd6819e46657d5898cb71e6ec506_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:4b578a8ef1579d7168b7f0a1b7cebe66213003f8225a86cfdd4c9f24a5e2d871_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:8d6371a5fe374e3bc5c19a930ea712d266fab13a722768204b128bc71e928c97_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:985b19d79b3e54fc8b99b9b0239b74dcf6d0102d3ff0cd5363ae4627069d2ee1_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:2a0a6ea6465a6d165f072ef782a1825cc16ecfb2f8c58d5ec58c1d40d02e5208_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:679b470190ff7a7fc04e283884be4f24d1b0c475d0730fb718f2f45c60551b61_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:9734d0dc0367884e128837b7d02038a3b4136c4865ed3dc90902801393e178b4_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:f5f35702e424cd4e9b768c59d44928844b2d09fbb98d368ae7b54b7ec0771d13_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-operator-bundle@sha256:093834bac2e2f7f01968ef542b9bcbf5fbe530c9f0dd86521825797abb4a33a2_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:190edd3effb60c56c885fc964d3eb48076293e1e43d745c4615ed00ef7daa145_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:382be8775c61942123adac2acec9f48085ebf7fd2b286c20e36a33ea6462baa7_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:5e83175abaef1e3046bac94621a86e036317833c740cdd6d235f1133a1388dd3_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:7173a298b07cbde3cd9ff12ca25f26ccf79b9ff8cfcb35a001c9f8c0b0291436_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:16cf5e33f297c027686d3ba9c6cbb01dba7a39299e2765fe4eaacc892b32f0d1_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:4715242f98234d2018f8317d9a57f63ff23b4d63be96491d55af2a2ef4572261_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:678c8d38900d994c4aa2e23669b7901747028690a4c5e4ba9aced4cbfe22b248_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:b39a2930e310d432a840798f03f7e55b8da42ff16ccda31790f85558d2be2537_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:1d01e27a3cdea6c99a985b877e29629d1c1fb00203f4a90c45db6df7a602e2cc_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:88b38ad10068e0574d2e5934849b98429c69305633b42aa4d19822ede2a6e10d_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:b020334c46f2d7276ba0c3aa8be7951254b197b2da310f0c22d2e16681a6a265_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:f2c222424cd66659ebea6787b6934c2d01d9eeb4f7db03ebfa16ab7b65aeb5b2_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:153f9e059139e6dbaeb2e5166d21bfeec59a59aa5cd8045e11dbfa091479b4bb_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:b2173caa314ae26d2a300f61cfa94031c34fe7676fd007418849212082db3636_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:cd9ada6b38c080eec45e1d053ec305dde2d574899019ffb01a28dbe1dd582912_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:f17eb032f7250aa4a3bb99e2754fa4cb0dbfc9fbbb8c787f70ad30b71b27b5a2_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:1a57b53f8642ccb95884687efc251ad52e8ee3e718b55d0f4d21f800dfd3f5fa_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:6234cfecf4dd75b8c4ff1c527ad4eb306d966cfa0170ecdb8ea4bc69c2cdc495_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:779e75a94141db7f8223b9861ba2fa3ba8baf6fa470bb0ab109945d75e20121b_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:e593bebc4e753ac3c4cdd1be05711452dbda6e3b015b37926fa804851bdad6a8_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "google.golang.org/grpc/grpc-go: google.golang.org/grpc/authz: gRPC-Go: Authorization bypass due to improper HTTP/2 path validation"
},
{
"cve": "CVE-2026-33211",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2026-03-24T00:02:20.093480+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:5008dcb0428a0837b9abd827963e7008c8e16af8cfcbd432421286fca63fe714_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:5856cba3fe26ab7f756ba93e06caa6e522336ff36ff4c515132a8d35c85a2f64_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:6ddf185f2714d45fab92c831bf32673da55c7a43dbcf1bd22090b203791e03b2_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:eb32b129ea6a10b4aada4313ff11b04c33b99877eea9a5e567245d361d69f140_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:165f6085028f3859f6ede9176d413274ee1a457b72cd9c437795146c20b0722c_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:7a39f26f51bcbb4ef395208db01e2b0ee8b1fe9b15b3701c9c35d8f636f790d9_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:a4d609ff22b610b625a74fffd22883d5debe93c2e0c6ae2bcbbfd8f5f6b2cf12_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:ec02f5f031fefd5a610b69a81be5350f96e54511e2d2c619e8b9fe8f193297b6_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:0070df2a8c7882ae021000c498ead96b19f1bd6819e46657d5898cb71e6ec506_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:4b578a8ef1579d7168b7f0a1b7cebe66213003f8225a86cfdd4c9f24a5e2d871_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:8d6371a5fe374e3bc5c19a930ea712d266fab13a722768204b128bc71e928c97_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:985b19d79b3e54fc8b99b9b0239b74dcf6d0102d3ff0cd5363ae4627069d2ee1_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:2a0a6ea6465a6d165f072ef782a1825cc16ecfb2f8c58d5ec58c1d40d02e5208_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:679b470190ff7a7fc04e283884be4f24d1b0c475d0730fb718f2f45c60551b61_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:9734d0dc0367884e128837b7d02038a3b4136c4865ed3dc90902801393e178b4_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:f5f35702e424cd4e9b768c59d44928844b2d09fbb98d368ae7b54b7ec0771d13_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-operator-bundle@sha256:093834bac2e2f7f01968ef542b9bcbf5fbe530c9f0dd86521825797abb4a33a2_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:16cf5e33f297c027686d3ba9c6cbb01dba7a39299e2765fe4eaacc892b32f0d1_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:4715242f98234d2018f8317d9a57f63ff23b4d63be96491d55af2a2ef4572261_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:678c8d38900d994c4aa2e23669b7901747028690a4c5e4ba9aced4cbfe22b248_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:b39a2930e310d432a840798f03f7e55b8da42ff16ccda31790f85558d2be2537_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:1d01e27a3cdea6c99a985b877e29629d1c1fb00203f4a90c45db6df7a602e2cc_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:88b38ad10068e0574d2e5934849b98429c69305633b42aa4d19822ede2a6e10d_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:b020334c46f2d7276ba0c3aa8be7951254b197b2da310f0c22d2e16681a6a265_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:f2c222424cd66659ebea6787b6934c2d01d9eeb4f7db03ebfa16ab7b65aeb5b2_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:153f9e059139e6dbaeb2e5166d21bfeec59a59aa5cd8045e11dbfa091479b4bb_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:b2173caa314ae26d2a300f61cfa94031c34fe7676fd007418849212082db3636_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:cd9ada6b38c080eec45e1d053ec305dde2d574899019ffb01a28dbe1dd582912_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:f17eb032f7250aa4a3bb99e2754fa4cb0dbfc9fbbb8c787f70ad30b71b27b5a2_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:1a57b53f8642ccb95884687efc251ad52e8ee3e718b55d0f4d21f800dfd3f5fa_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:6234cfecf4dd75b8c4ff1c527ad4eb306d966cfa0170ecdb8ea4bc69c2cdc495_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:779e75a94141db7f8223b9861ba2fa3ba8baf6fa470bb0ab109945d75e20121b_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:e593bebc4e753ac3c4cdd1be05711452dbda6e3b015b37926fa804851bdad6a8_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2450554"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Tekton Pipelines, specifically in the Tekton Pipelines git resolver. A tenant with permissions to create ResolutionRequests can exploit a path traversal vulnerability via the `pathInRepo` parameter. This allows the tenant to read arbitrary files from the resolver pod\u0027s filesystem, leading to information disclosure, including sensitive ServiceAccount tokens. The contents of these files are returned in a base64-encoded format.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Tekton Pipelines: github.com/tektoncd/pipeline: Tekton Pipelines: Information disclosure via path traversal in git resolver",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker needs to have the permission to create ResolutionRequests (e.g., by creating TaskRuns or PipelineRuns that use the git resolver) within at least one specific namespace, limiting the exposure of this issue to authenticated users. Also, an attacker can read any file readable by the resolver pod process, including cluster secrets, allowing an escalation of privileges from namespace-scoped access to cluster-wide access. Due to these reasons, this vulnerability has been rated with an important severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:190edd3effb60c56c885fc964d3eb48076293e1e43d745c4615ed00ef7daa145_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:382be8775c61942123adac2acec9f48085ebf7fd2b286c20e36a33ea6462baa7_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:5e83175abaef1e3046bac94621a86e036317833c740cdd6d235f1133a1388dd3_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:7173a298b07cbde3cd9ff12ca25f26ccf79b9ff8cfcb35a001c9f8c0b0291436_s390x"
],
"known_not_affected": [
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:5008dcb0428a0837b9abd827963e7008c8e16af8cfcbd432421286fca63fe714_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:5856cba3fe26ab7f756ba93e06caa6e522336ff36ff4c515132a8d35c85a2f64_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:6ddf185f2714d45fab92c831bf32673da55c7a43dbcf1bd22090b203791e03b2_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:eb32b129ea6a10b4aada4313ff11b04c33b99877eea9a5e567245d361d69f140_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:165f6085028f3859f6ede9176d413274ee1a457b72cd9c437795146c20b0722c_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:7a39f26f51bcbb4ef395208db01e2b0ee8b1fe9b15b3701c9c35d8f636f790d9_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:a4d609ff22b610b625a74fffd22883d5debe93c2e0c6ae2bcbbfd8f5f6b2cf12_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:ec02f5f031fefd5a610b69a81be5350f96e54511e2d2c619e8b9fe8f193297b6_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:0070df2a8c7882ae021000c498ead96b19f1bd6819e46657d5898cb71e6ec506_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:4b578a8ef1579d7168b7f0a1b7cebe66213003f8225a86cfdd4c9f24a5e2d871_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:8d6371a5fe374e3bc5c19a930ea712d266fab13a722768204b128bc71e928c97_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:985b19d79b3e54fc8b99b9b0239b74dcf6d0102d3ff0cd5363ae4627069d2ee1_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:2a0a6ea6465a6d165f072ef782a1825cc16ecfb2f8c58d5ec58c1d40d02e5208_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:679b470190ff7a7fc04e283884be4f24d1b0c475d0730fb718f2f45c60551b61_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:9734d0dc0367884e128837b7d02038a3b4136c4865ed3dc90902801393e178b4_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:f5f35702e424cd4e9b768c59d44928844b2d09fbb98d368ae7b54b7ec0771d13_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-operator-bundle@sha256:093834bac2e2f7f01968ef542b9bcbf5fbe530c9f0dd86521825797abb4a33a2_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:16cf5e33f297c027686d3ba9c6cbb01dba7a39299e2765fe4eaacc892b32f0d1_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:4715242f98234d2018f8317d9a57f63ff23b4d63be96491d55af2a2ef4572261_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:678c8d38900d994c4aa2e23669b7901747028690a4c5e4ba9aced4cbfe22b248_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:b39a2930e310d432a840798f03f7e55b8da42ff16ccda31790f85558d2be2537_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:1d01e27a3cdea6c99a985b877e29629d1c1fb00203f4a90c45db6df7a602e2cc_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:88b38ad10068e0574d2e5934849b98429c69305633b42aa4d19822ede2a6e10d_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:b020334c46f2d7276ba0c3aa8be7951254b197b2da310f0c22d2e16681a6a265_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:f2c222424cd66659ebea6787b6934c2d01d9eeb4f7db03ebfa16ab7b65aeb5b2_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:153f9e059139e6dbaeb2e5166d21bfeec59a59aa5cd8045e11dbfa091479b4bb_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:b2173caa314ae26d2a300f61cfa94031c34fe7676fd007418849212082db3636_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:cd9ada6b38c080eec45e1d053ec305dde2d574899019ffb01a28dbe1dd582912_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:f17eb032f7250aa4a3bb99e2754fa4cb0dbfc9fbbb8c787f70ad30b71b27b5a2_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:1a57b53f8642ccb95884687efc251ad52e8ee3e718b55d0f4d21f800dfd3f5fa_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:6234cfecf4dd75b8c4ff1c527ad4eb306d966cfa0170ecdb8ea4bc69c2cdc495_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:779e75a94141db7f8223b9861ba2fa3ba8baf6fa470bb0ab109945d75e20121b_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:e593bebc4e753ac3c4cdd1be05711452dbda6e3b015b37926fa804851bdad6a8_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-33211"
},
{
"category": "external",
"summary": "RHBZ#2450554",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450554"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-33211",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33211"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-33211",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33211"
},
{
"category": "external",
"summary": "https://github.com/tektoncd/pipeline/commit/10fa538f9a2b6d01c75138f1ed7ba3da0e34687c",
"url": "https://github.com/tektoncd/pipeline/commit/10fa538f9a2b6d01c75138f1ed7ba3da0e34687c"
},
{
"category": "external",
"summary": "https://github.com/tektoncd/pipeline/commit/318006c4e3a5",
"url": "https://github.com/tektoncd/pipeline/commit/318006c4e3a5"
},
{
"category": "external",
"summary": "https://github.com/tektoncd/pipeline/commit/3ca7bc6e6dd1d97f80b84f78370d91edaf023cbd",
"url": "https://github.com/tektoncd/pipeline/commit/3ca7bc6e6dd1d97f80b84f78370d91edaf023cbd"
},
{
"category": "external",
"summary": "https://github.com/tektoncd/pipeline/commit/961388fcf3374bc7656d28ab58ca84987e0a75ae",
"url": "https://github.com/tektoncd/pipeline/commit/961388fcf3374bc7656d28ab58ca84987e0a75ae"
},
{
"category": "external",
"summary": "https://github.com/tektoncd/pipeline/commit/b1fee65b88aa969069c14c120045e97c37d9ee5e",
"url": "https://github.com/tektoncd/pipeline/commit/b1fee65b88aa969069c14c120045e97c37d9ee5e"
},
{
"category": "external",
"summary": "https://github.com/tektoncd/pipeline/commit/cdb4e1e97a4f3170f9bc2cbfff83a6c8107bc3db",
"url": "https://github.com/tektoncd/pipeline/commit/cdb4e1e97a4f3170f9bc2cbfff83a6c8107bc3db"
},
{
"category": "external",
"summary": "https://github.com/tektoncd/pipeline/commit/ec7755031a183b345cf9e64bea0e0505c1b9cb78",
"url": "https://github.com/tektoncd/pipeline/commit/ec7755031a183b345cf9e64bea0e0505c1b9cb78"
},
{
"category": "external",
"summary": "https://github.com/tektoncd/pipeline/security/advisories/GHSA-j5q5-j9gm-2w5c",
"url": "https://github.com/tektoncd/pipeline/security/advisories/GHSA-j5q5-j9gm-2w5c"
}
],
"release_date": "2026-03-23T23:55:54.089000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-23T14:13:54+00:00",
"details": "It is recommended that existing users of Red Hat OpenShift Builds 1.7.1 upgrades to to 1.7.2",
"product_ids": [
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:190edd3effb60c56c885fc964d3eb48076293e1e43d745c4615ed00ef7daa145_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:382be8775c61942123adac2acec9f48085ebf7fd2b286c20e36a33ea6462baa7_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:5e83175abaef1e3046bac94621a86e036317833c740cdd6d235f1133a1388dd3_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:7173a298b07cbde3cd9ff12ca25f26ccf79b9ff8cfcb35a001c9f8c0b0291436_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:10158"
},
{
"category": "workaround",
"details": "To mitigate this vulnerability, restrict the creation of ResolutionRequests to trusted users and service accounts. Implement strict Role-Based Access Control (RBAC) policies to limit which tenants can create TaskRuns or PipelineRuns that utilize the Tekton Pipelines git resolver. This reduces the exposure by preventing unauthorized access to the resolver pod\u0027s filesystem.",
"product_ids": [
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:5008dcb0428a0837b9abd827963e7008c8e16af8cfcbd432421286fca63fe714_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:5856cba3fe26ab7f756ba93e06caa6e522336ff36ff4c515132a8d35c85a2f64_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:6ddf185f2714d45fab92c831bf32673da55c7a43dbcf1bd22090b203791e03b2_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:eb32b129ea6a10b4aada4313ff11b04c33b99877eea9a5e567245d361d69f140_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:165f6085028f3859f6ede9176d413274ee1a457b72cd9c437795146c20b0722c_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:7a39f26f51bcbb4ef395208db01e2b0ee8b1fe9b15b3701c9c35d8f636f790d9_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:a4d609ff22b610b625a74fffd22883d5debe93c2e0c6ae2bcbbfd8f5f6b2cf12_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:ec02f5f031fefd5a610b69a81be5350f96e54511e2d2c619e8b9fe8f193297b6_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:0070df2a8c7882ae021000c498ead96b19f1bd6819e46657d5898cb71e6ec506_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:4b578a8ef1579d7168b7f0a1b7cebe66213003f8225a86cfdd4c9f24a5e2d871_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:8d6371a5fe374e3bc5c19a930ea712d266fab13a722768204b128bc71e928c97_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:985b19d79b3e54fc8b99b9b0239b74dcf6d0102d3ff0cd5363ae4627069d2ee1_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:2a0a6ea6465a6d165f072ef782a1825cc16ecfb2f8c58d5ec58c1d40d02e5208_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:679b470190ff7a7fc04e283884be4f24d1b0c475d0730fb718f2f45c60551b61_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:9734d0dc0367884e128837b7d02038a3b4136c4865ed3dc90902801393e178b4_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:f5f35702e424cd4e9b768c59d44928844b2d09fbb98d368ae7b54b7ec0771d13_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-operator-bundle@sha256:093834bac2e2f7f01968ef542b9bcbf5fbe530c9f0dd86521825797abb4a33a2_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:190edd3effb60c56c885fc964d3eb48076293e1e43d745c4615ed00ef7daa145_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:382be8775c61942123adac2acec9f48085ebf7fd2b286c20e36a33ea6462baa7_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:5e83175abaef1e3046bac94621a86e036317833c740cdd6d235f1133a1388dd3_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:7173a298b07cbde3cd9ff12ca25f26ccf79b9ff8cfcb35a001c9f8c0b0291436_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:16cf5e33f297c027686d3ba9c6cbb01dba7a39299e2765fe4eaacc892b32f0d1_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:4715242f98234d2018f8317d9a57f63ff23b4d63be96491d55af2a2ef4572261_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:678c8d38900d994c4aa2e23669b7901747028690a4c5e4ba9aced4cbfe22b248_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:b39a2930e310d432a840798f03f7e55b8da42ff16ccda31790f85558d2be2537_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:1d01e27a3cdea6c99a985b877e29629d1c1fb00203f4a90c45db6df7a602e2cc_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:88b38ad10068e0574d2e5934849b98429c69305633b42aa4d19822ede2a6e10d_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:b020334c46f2d7276ba0c3aa8be7951254b197b2da310f0c22d2e16681a6a265_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:f2c222424cd66659ebea6787b6934c2d01d9eeb4f7db03ebfa16ab7b65aeb5b2_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:153f9e059139e6dbaeb2e5166d21bfeec59a59aa5cd8045e11dbfa091479b4bb_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:b2173caa314ae26d2a300f61cfa94031c34fe7676fd007418849212082db3636_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:cd9ada6b38c080eec45e1d053ec305dde2d574899019ffb01a28dbe1dd582912_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:f17eb032f7250aa4a3bb99e2754fa4cb0dbfc9fbbb8c787f70ad30b71b27b5a2_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:1a57b53f8642ccb95884687efc251ad52e8ee3e718b55d0f4d21f800dfd3f5fa_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:6234cfecf4dd75b8c4ff1c527ad4eb306d966cfa0170ecdb8ea4bc69c2cdc495_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:779e75a94141db7f8223b9861ba2fa3ba8baf6fa470bb0ab109945d75e20121b_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:e593bebc4e753ac3c4cdd1be05711452dbda6e3b015b37926fa804851bdad6a8_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:5008dcb0428a0837b9abd827963e7008c8e16af8cfcbd432421286fca63fe714_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:5856cba3fe26ab7f756ba93e06caa6e522336ff36ff4c515132a8d35c85a2f64_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:6ddf185f2714d45fab92c831bf32673da55c7a43dbcf1bd22090b203791e03b2_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:eb32b129ea6a10b4aada4313ff11b04c33b99877eea9a5e567245d361d69f140_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:165f6085028f3859f6ede9176d413274ee1a457b72cd9c437795146c20b0722c_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:7a39f26f51bcbb4ef395208db01e2b0ee8b1fe9b15b3701c9c35d8f636f790d9_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:a4d609ff22b610b625a74fffd22883d5debe93c2e0c6ae2bcbbfd8f5f6b2cf12_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:ec02f5f031fefd5a610b69a81be5350f96e54511e2d2c619e8b9fe8f193297b6_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:0070df2a8c7882ae021000c498ead96b19f1bd6819e46657d5898cb71e6ec506_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:4b578a8ef1579d7168b7f0a1b7cebe66213003f8225a86cfdd4c9f24a5e2d871_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:8d6371a5fe374e3bc5c19a930ea712d266fab13a722768204b128bc71e928c97_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:985b19d79b3e54fc8b99b9b0239b74dcf6d0102d3ff0cd5363ae4627069d2ee1_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:2a0a6ea6465a6d165f072ef782a1825cc16ecfb2f8c58d5ec58c1d40d02e5208_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:679b470190ff7a7fc04e283884be4f24d1b0c475d0730fb718f2f45c60551b61_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:9734d0dc0367884e128837b7d02038a3b4136c4865ed3dc90902801393e178b4_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:f5f35702e424cd4e9b768c59d44928844b2d09fbb98d368ae7b54b7ec0771d13_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-operator-bundle@sha256:093834bac2e2f7f01968ef542b9bcbf5fbe530c9f0dd86521825797abb4a33a2_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:190edd3effb60c56c885fc964d3eb48076293e1e43d745c4615ed00ef7daa145_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:382be8775c61942123adac2acec9f48085ebf7fd2b286c20e36a33ea6462baa7_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:5e83175abaef1e3046bac94621a86e036317833c740cdd6d235f1133a1388dd3_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:7173a298b07cbde3cd9ff12ca25f26ccf79b9ff8cfcb35a001c9f8c0b0291436_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:16cf5e33f297c027686d3ba9c6cbb01dba7a39299e2765fe4eaacc892b32f0d1_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:4715242f98234d2018f8317d9a57f63ff23b4d63be96491d55af2a2ef4572261_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:678c8d38900d994c4aa2e23669b7901747028690a4c5e4ba9aced4cbfe22b248_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:b39a2930e310d432a840798f03f7e55b8da42ff16ccda31790f85558d2be2537_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:1d01e27a3cdea6c99a985b877e29629d1c1fb00203f4a90c45db6df7a602e2cc_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:88b38ad10068e0574d2e5934849b98429c69305633b42aa4d19822ede2a6e10d_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:b020334c46f2d7276ba0c3aa8be7951254b197b2da310f0c22d2e16681a6a265_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:f2c222424cd66659ebea6787b6934c2d01d9eeb4f7db03ebfa16ab7b65aeb5b2_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:153f9e059139e6dbaeb2e5166d21bfeec59a59aa5cd8045e11dbfa091479b4bb_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:b2173caa314ae26d2a300f61cfa94031c34fe7676fd007418849212082db3636_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:cd9ada6b38c080eec45e1d053ec305dde2d574899019ffb01a28dbe1dd582912_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:f17eb032f7250aa4a3bb99e2754fa4cb0dbfc9fbbb8c787f70ad30b71b27b5a2_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:1a57b53f8642ccb95884687efc251ad52e8ee3e718b55d0f4d21f800dfd3f5fa_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:6234cfecf4dd75b8c4ff1c527ad4eb306d966cfa0170ecdb8ea4bc69c2cdc495_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:779e75a94141db7f8223b9861ba2fa3ba8baf6fa470bb0ab109945d75e20121b_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:e593bebc4e753ac3c4cdd1be05711452dbda6e3b015b37926fa804851bdad6a8_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Tekton Pipelines: github.com/tektoncd/pipeline: Tekton Pipelines: Information disclosure via path traversal in git resolver"
},
{
"cve": "CVE-2026-33810",
"cwe": {
"id": "CWE-1289",
"name": "Improper Validation of Unsafe Equivalence in Input"
},
"discovery_date": "2026-04-08T02:01:09.100830+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:5008dcb0428a0837b9abd827963e7008c8e16af8cfcbd432421286fca63fe714_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:5856cba3fe26ab7f756ba93e06caa6e522336ff36ff4c515132a8d35c85a2f64_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:6ddf185f2714d45fab92c831bf32673da55c7a43dbcf1bd22090b203791e03b2_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:eb32b129ea6a10b4aada4313ff11b04c33b99877eea9a5e567245d361d69f140_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:165f6085028f3859f6ede9176d413274ee1a457b72cd9c437795146c20b0722c_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:7a39f26f51bcbb4ef395208db01e2b0ee8b1fe9b15b3701c9c35d8f636f790d9_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:a4d609ff22b610b625a74fffd22883d5debe93c2e0c6ae2bcbbfd8f5f6b2cf12_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:ec02f5f031fefd5a610b69a81be5350f96e54511e2d2c619e8b9fe8f193297b6_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:0070df2a8c7882ae021000c498ead96b19f1bd6819e46657d5898cb71e6ec506_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:4b578a8ef1579d7168b7f0a1b7cebe66213003f8225a86cfdd4c9f24a5e2d871_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:8d6371a5fe374e3bc5c19a930ea712d266fab13a722768204b128bc71e928c97_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:985b19d79b3e54fc8b99b9b0239b74dcf6d0102d3ff0cd5363ae4627069d2ee1_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:2a0a6ea6465a6d165f072ef782a1825cc16ecfb2f8c58d5ec58c1d40d02e5208_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:679b470190ff7a7fc04e283884be4f24d1b0c475d0730fb718f2f45c60551b61_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:9734d0dc0367884e128837b7d02038a3b4136c4865ed3dc90902801393e178b4_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:f5f35702e424cd4e9b768c59d44928844b2d09fbb98d368ae7b54b7ec0771d13_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-operator-bundle@sha256:093834bac2e2f7f01968ef542b9bcbf5fbe530c9f0dd86521825797abb4a33a2_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:190edd3effb60c56c885fc964d3eb48076293e1e43d745c4615ed00ef7daa145_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:382be8775c61942123adac2acec9f48085ebf7fd2b286c20e36a33ea6462baa7_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:5e83175abaef1e3046bac94621a86e036317833c740cdd6d235f1133a1388dd3_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:7173a298b07cbde3cd9ff12ca25f26ccf79b9ff8cfcb35a001c9f8c0b0291436_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:16cf5e33f297c027686d3ba9c6cbb01dba7a39299e2765fe4eaacc892b32f0d1_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:4715242f98234d2018f8317d9a57f63ff23b4d63be96491d55af2a2ef4572261_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:678c8d38900d994c4aa2e23669b7901747028690a4c5e4ba9aced4cbfe22b248_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:b39a2930e310d432a840798f03f7e55b8da42ff16ccda31790f85558d2be2537_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:1d01e27a3cdea6c99a985b877e29629d1c1fb00203f4a90c45db6df7a602e2cc_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:88b38ad10068e0574d2e5934849b98429c69305633b42aa4d19822ede2a6e10d_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:b020334c46f2d7276ba0c3aa8be7951254b197b2da310f0c22d2e16681a6a265_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:f2c222424cd66659ebea6787b6934c2d01d9eeb4f7db03ebfa16ab7b65aeb5b2_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:1a57b53f8642ccb95884687efc251ad52e8ee3e718b55d0f4d21f800dfd3f5fa_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:6234cfecf4dd75b8c4ff1c527ad4eb306d966cfa0170ecdb8ea4bc69c2cdc495_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:779e75a94141db7f8223b9861ba2fa3ba8baf6fa470bb0ab109945d75e20121b_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:e593bebc4e753ac3c4cdd1be05711452dbda6e3b015b37926fa804851bdad6a8_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2456335"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the `crypto/x509` package within Go (golang). When verifying a certificate chain, excluded DNS (Domain Name System) constraints are not correctly applied to wildcard DNS Subject Alternative Names (SANs) if the case of the SAN differs from the constraint. This oversight could allow an attacker to bypass certificate validation, potentially leading to the acceptance of a malicious certificate that should have been rejected. This issue specifically impacts the validation of trusted certificate chains.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: golang: Go crypto/x509: Certificate validation bypass due to incorrect DNS constraint application",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:153f9e059139e6dbaeb2e5166d21bfeec59a59aa5cd8045e11dbfa091479b4bb_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:b2173caa314ae26d2a300f61cfa94031c34fe7676fd007418849212082db3636_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:cd9ada6b38c080eec45e1d053ec305dde2d574899019ffb01a28dbe1dd582912_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:f17eb032f7250aa4a3bb99e2754fa4cb0dbfc9fbbb8c787f70ad30b71b27b5a2_ppc64le"
],
"known_not_affected": [
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:5008dcb0428a0837b9abd827963e7008c8e16af8cfcbd432421286fca63fe714_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:5856cba3fe26ab7f756ba93e06caa6e522336ff36ff4c515132a8d35c85a2f64_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:6ddf185f2714d45fab92c831bf32673da55c7a43dbcf1bd22090b203791e03b2_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:eb32b129ea6a10b4aada4313ff11b04c33b99877eea9a5e567245d361d69f140_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:165f6085028f3859f6ede9176d413274ee1a457b72cd9c437795146c20b0722c_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:7a39f26f51bcbb4ef395208db01e2b0ee8b1fe9b15b3701c9c35d8f636f790d9_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:a4d609ff22b610b625a74fffd22883d5debe93c2e0c6ae2bcbbfd8f5f6b2cf12_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:ec02f5f031fefd5a610b69a81be5350f96e54511e2d2c619e8b9fe8f193297b6_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:0070df2a8c7882ae021000c498ead96b19f1bd6819e46657d5898cb71e6ec506_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:4b578a8ef1579d7168b7f0a1b7cebe66213003f8225a86cfdd4c9f24a5e2d871_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:8d6371a5fe374e3bc5c19a930ea712d266fab13a722768204b128bc71e928c97_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:985b19d79b3e54fc8b99b9b0239b74dcf6d0102d3ff0cd5363ae4627069d2ee1_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:2a0a6ea6465a6d165f072ef782a1825cc16ecfb2f8c58d5ec58c1d40d02e5208_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:679b470190ff7a7fc04e283884be4f24d1b0c475d0730fb718f2f45c60551b61_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:9734d0dc0367884e128837b7d02038a3b4136c4865ed3dc90902801393e178b4_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:f5f35702e424cd4e9b768c59d44928844b2d09fbb98d368ae7b54b7ec0771d13_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-operator-bundle@sha256:093834bac2e2f7f01968ef542b9bcbf5fbe530c9f0dd86521825797abb4a33a2_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:190edd3effb60c56c885fc964d3eb48076293e1e43d745c4615ed00ef7daa145_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:382be8775c61942123adac2acec9f48085ebf7fd2b286c20e36a33ea6462baa7_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:5e83175abaef1e3046bac94621a86e036317833c740cdd6d235f1133a1388dd3_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:7173a298b07cbde3cd9ff12ca25f26ccf79b9ff8cfcb35a001c9f8c0b0291436_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:16cf5e33f297c027686d3ba9c6cbb01dba7a39299e2765fe4eaacc892b32f0d1_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:4715242f98234d2018f8317d9a57f63ff23b4d63be96491d55af2a2ef4572261_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:678c8d38900d994c4aa2e23669b7901747028690a4c5e4ba9aced4cbfe22b248_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:b39a2930e310d432a840798f03f7e55b8da42ff16ccda31790f85558d2be2537_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:1d01e27a3cdea6c99a985b877e29629d1c1fb00203f4a90c45db6df7a602e2cc_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:88b38ad10068e0574d2e5934849b98429c69305633b42aa4d19822ede2a6e10d_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:b020334c46f2d7276ba0c3aa8be7951254b197b2da310f0c22d2e16681a6a265_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:f2c222424cd66659ebea6787b6934c2d01d9eeb4f7db03ebfa16ab7b65aeb5b2_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:1a57b53f8642ccb95884687efc251ad52e8ee3e718b55d0f4d21f800dfd3f5fa_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:6234cfecf4dd75b8c4ff1c527ad4eb306d966cfa0170ecdb8ea4bc69c2cdc495_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:779e75a94141db7f8223b9861ba2fa3ba8baf6fa470bb0ab109945d75e20121b_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:e593bebc4e753ac3c4cdd1be05711452dbda6e3b015b37926fa804851bdad6a8_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-33810"
},
{
"category": "external",
"summary": "RHBZ#2456335",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456335"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-33810",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33810"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-33810",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33810"
},
{
"category": "external",
"summary": "https://go.dev/cl/763763",
"url": "https://go.dev/cl/763763"
},
{
"category": "external",
"summary": "https://go.dev/issue/78332",
"url": "https://go.dev/issue/78332"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU",
"url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4866",
"url": "https://pkg.go.dev/vuln/GO-2026-4866"
}
],
"release_date": "2026-04-08T01:06:56.546000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-23T14:13:54+00:00",
"details": "It is recommended that existing users of Red Hat OpenShift Builds 1.7.1 upgrades to to 1.7.2",
"product_ids": [
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:153f9e059139e6dbaeb2e5166d21bfeec59a59aa5cd8045e11dbfa091479b4bb_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:b2173caa314ae26d2a300f61cfa94031c34fe7676fd007418849212082db3636_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:cd9ada6b38c080eec45e1d053ec305dde2d574899019ffb01a28dbe1dd582912_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:f17eb032f7250aa4a3bb99e2754fa4cb0dbfc9fbbb8c787f70ad30b71b27b5a2_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:10158"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:L",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:5008dcb0428a0837b9abd827963e7008c8e16af8cfcbd432421286fca63fe714_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:5856cba3fe26ab7f756ba93e06caa6e522336ff36ff4c515132a8d35c85a2f64_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:6ddf185f2714d45fab92c831bf32673da55c7a43dbcf1bd22090b203791e03b2_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:eb32b129ea6a10b4aada4313ff11b04c33b99877eea9a5e567245d361d69f140_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:165f6085028f3859f6ede9176d413274ee1a457b72cd9c437795146c20b0722c_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:7a39f26f51bcbb4ef395208db01e2b0ee8b1fe9b15b3701c9c35d8f636f790d9_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:a4d609ff22b610b625a74fffd22883d5debe93c2e0c6ae2bcbbfd8f5f6b2cf12_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:ec02f5f031fefd5a610b69a81be5350f96e54511e2d2c619e8b9fe8f193297b6_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:0070df2a8c7882ae021000c498ead96b19f1bd6819e46657d5898cb71e6ec506_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:4b578a8ef1579d7168b7f0a1b7cebe66213003f8225a86cfdd4c9f24a5e2d871_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:8d6371a5fe374e3bc5c19a930ea712d266fab13a722768204b128bc71e928c97_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:985b19d79b3e54fc8b99b9b0239b74dcf6d0102d3ff0cd5363ae4627069d2ee1_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:2a0a6ea6465a6d165f072ef782a1825cc16ecfb2f8c58d5ec58c1d40d02e5208_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:679b470190ff7a7fc04e283884be4f24d1b0c475d0730fb718f2f45c60551b61_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:9734d0dc0367884e128837b7d02038a3b4136c4865ed3dc90902801393e178b4_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:f5f35702e424cd4e9b768c59d44928844b2d09fbb98d368ae7b54b7ec0771d13_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-operator-bundle@sha256:093834bac2e2f7f01968ef542b9bcbf5fbe530c9f0dd86521825797abb4a33a2_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:190edd3effb60c56c885fc964d3eb48076293e1e43d745c4615ed00ef7daa145_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:382be8775c61942123adac2acec9f48085ebf7fd2b286c20e36a33ea6462baa7_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:5e83175abaef1e3046bac94621a86e036317833c740cdd6d235f1133a1388dd3_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:7173a298b07cbde3cd9ff12ca25f26ccf79b9ff8cfcb35a001c9f8c0b0291436_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:16cf5e33f297c027686d3ba9c6cbb01dba7a39299e2765fe4eaacc892b32f0d1_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:4715242f98234d2018f8317d9a57f63ff23b4d63be96491d55af2a2ef4572261_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:678c8d38900d994c4aa2e23669b7901747028690a4c5e4ba9aced4cbfe22b248_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:b39a2930e310d432a840798f03f7e55b8da42ff16ccda31790f85558d2be2537_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:1d01e27a3cdea6c99a985b877e29629d1c1fb00203f4a90c45db6df7a602e2cc_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:88b38ad10068e0574d2e5934849b98429c69305633b42aa4d19822ede2a6e10d_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:b020334c46f2d7276ba0c3aa8be7951254b197b2da310f0c22d2e16681a6a265_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:f2c222424cd66659ebea6787b6934c2d01d9eeb4f7db03ebfa16ab7b65aeb5b2_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:153f9e059139e6dbaeb2e5166d21bfeec59a59aa5cd8045e11dbfa091479b4bb_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:b2173caa314ae26d2a300f61cfa94031c34fe7676fd007418849212082db3636_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:cd9ada6b38c080eec45e1d053ec305dde2d574899019ffb01a28dbe1dd582912_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:f17eb032f7250aa4a3bb99e2754fa4cb0dbfc9fbbb8c787f70ad30b71b27b5a2_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:1a57b53f8642ccb95884687efc251ad52e8ee3e718b55d0f4d21f800dfd3f5fa_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:6234cfecf4dd75b8c4ff1c527ad4eb306d966cfa0170ecdb8ea4bc69c2cdc495_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:779e75a94141db7f8223b9861ba2fa3ba8baf6fa470bb0ab109945d75e20121b_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:e593bebc4e753ac3c4cdd1be05711452dbda6e3b015b37926fa804851bdad6a8_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crypto/x509: golang: Go crypto/x509: Certificate validation bypass due to incorrect DNS constraint application"
}
]
}
RHSA-2026:10225
Vulnerability from csaf_redhat - Published: 2026-04-23 18:54 - Updated: 2026-06-27 19:50Summary
Red Hat Security Advisory: Red Hat Web Terminal Operator 1.12.0 release.
Severity
Important
Notes
Topic: Red Hat Web Terminal Operator 1.12.0 has been released.
Details: The Web Terminal provides a way to access a fully in-browser terminal emulator within the OpenShift Console. Command-line tools for interacting with the OpenShift cluster are pre-installed.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted HTTP request containing a massive number of query parameters will cause the application to consume an excessive amount of memory, eventually causing the application to crash or become unresponsive, resulting in a denial of service.
7.5 (High)
Affected products
Fixed
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Web Terminal 1.12:registry.redhat.io/web-terminal/web-terminal-exec-rhel9@sha256:0d1d6a7ab4d79ce38526b5cba5b2bf7cfcb4229384115e71770a4f47db5575e2_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Web Terminal 1.12:registry.redhat.io/web-terminal/web-terminal-rhel9-operator@sha256:78bf63531eca4a31679ce352adf95cbce86ecaa9dded662cc5d19e573c5e8c38_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Web Terminal 1.12:registry.redhat.io/web-terminal/web-terminal-operator-bundle@sha256:1be7fa359ffbd5516fe2edea73d6357c14487043300bbdedf638442995a48a05_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Web Terminal 1.12:registry.redhat.io/web-terminal/web-terminal-tooling-rhel9@sha256:74189cad04c4a910367bd79b404f36f42f6379d943a1c96a4d99aa5d8aa8fe15_amd64 | — |
Workaround
|
Threats
Impact
Important
A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the `HostnameError.Error()` function. This flaw, caused by unbounded string concatenation, leads to excessive resource consumption. Successful exploitation can result in a denial of service (DoS) for the affected system.
7.5 (High)
Affected products
Fixed
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Web Terminal 1.12:registry.redhat.io/web-terminal/web-terminal-exec-rhel9@sha256:0d1d6a7ab4d79ce38526b5cba5b2bf7cfcb4229384115e71770a4f47db5575e2_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Web Terminal 1.12:registry.redhat.io/web-terminal/web-terminal-rhel9-operator@sha256:78bf63531eca4a31679ce352adf95cbce86ecaa9dded662cc5d19e573c5e8c38_amd64 | — |
Vendor Fix
fix
|
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Web Terminal 1.12:registry.redhat.io/web-terminal/web-terminal-operator-bundle@sha256:1be7fa359ffbd5516fe2edea73d6357c14487043300bbdedf638442995a48a05_amd64 | — | ||
| Unresolved product id: Red Hat Web Terminal 1.12:registry.redhat.io/web-terminal/web-terminal-tooling-rhel9@sha256:74189cad04c4a910367bd79b404f36f42f6379d943a1c96a4d99aa5d8aa8fe15_amd64 | — |
Threats
Impact
Important
A flaw was found in the crypto/tls component. This vulnerability occurs during Transport Layer Security (TLS) session resumption when certificate authority (CA) settings are modified between the initial and resumed handshakes. An attacker could exploit this to bypass certificate validation, allowing a client or server to establish a connection that should have been rejected. This could lead to an authentication bypass under specific conditions.
7.4 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Web Terminal 1.12:registry.redhat.io/web-terminal/web-terminal-exec-rhel9@sha256:0d1d6a7ab4d79ce38526b5cba5b2bf7cfcb4229384115e71770a4f47db5575e2_amd64 | — |
Vendor Fix
fix
|
Known not affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Web Terminal 1.12:registry.redhat.io/web-terminal/web-terminal-operator-bundle@sha256:1be7fa359ffbd5516fe2edea73d6357c14487043300bbdedf638442995a48a05_amd64 | — | ||
| Unresolved product id: Red Hat Web Terminal 1.12:registry.redhat.io/web-terminal/web-terminal-rhel9-operator@sha256:78bf63531eca4a31679ce352adf95cbce86ecaa9dded662cc5d19e573c5e8c38_amd64 | — | ||
| Unresolved product id: Red Hat Web Terminal 1.12:registry.redhat.io/web-terminal/web-terminal-tooling-rhel9@sha256:74189cad04c4a910367bd79b404f36f42f6379d943a1c96a4d99aa5d8aa8fe15_amd64 | — |
Threats
Impact
Moderate
The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Web Terminal 1.12:registry.redhat.io/web-terminal/web-terminal-exec-rhel9@sha256:0d1d6a7ab4d79ce38526b5cba5b2bf7cfcb4229384115e71770a4f47db5575e2_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Web Terminal 1.12:registry.redhat.io/web-terminal/web-terminal-operator-bundle@sha256:1be7fa359ffbd5516fe2edea73d6357c14487043300bbdedf638442995a48a05_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Web Terminal 1.12:registry.redhat.io/web-terminal/web-terminal-rhel9-operator@sha256:78bf63531eca4a31679ce352adf95cbce86ecaa9dded662cc5d19e573c5e8c38_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Web Terminal 1.12:registry.redhat.io/web-terminal/web-terminal-tooling-rhel9@sha256:74189cad04c4a910367bd79b404f36f42f6379d943a1c96a4d99aa5d8aa8fe15_amd64 | — |
Workaround
|
Threats
Impact
Important
A certificate validation flaw has been discovered in the golang crypto/x509 module. When verifying a certificate chain which contains a certificate containing multiple email address constraints which share common local portions but different domain portions, these constraints will not be properly applied, and only the last constraint will be considered.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Web Terminal 1.12:registry.redhat.io/web-terminal/web-terminal-exec-rhel9@sha256:0d1d6a7ab4d79ce38526b5cba5b2bf7cfcb4229384115e71770a4f47db5575e2_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Web Terminal 1.12:registry.redhat.io/web-terminal/web-terminal-operator-bundle@sha256:1be7fa359ffbd5516fe2edea73d6357c14487043300bbdedf638442995a48a05_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Web Terminal 1.12:registry.redhat.io/web-terminal/web-terminal-rhel9-operator@sha256:78bf63531eca4a31679ce352adf95cbce86ecaa9dded662cc5d19e573c5e8c38_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Web Terminal 1.12:registry.redhat.io/web-terminal/web-terminal-tooling-rhel9@sha256:74189cad04c4a910367bd79b404f36f42f6379d943a1c96a4d99aa5d8aa8fe15_amd64 | — |
Workaround
|
Threats
Impact
Important
References
54 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat Web Terminal Operator 1.12.0 has been released.",
"title": "Topic"
},
{
"category": "general",
"text": "The Web Terminal provides a way to access a fully in-browser terminal emulator within the OpenShift Console. Command-line tools for interacting with the OpenShift cluster are pre-installed.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:10225",
"url": "https://access.redhat.com/errata/RHSA-2026:10225"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61726",
"url": "https://access.redhat.com/security/cve/CVE-2025-61726"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61729",
"url": "https://access.redhat.com/security/cve/CVE-2025-61729"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-68121",
"url": "https://access.redhat.com/security/cve/CVE-2025-68121"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-25679",
"url": "https://access.redhat.com/security/cve/CVE-2026-25679"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-27137",
"url": "https://access.redhat.com/security/cve/CVE-2026-27137"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "external",
"summary": "https://redhat.atlassian.net/browse/WTO-360",
"url": "https://redhat.atlassian.net/browse/WTO-360"
},
{
"category": "external",
"summary": "https://redhat.atlassian.net/browse/WTO-362",
"url": "https://redhat.atlassian.net/browse/WTO-362"
},
{
"category": "external",
"summary": "https://redhat.atlassian.net/browse/WTO-365",
"url": "https://redhat.atlassian.net/browse/WTO-365"
},
{
"category": "external",
"summary": "https://redhat.atlassian.net/browse/WTO-370",
"url": "https://redhat.atlassian.net/browse/WTO-370"
},
{
"category": "external",
"summary": "https://redhat.atlassian.net/browse/WTO-380",
"url": "https://redhat.atlassian.net/browse/WTO-380"
},
{
"category": "external",
"summary": "https://redhat.atlassian.net/browse/WTO-385",
"url": "https://redhat.atlassian.net/browse/WTO-385"
},
{
"category": "external",
"summary": "https://redhat.atlassian.net/browse/WTO-389",
"url": "https://redhat.atlassian.net/browse/WTO-389"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_10225.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Web Terminal Operator 1.12.0 release.",
"tracking": {
"current_release_date": "2026-06-27T19:50:05+00:00",
"generator": {
"date": "2026-06-27T19:50:05+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.2.6"
}
},
"id": "RHSA-2026:10225",
"initial_release_date": "2026-04-23T18:54:04+00:00",
"revision_history": [
{
"date": "2026-04-23T18:54:04+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-04-23T18:54:10+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-27T19:50:05+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Web Terminal 1.12",
"product": {
"name": "Red Hat Web Terminal 1.12",
"product_id": "Red Hat Web Terminal 1.12",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:webterminal:1.12::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat Web Terminal"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/web-terminal/web-terminal-exec-rhel9@sha256:0d1d6a7ab4d79ce38526b5cba5b2bf7cfcb4229384115e71770a4f47db5575e2_amd64",
"product": {
"name": "registry.redhat.io/web-terminal/web-terminal-exec-rhel9@sha256:0d1d6a7ab4d79ce38526b5cba5b2bf7cfcb4229384115e71770a4f47db5575e2_amd64",
"product_id": "registry.redhat.io/web-terminal/web-terminal-exec-rhel9@sha256:0d1d6a7ab4d79ce38526b5cba5b2bf7cfcb4229384115e71770a4f47db5575e2_amd64",
"product_identification_helper": {
"purl": "pkg:oci/web-terminal-exec-rhel9@sha256%3A0d1d6a7ab4d79ce38526b5cba5b2bf7cfcb4229384115e71770a4f47db5575e2?arch=amd64\u0026repository_url=registry.redhat.io/web-terminal\u0026tag=1776959849"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/web-terminal/web-terminal-rhel9-operator@sha256:78bf63531eca4a31679ce352adf95cbce86ecaa9dded662cc5d19e573c5e8c38_amd64",
"product": {
"name": "registry.redhat.io/web-terminal/web-terminal-rhel9-operator@sha256:78bf63531eca4a31679ce352adf95cbce86ecaa9dded662cc5d19e573c5e8c38_amd64",
"product_id": "registry.redhat.io/web-terminal/web-terminal-rhel9-operator@sha256:78bf63531eca4a31679ce352adf95cbce86ecaa9dded662cc5d19e573c5e8c38_amd64",
"product_identification_helper": {
"purl": "pkg:oci/web-terminal-rhel9-operator@sha256%3A78bf63531eca4a31679ce352adf95cbce86ecaa9dded662cc5d19e573c5e8c38?arch=amd64\u0026repository_url=registry.redhat.io/web-terminal\u0026tag=1776959828"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/web-terminal/web-terminal-operator-bundle@sha256:1be7fa359ffbd5516fe2edea73d6357c14487043300bbdedf638442995a48a05_amd64",
"product": {
"name": "registry.redhat.io/web-terminal/web-terminal-operator-bundle@sha256:1be7fa359ffbd5516fe2edea73d6357c14487043300bbdedf638442995a48a05_amd64",
"product_id": "registry.redhat.io/web-terminal/web-terminal-operator-bundle@sha256:1be7fa359ffbd5516fe2edea73d6357c14487043300bbdedf638442995a48a05_amd64",
"product_identification_helper": {
"purl": "pkg:oci/web-terminal-operator-bundle@sha256%3A1be7fa359ffbd5516fe2edea73d6357c14487043300bbdedf638442995a48a05?arch=amd64\u0026repository_url=registry.redhat.io/web-terminal\u0026tag=1776959800"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/web-terminal/web-terminal-tooling-rhel9@sha256:74189cad04c4a910367bd79b404f36f42f6379d943a1c96a4d99aa5d8aa8fe15_amd64",
"product": {
"name": "registry.redhat.io/web-terminal/web-terminal-tooling-rhel9@sha256:74189cad04c4a910367bd79b404f36f42f6379d943a1c96a4d99aa5d8aa8fe15_amd64",
"product_id": "registry.redhat.io/web-terminal/web-terminal-tooling-rhel9@sha256:74189cad04c4a910367bd79b404f36f42f6379d943a1c96a4d99aa5d8aa8fe15_amd64",
"product_identification_helper": {
"purl": "pkg:oci/web-terminal-tooling-rhel9@sha256%3A74189cad04c4a910367bd79b404f36f42f6379d943a1c96a4d99aa5d8aa8fe15?arch=amd64\u0026repository_url=registry.redhat.io/web-terminal\u0026tag=1776959862"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/web-terminal/web-terminal-exec-rhel9@sha256:0d1d6a7ab4d79ce38526b5cba5b2bf7cfcb4229384115e71770a4f47db5575e2_amd64 as a component of Red Hat Web Terminal 1.12",
"product_id": "Red Hat Web Terminal 1.12:registry.redhat.io/web-terminal/web-terminal-exec-rhel9@sha256:0d1d6a7ab4d79ce38526b5cba5b2bf7cfcb4229384115e71770a4f47db5575e2_amd64"
},
"product_reference": "registry.redhat.io/web-terminal/web-terminal-exec-rhel9@sha256:0d1d6a7ab4d79ce38526b5cba5b2bf7cfcb4229384115e71770a4f47db5575e2_amd64",
"relates_to_product_reference": "Red Hat Web Terminal 1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/web-terminal/web-terminal-operator-bundle@sha256:1be7fa359ffbd5516fe2edea73d6357c14487043300bbdedf638442995a48a05_amd64 as a component of Red Hat Web Terminal 1.12",
"product_id": "Red Hat Web Terminal 1.12:registry.redhat.io/web-terminal/web-terminal-operator-bundle@sha256:1be7fa359ffbd5516fe2edea73d6357c14487043300bbdedf638442995a48a05_amd64"
},
"product_reference": "registry.redhat.io/web-terminal/web-terminal-operator-bundle@sha256:1be7fa359ffbd5516fe2edea73d6357c14487043300bbdedf638442995a48a05_amd64",
"relates_to_product_reference": "Red Hat Web Terminal 1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/web-terminal/web-terminal-rhel9-operator@sha256:78bf63531eca4a31679ce352adf95cbce86ecaa9dded662cc5d19e573c5e8c38_amd64 as a component of Red Hat Web Terminal 1.12",
"product_id": "Red Hat Web Terminal 1.12:registry.redhat.io/web-terminal/web-terminal-rhel9-operator@sha256:78bf63531eca4a31679ce352adf95cbce86ecaa9dded662cc5d19e573c5e8c38_amd64"
},
"product_reference": "registry.redhat.io/web-terminal/web-terminal-rhel9-operator@sha256:78bf63531eca4a31679ce352adf95cbce86ecaa9dded662cc5d19e573c5e8c38_amd64",
"relates_to_product_reference": "Red Hat Web Terminal 1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/web-terminal/web-terminal-tooling-rhel9@sha256:74189cad04c4a910367bd79b404f36f42f6379d943a1c96a4d99aa5d8aa8fe15_amd64 as a component of Red Hat Web Terminal 1.12",
"product_id": "Red Hat Web Terminal 1.12:registry.redhat.io/web-terminal/web-terminal-tooling-rhel9@sha256:74189cad04c4a910367bd79b404f36f42f6379d943a1c96a4d99aa5d8aa8fe15_amd64"
},
"product_reference": "registry.redhat.io/web-terminal/web-terminal-tooling-rhel9@sha256:74189cad04c4a910367bd79b404f36f42f6379d943a1c96a4d99aa5d8aa8fe15_amd64",
"relates_to_product_reference": "Red Hat Web Terminal 1.12"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-61726",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-01-28T20:01:42.791305+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Web Terminal 1.12:registry.redhat.io/web-terminal/web-terminal-operator-bundle@sha256:1be7fa359ffbd5516fe2edea73d6357c14487043300bbdedf638442995a48a05_amd64",
"Red Hat Web Terminal 1.12:registry.redhat.io/web-terminal/web-terminal-tooling-rhel9@sha256:74189cad04c4a910367bd79b404f36f42f6379d943a1c96a4d99aa5d8aa8fe15_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2434432"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted HTTP request containing a massive number of query parameters will cause the application to consume an excessive amount of memory, eventually causing the application to crash or become unresponsive, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/url: Memory exhaustion in query parameter parsing in net/url",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker must be able to send a specially crafted HTTP request to an application parsing URL-encoded forms with net/url, specifically a request containing a large number of unique query parameters. The request will cause the application to consume an excessive amount of memory and eventually result in a denial of service, with no impact to confidentiality or integrity. Due to this reason, this vulnerability has been rated with an important severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Web Terminal 1.12:registry.redhat.io/web-terminal/web-terminal-exec-rhel9@sha256:0d1d6a7ab4d79ce38526b5cba5b2bf7cfcb4229384115e71770a4f47db5575e2_amd64",
"Red Hat Web Terminal 1.12:registry.redhat.io/web-terminal/web-terminal-rhel9-operator@sha256:78bf63531eca4a31679ce352adf95cbce86ecaa9dded662cc5d19e573c5e8c38_amd64"
],
"known_not_affected": [
"Red Hat Web Terminal 1.12:registry.redhat.io/web-terminal/web-terminal-operator-bundle@sha256:1be7fa359ffbd5516fe2edea73d6357c14487043300bbdedf638442995a48a05_amd64",
"Red Hat Web Terminal 1.12:registry.redhat.io/web-terminal/web-terminal-tooling-rhel9@sha256:74189cad04c4a910367bd79b404f36f42f6379d943a1c96a4d99aa5d8aa8fe15_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61726"
},
{
"category": "external",
"summary": "RHBZ#2434432",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2434432"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61726",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61726"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726"
},
{
"category": "external",
"summary": "https://go.dev/cl/736712",
"url": "https://go.dev/cl/736712"
},
{
"category": "external",
"summary": "https://go.dev/issue/77101",
"url": "https://go.dev/issue/77101"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc",
"url": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4341",
"url": "https://pkg.go.dev/vuln/GO-2026-4341"
}
],
"release_date": "2026-01-28T19:30:31.215000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-23T18:54:04+00:00",
"details": "To start using the Web Terminal Operator, install the Web Terminal Operator from OpenShift OperatorHub on OpenShift Container Platform 4.17 or higher.",
"product_ids": [
"Red Hat Web Terminal 1.12:registry.redhat.io/web-terminal/web-terminal-exec-rhel9@sha256:0d1d6a7ab4d79ce38526b5cba5b2bf7cfcb4229384115e71770a4f47db5575e2_amd64",
"Red Hat Web Terminal 1.12:registry.redhat.io/web-terminal/web-terminal-rhel9-operator@sha256:78bf63531eca4a31679ce352adf95cbce86ecaa9dded662cc5d19e573c5e8c38_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:10225"
},
{
"category": "workaround",
"details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.",
"product_ids": [
"Red Hat Web Terminal 1.12:registry.redhat.io/web-terminal/web-terminal-exec-rhel9@sha256:0d1d6a7ab4d79ce38526b5cba5b2bf7cfcb4229384115e71770a4f47db5575e2_amd64",
"Red Hat Web Terminal 1.12:registry.redhat.io/web-terminal/web-terminal-operator-bundle@sha256:1be7fa359ffbd5516fe2edea73d6357c14487043300bbdedf638442995a48a05_amd64",
"Red Hat Web Terminal 1.12:registry.redhat.io/web-terminal/web-terminal-rhel9-operator@sha256:78bf63531eca4a31679ce352adf95cbce86ecaa9dded662cc5d19e573c5e8c38_amd64",
"Red Hat Web Terminal 1.12:registry.redhat.io/web-terminal/web-terminal-tooling-rhel9@sha256:74189cad04c4a910367bd79b404f36f42f6379d943a1c96a4d99aa5d8aa8fe15_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Web Terminal 1.12:registry.redhat.io/web-terminal/web-terminal-exec-rhel9@sha256:0d1d6a7ab4d79ce38526b5cba5b2bf7cfcb4229384115e71770a4f47db5575e2_amd64",
"Red Hat Web Terminal 1.12:registry.redhat.io/web-terminal/web-terminal-operator-bundle@sha256:1be7fa359ffbd5516fe2edea73d6357c14487043300bbdedf638442995a48a05_amd64",
"Red Hat Web Terminal 1.12:registry.redhat.io/web-terminal/web-terminal-rhel9-operator@sha256:78bf63531eca4a31679ce352adf95cbce86ecaa9dded662cc5d19e573c5e8c38_amd64",
"Red Hat Web Terminal 1.12:registry.redhat.io/web-terminal/web-terminal-tooling-rhel9@sha256:74189cad04c4a910367bd79b404f36f42f6379d943a1c96a4d99aa5d8aa8fe15_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang: net/url: Memory exhaustion in query parameter parsing in net/url"
},
{
"cve": "CVE-2025-61729",
"cwe": {
"id": "CWE-1050",
"name": "Excessive Platform Resource Consumption within a Loop"
},
"discovery_date": "2025-12-02T20:01:45.330964+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Web Terminal 1.12:registry.redhat.io/web-terminal/web-terminal-operator-bundle@sha256:1be7fa359ffbd5516fe2edea73d6357c14487043300bbdedf638442995a48a05_amd64",
"Red Hat Web Terminal 1.12:registry.redhat.io/web-terminal/web-terminal-tooling-rhel9@sha256:74189cad04c4a910367bd79b404f36f42f6379d943a1c96a4d99aa5d8aa8fe15_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2418462"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the `HostnameError.Error()` function. This flaw, caused by unbounded string concatenation, leads to excessive resource consumption. Successful exploitation can result in a denial of service (DoS) for the affected system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Web Terminal 1.12:registry.redhat.io/web-terminal/web-terminal-exec-rhel9@sha256:0d1d6a7ab4d79ce38526b5cba5b2bf7cfcb4229384115e71770a4f47db5575e2_amd64",
"Red Hat Web Terminal 1.12:registry.redhat.io/web-terminal/web-terminal-rhel9-operator@sha256:78bf63531eca4a31679ce352adf95cbce86ecaa9dded662cc5d19e573c5e8c38_amd64"
],
"known_not_affected": [
"Red Hat Web Terminal 1.12:registry.redhat.io/web-terminal/web-terminal-operator-bundle@sha256:1be7fa359ffbd5516fe2edea73d6357c14487043300bbdedf638442995a48a05_amd64",
"Red Hat Web Terminal 1.12:registry.redhat.io/web-terminal/web-terminal-tooling-rhel9@sha256:74189cad04c4a910367bd79b404f36f42f6379d943a1c96a4d99aa5d8aa8fe15_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61729"
},
{
"category": "external",
"summary": "RHBZ#2418462",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418462"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61729",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61729"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61729",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61729"
},
{
"category": "external",
"summary": "https://go.dev/cl/725920",
"url": "https://go.dev/cl/725920"
},
{
"category": "external",
"summary": "https://go.dev/issue/76445",
"url": "https://go.dev/issue/76445"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4",
"url": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-4155",
"url": "https://pkg.go.dev/vuln/GO-2025-4155"
}
],
"release_date": "2025-12-02T18:54:10.166000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-23T18:54:04+00:00",
"details": "To start using the Web Terminal Operator, install the Web Terminal Operator from OpenShift OperatorHub on OpenShift Container Platform 4.17 or higher.",
"product_ids": [
"Red Hat Web Terminal 1.12:registry.redhat.io/web-terminal/web-terminal-exec-rhel9@sha256:0d1d6a7ab4d79ce38526b5cba5b2bf7cfcb4229384115e71770a4f47db5575e2_amd64",
"Red Hat Web Terminal 1.12:registry.redhat.io/web-terminal/web-terminal-rhel9-operator@sha256:78bf63531eca4a31679ce352adf95cbce86ecaa9dded662cc5d19e573c5e8c38_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:10225"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Web Terminal 1.12:registry.redhat.io/web-terminal/web-terminal-exec-rhel9@sha256:0d1d6a7ab4d79ce38526b5cba5b2bf7cfcb4229384115e71770a4f47db5575e2_amd64",
"Red Hat Web Terminal 1.12:registry.redhat.io/web-terminal/web-terminal-operator-bundle@sha256:1be7fa359ffbd5516fe2edea73d6357c14487043300bbdedf638442995a48a05_amd64",
"Red Hat Web Terminal 1.12:registry.redhat.io/web-terminal/web-terminal-rhel9-operator@sha256:78bf63531eca4a31679ce352adf95cbce86ecaa9dded662cc5d19e573c5e8c38_amd64",
"Red Hat Web Terminal 1.12:registry.redhat.io/web-terminal/web-terminal-tooling-rhel9@sha256:74189cad04c4a910367bd79b404f36f42f6379d943a1c96a4d99aa5d8aa8fe15_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate"
},
{
"cve": "CVE-2025-68121",
"discovery_date": "2026-02-05T18:01:30.086058+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Web Terminal 1.12:registry.redhat.io/web-terminal/web-terminal-operator-bundle@sha256:1be7fa359ffbd5516fe2edea73d6357c14487043300bbdedf638442995a48a05_amd64",
"Red Hat Web Terminal 1.12:registry.redhat.io/web-terminal/web-terminal-rhel9-operator@sha256:78bf63531eca4a31679ce352adf95cbce86ecaa9dded662cc5d19e573c5e8c38_amd64",
"Red Hat Web Terminal 1.12:registry.redhat.io/web-terminal/web-terminal-tooling-rhel9@sha256:74189cad04c4a910367bd79b404f36f42f6379d943a1c96a4d99aa5d8aa8fe15_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2437111"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the crypto/tls component. This vulnerability occurs during Transport Layer Security (TLS) session resumption when certificate authority (CA) settings are modified between the initial and resumed handshakes. An attacker could exploit this to bypass certificate validation, allowing a client or server to establish a connection that should have been rejected. This could lead to an authentication bypass under specific conditions.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is a moderate flaw because it only occurs under specific conditions, such as TLS session resumption with runtime changes to certificate authority settings. Exploitation is not straightforward and requires a controlled setup. The impact is limited to certificate validation within the same component and does not affect system availability.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Web Terminal 1.12:registry.redhat.io/web-terminal/web-terminal-exec-rhel9@sha256:0d1d6a7ab4d79ce38526b5cba5b2bf7cfcb4229384115e71770a4f47db5575e2_amd64"
],
"known_not_affected": [
"Red Hat Web Terminal 1.12:registry.redhat.io/web-terminal/web-terminal-operator-bundle@sha256:1be7fa359ffbd5516fe2edea73d6357c14487043300bbdedf638442995a48a05_amd64",
"Red Hat Web Terminal 1.12:registry.redhat.io/web-terminal/web-terminal-rhel9-operator@sha256:78bf63531eca4a31679ce352adf95cbce86ecaa9dded662cc5d19e573c5e8c38_amd64",
"Red Hat Web Terminal 1.12:registry.redhat.io/web-terminal/web-terminal-tooling-rhel9@sha256:74189cad04c4a910367bd79b404f36f42f6379d943a1c96a4d99aa5d8aa8fe15_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-68121"
},
{
"category": "external",
"summary": "RHBZ#2437111",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2437111"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-68121",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68121"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-68121",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68121"
},
{
"category": "external",
"summary": "https://go.dev/cl/737700",
"url": "https://go.dev/cl/737700"
},
{
"category": "external",
"summary": "https://go.dev/issue/77217",
"url": "https://go.dev/issue/77217"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk",
"url": "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4337",
"url": "https://pkg.go.dev/vuln/GO-2026-4337"
}
],
"release_date": "2026-02-05T17:48:44.141000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-23T18:54:04+00:00",
"details": "To start using the Web Terminal Operator, install the Web Terminal Operator from OpenShift OperatorHub on OpenShift Container Platform 4.17 or higher.",
"product_ids": [
"Red Hat Web Terminal 1.12:registry.redhat.io/web-terminal/web-terminal-exec-rhel9@sha256:0d1d6a7ab4d79ce38526b5cba5b2bf7cfcb4229384115e71770a4f47db5575e2_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:10225"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Web Terminal 1.12:registry.redhat.io/web-terminal/web-terminal-exec-rhel9@sha256:0d1d6a7ab4d79ce38526b5cba5b2bf7cfcb4229384115e71770a4f47db5575e2_amd64",
"Red Hat Web Terminal 1.12:registry.redhat.io/web-terminal/web-terminal-operator-bundle@sha256:1be7fa359ffbd5516fe2edea73d6357c14487043300bbdedf638442995a48a05_amd64",
"Red Hat Web Terminal 1.12:registry.redhat.io/web-terminal/web-terminal-rhel9-operator@sha256:78bf63531eca4a31679ce352adf95cbce86ecaa9dded662cc5d19e573c5e8c38_amd64",
"Red Hat Web Terminal 1.12:registry.redhat.io/web-terminal/web-terminal-tooling-rhel9@sha256:74189cad04c4a910367bd79b404f36f42f6379d943a1c96a4d99aa5d8aa8fe15_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption"
},
{
"cve": "CVE-2026-25679",
"cwe": {
"id": "CWE-1286",
"name": "Improper Validation of Syntactic Correctness of Input"
},
"discovery_date": "2026-03-06T22:02:11.567841+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Web Terminal 1.12:registry.redhat.io/web-terminal/web-terminal-operator-bundle@sha256:1be7fa359ffbd5516fe2edea73d6357c14487043300bbdedf638442995a48a05_amd64",
"Red Hat Web Terminal 1.12:registry.redhat.io/web-terminal/web-terminal-rhel9-operator@sha256:78bf63531eca4a31679ce352adf95cbce86ecaa9dded662cc5d19e573c5e8c38_amd64",
"Red Hat Web Terminal 1.12:registry.redhat.io/web-terminal/web-terminal-tooling-rhel9@sha256:74189cad04c4a910367bd79b404f36f42f6379d943a1c96a4d99aa5d8aa8fe15_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2445356"
}
],
"notes": [
{
"category": "description",
"text": "The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "net/url: Incorrect parsing of IPv6 host literals in net/url",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Web Terminal 1.12:registry.redhat.io/web-terminal/web-terminal-exec-rhel9@sha256:0d1d6a7ab4d79ce38526b5cba5b2bf7cfcb4229384115e71770a4f47db5575e2_amd64"
],
"known_not_affected": [
"Red Hat Web Terminal 1.12:registry.redhat.io/web-terminal/web-terminal-operator-bundle@sha256:1be7fa359ffbd5516fe2edea73d6357c14487043300bbdedf638442995a48a05_amd64",
"Red Hat Web Terminal 1.12:registry.redhat.io/web-terminal/web-terminal-rhel9-operator@sha256:78bf63531eca4a31679ce352adf95cbce86ecaa9dded662cc5d19e573c5e8c38_amd64",
"Red Hat Web Terminal 1.12:registry.redhat.io/web-terminal/web-terminal-tooling-rhel9@sha256:74189cad04c4a910367bd79b404f36f42f6379d943a1c96a4d99aa5d8aa8fe15_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-25679"
},
{
"category": "external",
"summary": "RHBZ#2445356",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445356"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-25679",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25679"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-25679",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25679"
},
{
"category": "external",
"summary": "https://go.dev/cl/752180",
"url": "https://go.dev/cl/752180"
},
{
"category": "external",
"summary": "https://go.dev/issue/77578",
"url": "https://go.dev/issue/77578"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk",
"url": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4601",
"url": "https://pkg.go.dev/vuln/GO-2026-4601"
}
],
"release_date": "2026-03-06T21:28:14.211000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-23T18:54:04+00:00",
"details": "To start using the Web Terminal Operator, install the Web Terminal Operator from OpenShift OperatorHub on OpenShift Container Platform 4.17 or higher.",
"product_ids": [
"Red Hat Web Terminal 1.12:registry.redhat.io/web-terminal/web-terminal-exec-rhel9@sha256:0d1d6a7ab4d79ce38526b5cba5b2bf7cfcb4229384115e71770a4f47db5575e2_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:10225"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Web Terminal 1.12:registry.redhat.io/web-terminal/web-terminal-exec-rhel9@sha256:0d1d6a7ab4d79ce38526b5cba5b2bf7cfcb4229384115e71770a4f47db5575e2_amd64",
"Red Hat Web Terminal 1.12:registry.redhat.io/web-terminal/web-terminal-operator-bundle@sha256:1be7fa359ffbd5516fe2edea73d6357c14487043300bbdedf638442995a48a05_amd64",
"Red Hat Web Terminal 1.12:registry.redhat.io/web-terminal/web-terminal-rhel9-operator@sha256:78bf63531eca4a31679ce352adf95cbce86ecaa9dded662cc5d19e573c5e8c38_amd64",
"Red Hat Web Terminal 1.12:registry.redhat.io/web-terminal/web-terminal-tooling-rhel9@sha256:74189cad04c4a910367bd79b404f36f42f6379d943a1c96a4d99aa5d8aa8fe15_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Web Terminal 1.12:registry.redhat.io/web-terminal/web-terminal-exec-rhel9@sha256:0d1d6a7ab4d79ce38526b5cba5b2bf7cfcb4229384115e71770a4f47db5575e2_amd64",
"Red Hat Web Terminal 1.12:registry.redhat.io/web-terminal/web-terminal-operator-bundle@sha256:1be7fa359ffbd5516fe2edea73d6357c14487043300bbdedf638442995a48a05_amd64",
"Red Hat Web Terminal 1.12:registry.redhat.io/web-terminal/web-terminal-rhel9-operator@sha256:78bf63531eca4a31679ce352adf95cbce86ecaa9dded662cc5d19e573c5e8c38_amd64",
"Red Hat Web Terminal 1.12:registry.redhat.io/web-terminal/web-terminal-tooling-rhel9@sha256:74189cad04c4a910367bd79b404f36f42f6379d943a1c96a4d99aa5d8aa8fe15_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "net/url: Incorrect parsing of IPv6 host literals in net/url"
},
{
"cve": "CVE-2026-27137",
"cwe": {
"id": "CWE-295",
"name": "Improper Certificate Validation"
},
"discovery_date": "2026-03-06T22:01:38.859733+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Web Terminal 1.12:registry.redhat.io/web-terminal/web-terminal-operator-bundle@sha256:1be7fa359ffbd5516fe2edea73d6357c14487043300bbdedf638442995a48a05_amd64",
"Red Hat Web Terminal 1.12:registry.redhat.io/web-terminal/web-terminal-rhel9-operator@sha256:78bf63531eca4a31679ce352adf95cbce86ecaa9dded662cc5d19e573c5e8c38_amd64",
"Red Hat Web Terminal 1.12:registry.redhat.io/web-terminal/web-terminal-tooling-rhel9@sha256:74189cad04c4a910367bd79b404f36f42f6379d943a1c96a4d99aa5d8aa8fe15_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2445345"
}
],
"notes": [
{
"category": "description",
"text": "A certificate validation flaw has been discovered in the golang crypto/x509 module. When verifying a certificate chain which contains a certificate containing multiple email address constraints which share common local portions but different domain portions, these constraints will not be properly applied, and only the last constraint will be considered.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: Incorrect enforcement of email constraints in crypto/x509",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Web Terminal 1.12:registry.redhat.io/web-terminal/web-terminal-exec-rhel9@sha256:0d1d6a7ab4d79ce38526b5cba5b2bf7cfcb4229384115e71770a4f47db5575e2_amd64"
],
"known_not_affected": [
"Red Hat Web Terminal 1.12:registry.redhat.io/web-terminal/web-terminal-operator-bundle@sha256:1be7fa359ffbd5516fe2edea73d6357c14487043300bbdedf638442995a48a05_amd64",
"Red Hat Web Terminal 1.12:registry.redhat.io/web-terminal/web-terminal-rhel9-operator@sha256:78bf63531eca4a31679ce352adf95cbce86ecaa9dded662cc5d19e573c5e8c38_amd64",
"Red Hat Web Terminal 1.12:registry.redhat.io/web-terminal/web-terminal-tooling-rhel9@sha256:74189cad04c4a910367bd79b404f36f42f6379d943a1c96a4d99aa5d8aa8fe15_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-27137"
},
{
"category": "external",
"summary": "RHBZ#2445345",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445345"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-27137",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27137"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-27137",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27137"
},
{
"category": "external",
"summary": "https://go.dev/cl/752182",
"url": "https://go.dev/cl/752182"
},
{
"category": "external",
"summary": "https://go.dev/issue/77952",
"url": "https://go.dev/issue/77952"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk",
"url": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4599",
"url": "https://pkg.go.dev/vuln/GO-2026-4599"
}
],
"release_date": "2026-03-06T21:28:13.748000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-23T18:54:04+00:00",
"details": "To start using the Web Terminal Operator, install the Web Terminal Operator from OpenShift OperatorHub on OpenShift Container Platform 4.17 or higher.",
"product_ids": [
"Red Hat Web Terminal 1.12:registry.redhat.io/web-terminal/web-terminal-exec-rhel9@sha256:0d1d6a7ab4d79ce38526b5cba5b2bf7cfcb4229384115e71770a4f47db5575e2_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:10225"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Web Terminal 1.12:registry.redhat.io/web-terminal/web-terminal-exec-rhel9@sha256:0d1d6a7ab4d79ce38526b5cba5b2bf7cfcb4229384115e71770a4f47db5575e2_amd64",
"Red Hat Web Terminal 1.12:registry.redhat.io/web-terminal/web-terminal-operator-bundle@sha256:1be7fa359ffbd5516fe2edea73d6357c14487043300bbdedf638442995a48a05_amd64",
"Red Hat Web Terminal 1.12:registry.redhat.io/web-terminal/web-terminal-rhel9-operator@sha256:78bf63531eca4a31679ce352adf95cbce86ecaa9dded662cc5d19e573c5e8c38_amd64",
"Red Hat Web Terminal 1.12:registry.redhat.io/web-terminal/web-terminal-tooling-rhel9@sha256:74189cad04c4a910367bd79b404f36f42f6379d943a1c96a4d99aa5d8aa8fe15_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Web Terminal 1.12:registry.redhat.io/web-terminal/web-terminal-exec-rhel9@sha256:0d1d6a7ab4d79ce38526b5cba5b2bf7cfcb4229384115e71770a4f47db5575e2_amd64",
"Red Hat Web Terminal 1.12:registry.redhat.io/web-terminal/web-terminal-operator-bundle@sha256:1be7fa359ffbd5516fe2edea73d6357c14487043300bbdedf638442995a48a05_amd64",
"Red Hat Web Terminal 1.12:registry.redhat.io/web-terminal/web-terminal-rhel9-operator@sha256:78bf63531eca4a31679ce352adf95cbce86ecaa9dded662cc5d19e573c5e8c38_amd64",
"Red Hat Web Terminal 1.12:registry.redhat.io/web-terminal/web-terminal-tooling-rhel9@sha256:74189cad04c4a910367bd79b404f36f42f6379d943a1c96a4d99aa5d8aa8fe15_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crypto/x509: Incorrect enforcement of email constraints in crypto/x509"
}
]
}
RHSA-2026:10250
Vulnerability from csaf_redhat - Published: 2026-04-23 20:17 - Updated: 2026-06-27 19:50Summary
Red Hat Security Advisory: Red Hat Web Terminal Operator 1.11.0 release.
Severity
Important
Notes
Topic: Red Hat Web Terminal Operator 1.11.0 has been released.
Details: The Web Terminal provides a way to access a fully in-browser terminal emulator within the OpenShift Console. Command-line tools for interacting with the OpenShift cluster are pre-installed.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted HTTP request containing a massive number of query parameters will cause the application to consume an excessive amount of memory, eventually causing the application to crash or become unresponsive, resulting in a denial of service.
7.5 (High)
Affected products
Fixed
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Web Terminal 1.11:registry.redhat.io/web-terminal/web-terminal-exec-rhel9@sha256:3f023579aeb7ef51b78419eadc9a5336ad13d22d437566f57f134ffe8b195a44_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Web Terminal 1.11:registry.redhat.io/web-terminal/web-terminal-rhel9-operator@sha256:4a962859025e5e34351919c61cd8b62c31117ee85810675ef9a2f9e13f805395_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Web Terminal 1.11:registry.redhat.io/web-terminal/web-terminal-operator-bundle@sha256:02e55ec3e1891323a0a33432610bd6a1d792aa4a3d3d74419c862cd22b4d012c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Web Terminal 1.11:registry.redhat.io/web-terminal/web-terminal-tooling-rhel9@sha256:da64b849bc965960d18250fe15ad3c07a9a648618c546a017d0a1c843e623d4a_amd64 | — |
Workaround
|
Threats
Impact
Important
A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the `HostnameError.Error()` function. This flaw, caused by unbounded string concatenation, leads to excessive resource consumption. Successful exploitation can result in a denial of service (DoS) for the affected system.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Web Terminal 1.11:registry.redhat.io/web-terminal/web-terminal-exec-rhel9@sha256:3f023579aeb7ef51b78419eadc9a5336ad13d22d437566f57f134ffe8b195a44_amd64 | — |
Vendor Fix
fix
|
Known not affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Web Terminal 1.11:registry.redhat.io/web-terminal/web-terminal-operator-bundle@sha256:02e55ec3e1891323a0a33432610bd6a1d792aa4a3d3d74419c862cd22b4d012c_amd64 | — | ||
| Unresolved product id: Red Hat Web Terminal 1.11:registry.redhat.io/web-terminal/web-terminal-rhel9-operator@sha256:4a962859025e5e34351919c61cd8b62c31117ee85810675ef9a2f9e13f805395_amd64 | — | ||
| Unresolved product id: Red Hat Web Terminal 1.11:registry.redhat.io/web-terminal/web-terminal-tooling-rhel9@sha256:da64b849bc965960d18250fe15ad3c07a9a648618c546a017d0a1c843e623d4a_amd64 | — |
Threats
Impact
Important
A flaw was found in the crypto/tls component. This vulnerability occurs during Transport Layer Security (TLS) session resumption when certificate authority (CA) settings are modified between the initial and resumed handshakes. An attacker could exploit this to bypass certificate validation, allowing a client or server to establish a connection that should have been rejected. This could lead to an authentication bypass under specific conditions.
7.4 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Web Terminal 1.11:registry.redhat.io/web-terminal/web-terminal-exec-rhel9@sha256:3f023579aeb7ef51b78419eadc9a5336ad13d22d437566f57f134ffe8b195a44_amd64 | — |
Vendor Fix
fix
|
Known not affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Web Terminal 1.11:registry.redhat.io/web-terminal/web-terminal-operator-bundle@sha256:02e55ec3e1891323a0a33432610bd6a1d792aa4a3d3d74419c862cd22b4d012c_amd64 | — | ||
| Unresolved product id: Red Hat Web Terminal 1.11:registry.redhat.io/web-terminal/web-terminal-rhel9-operator@sha256:4a962859025e5e34351919c61cd8b62c31117ee85810675ef9a2f9e13f805395_amd64 | — | ||
| Unresolved product id: Red Hat Web Terminal 1.11:registry.redhat.io/web-terminal/web-terminal-tooling-rhel9@sha256:da64b849bc965960d18250fe15ad3c07a9a648618c546a017d0a1c843e623d4a_amd64 | — |
Threats
Impact
Moderate
The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Web Terminal 1.11:registry.redhat.io/web-terminal/web-terminal-exec-rhel9@sha256:3f023579aeb7ef51b78419eadc9a5336ad13d22d437566f57f134ffe8b195a44_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Web Terminal 1.11:registry.redhat.io/web-terminal/web-terminal-operator-bundle@sha256:02e55ec3e1891323a0a33432610bd6a1d792aa4a3d3d74419c862cd22b4d012c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Web Terminal 1.11:registry.redhat.io/web-terminal/web-terminal-rhel9-operator@sha256:4a962859025e5e34351919c61cd8b62c31117ee85810675ef9a2f9e13f805395_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Web Terminal 1.11:registry.redhat.io/web-terminal/web-terminal-tooling-rhel9@sha256:da64b849bc965960d18250fe15ad3c07a9a648618c546a017d0a1c843e623d4a_amd64 | — |
Workaround
|
Threats
Impact
Important
A certificate validation flaw has been discovered in the golang crypto/x509 module. When verifying a certificate chain which contains a certificate containing multiple email address constraints which share common local portions but different domain portions, these constraints will not be properly applied, and only the last constraint will be considered.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Web Terminal 1.11:registry.redhat.io/web-terminal/web-terminal-exec-rhel9@sha256:3f023579aeb7ef51b78419eadc9a5336ad13d22d437566f57f134ffe8b195a44_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Web Terminal 1.11:registry.redhat.io/web-terminal/web-terminal-operator-bundle@sha256:02e55ec3e1891323a0a33432610bd6a1d792aa4a3d3d74419c862cd22b4d012c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Web Terminal 1.11:registry.redhat.io/web-terminal/web-terminal-rhel9-operator@sha256:4a962859025e5e34351919c61cd8b62c31117ee85810675ef9a2f9e13f805395_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Web Terminal 1.11:registry.redhat.io/web-terminal/web-terminal-tooling-rhel9@sha256:da64b849bc965960d18250fe15ad3c07a9a648618c546a017d0a1c843e623d4a_amd64 | — |
Workaround
|
Threats
Impact
Important
References
53 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat Web Terminal Operator 1.11.0 has been released.",
"title": "Topic"
},
{
"category": "general",
"text": "The Web Terminal provides a way to access a fully in-browser terminal emulator within the OpenShift Console. Command-line tools for interacting with the OpenShift cluster are pre-installed.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:10250",
"url": "https://access.redhat.com/errata/RHSA-2026:10250"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61726",
"url": "https://access.redhat.com/security/cve/CVE-2025-61726"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61729",
"url": "https://access.redhat.com/security/cve/CVE-2025-61729"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-68121",
"url": "https://access.redhat.com/security/cve/CVE-2025-68121"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-25679",
"url": "https://access.redhat.com/security/cve/CVE-2026-25679"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-27137",
"url": "https://access.redhat.com/security/cve/CVE-2026-27137"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "external",
"summary": "https://redhat.atlassian.net/browse/WTO-364",
"url": "https://redhat.atlassian.net/browse/WTO-364"
},
{
"category": "external",
"summary": "https://redhat.atlassian.net/browse/WTO-369",
"url": "https://redhat.atlassian.net/browse/WTO-369"
},
{
"category": "external",
"summary": "https://redhat.atlassian.net/browse/WTO-374",
"url": "https://redhat.atlassian.net/browse/WTO-374"
},
{
"category": "external",
"summary": "https://redhat.atlassian.net/browse/WTO-379",
"url": "https://redhat.atlassian.net/browse/WTO-379"
},
{
"category": "external",
"summary": "https://redhat.atlassian.net/browse/WTO-384",
"url": "https://redhat.atlassian.net/browse/WTO-384"
},
{
"category": "external",
"summary": "https://redhat.atlassian.net/browse/WTO-387",
"url": "https://redhat.atlassian.net/browse/WTO-387"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_10250.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Web Terminal Operator 1.11.0 release.",
"tracking": {
"current_release_date": "2026-06-27T19:50:05+00:00",
"generator": {
"date": "2026-06-27T19:50:05+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.2.6"
}
},
"id": "RHSA-2026:10250",
"initial_release_date": "2026-04-23T20:17:23+00:00",
"revision_history": [
{
"date": "2026-04-23T20:17:23+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-04-23T20:17:29+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-27T19:50:05+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Web Terminal 1.11",
"product": {
"name": "Red Hat Web Terminal 1.11",
"product_id": "Red Hat Web Terminal 1.11",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:webterminal:1.11::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat Web Terminal"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/web-terminal/web-terminal-exec-rhel9@sha256:3f023579aeb7ef51b78419eadc9a5336ad13d22d437566f57f134ffe8b195a44_amd64",
"product": {
"name": "registry.redhat.io/web-terminal/web-terminal-exec-rhel9@sha256:3f023579aeb7ef51b78419eadc9a5336ad13d22d437566f57f134ffe8b195a44_amd64",
"product_id": "registry.redhat.io/web-terminal/web-terminal-exec-rhel9@sha256:3f023579aeb7ef51b78419eadc9a5336ad13d22d437566f57f134ffe8b195a44_amd64",
"product_identification_helper": {
"purl": "pkg:oci/web-terminal-exec-rhel9@sha256%3A3f023579aeb7ef51b78419eadc9a5336ad13d22d437566f57f134ffe8b195a44?arch=amd64\u0026repository_url=registry.redhat.io/web-terminal\u0026tag=1776966691"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/web-terminal/web-terminal-rhel9-operator@sha256:4a962859025e5e34351919c61cd8b62c31117ee85810675ef9a2f9e13f805395_amd64",
"product": {
"name": "registry.redhat.io/web-terminal/web-terminal-rhel9-operator@sha256:4a962859025e5e34351919c61cd8b62c31117ee85810675ef9a2f9e13f805395_amd64",
"product_id": "registry.redhat.io/web-terminal/web-terminal-rhel9-operator@sha256:4a962859025e5e34351919c61cd8b62c31117ee85810675ef9a2f9e13f805395_amd64",
"product_identification_helper": {
"purl": "pkg:oci/web-terminal-rhel9-operator@sha256%3A4a962859025e5e34351919c61cd8b62c31117ee85810675ef9a2f9e13f805395?arch=amd64\u0026repository_url=registry.redhat.io/web-terminal\u0026tag=1776966690"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/web-terminal/web-terminal-operator-bundle@sha256:02e55ec3e1891323a0a33432610bd6a1d792aa4a3d3d74419c862cd22b4d012c_amd64",
"product": {
"name": "registry.redhat.io/web-terminal/web-terminal-operator-bundle@sha256:02e55ec3e1891323a0a33432610bd6a1d792aa4a3d3d74419c862cd22b4d012c_amd64",
"product_id": "registry.redhat.io/web-terminal/web-terminal-operator-bundle@sha256:02e55ec3e1891323a0a33432610bd6a1d792aa4a3d3d74419c862cd22b4d012c_amd64",
"product_identification_helper": {
"purl": "pkg:oci/web-terminal-operator-bundle@sha256%3A02e55ec3e1891323a0a33432610bd6a1d792aa4a3d3d74419c862cd22b4d012c?arch=amd64\u0026repository_url=registry.redhat.io/web-terminal\u0026tag=1776966665"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/web-terminal/web-terminal-tooling-rhel9@sha256:da64b849bc965960d18250fe15ad3c07a9a648618c546a017d0a1c843e623d4a_amd64",
"product": {
"name": "registry.redhat.io/web-terminal/web-terminal-tooling-rhel9@sha256:da64b849bc965960d18250fe15ad3c07a9a648618c546a017d0a1c843e623d4a_amd64",
"product_id": "registry.redhat.io/web-terminal/web-terminal-tooling-rhel9@sha256:da64b849bc965960d18250fe15ad3c07a9a648618c546a017d0a1c843e623d4a_amd64",
"product_identification_helper": {
"purl": "pkg:oci/web-terminal-tooling-rhel9@sha256%3Ada64b849bc965960d18250fe15ad3c07a9a648618c546a017d0a1c843e623d4a?arch=amd64\u0026repository_url=registry.redhat.io/web-terminal\u0026tag=1776966742"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/web-terminal/web-terminal-exec-rhel9@sha256:3f023579aeb7ef51b78419eadc9a5336ad13d22d437566f57f134ffe8b195a44_amd64 as a component of Red Hat Web Terminal 1.11",
"product_id": "Red Hat Web Terminal 1.11:registry.redhat.io/web-terminal/web-terminal-exec-rhel9@sha256:3f023579aeb7ef51b78419eadc9a5336ad13d22d437566f57f134ffe8b195a44_amd64"
},
"product_reference": "registry.redhat.io/web-terminal/web-terminal-exec-rhel9@sha256:3f023579aeb7ef51b78419eadc9a5336ad13d22d437566f57f134ffe8b195a44_amd64",
"relates_to_product_reference": "Red Hat Web Terminal 1.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/web-terminal/web-terminal-operator-bundle@sha256:02e55ec3e1891323a0a33432610bd6a1d792aa4a3d3d74419c862cd22b4d012c_amd64 as a component of Red Hat Web Terminal 1.11",
"product_id": "Red Hat Web Terminal 1.11:registry.redhat.io/web-terminal/web-terminal-operator-bundle@sha256:02e55ec3e1891323a0a33432610bd6a1d792aa4a3d3d74419c862cd22b4d012c_amd64"
},
"product_reference": "registry.redhat.io/web-terminal/web-terminal-operator-bundle@sha256:02e55ec3e1891323a0a33432610bd6a1d792aa4a3d3d74419c862cd22b4d012c_amd64",
"relates_to_product_reference": "Red Hat Web Terminal 1.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/web-terminal/web-terminal-rhel9-operator@sha256:4a962859025e5e34351919c61cd8b62c31117ee85810675ef9a2f9e13f805395_amd64 as a component of Red Hat Web Terminal 1.11",
"product_id": "Red Hat Web Terminal 1.11:registry.redhat.io/web-terminal/web-terminal-rhel9-operator@sha256:4a962859025e5e34351919c61cd8b62c31117ee85810675ef9a2f9e13f805395_amd64"
},
"product_reference": "registry.redhat.io/web-terminal/web-terminal-rhel9-operator@sha256:4a962859025e5e34351919c61cd8b62c31117ee85810675ef9a2f9e13f805395_amd64",
"relates_to_product_reference": "Red Hat Web Terminal 1.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/web-terminal/web-terminal-tooling-rhel9@sha256:da64b849bc965960d18250fe15ad3c07a9a648618c546a017d0a1c843e623d4a_amd64 as a component of Red Hat Web Terminal 1.11",
"product_id": "Red Hat Web Terminal 1.11:registry.redhat.io/web-terminal/web-terminal-tooling-rhel9@sha256:da64b849bc965960d18250fe15ad3c07a9a648618c546a017d0a1c843e623d4a_amd64"
},
"product_reference": "registry.redhat.io/web-terminal/web-terminal-tooling-rhel9@sha256:da64b849bc965960d18250fe15ad3c07a9a648618c546a017d0a1c843e623d4a_amd64",
"relates_to_product_reference": "Red Hat Web Terminal 1.11"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-61726",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-01-28T20:01:42.791305+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Web Terminal 1.11:registry.redhat.io/web-terminal/web-terminal-operator-bundle@sha256:02e55ec3e1891323a0a33432610bd6a1d792aa4a3d3d74419c862cd22b4d012c_amd64",
"Red Hat Web Terminal 1.11:registry.redhat.io/web-terminal/web-terminal-tooling-rhel9@sha256:da64b849bc965960d18250fe15ad3c07a9a648618c546a017d0a1c843e623d4a_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2434432"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted HTTP request containing a massive number of query parameters will cause the application to consume an excessive amount of memory, eventually causing the application to crash or become unresponsive, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/url: Memory exhaustion in query parameter parsing in net/url",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker must be able to send a specially crafted HTTP request to an application parsing URL-encoded forms with net/url, specifically a request containing a large number of unique query parameters. The request will cause the application to consume an excessive amount of memory and eventually result in a denial of service, with no impact to confidentiality or integrity. Due to this reason, this vulnerability has been rated with an important severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Web Terminal 1.11:registry.redhat.io/web-terminal/web-terminal-exec-rhel9@sha256:3f023579aeb7ef51b78419eadc9a5336ad13d22d437566f57f134ffe8b195a44_amd64",
"Red Hat Web Terminal 1.11:registry.redhat.io/web-terminal/web-terminal-rhel9-operator@sha256:4a962859025e5e34351919c61cd8b62c31117ee85810675ef9a2f9e13f805395_amd64"
],
"known_not_affected": [
"Red Hat Web Terminal 1.11:registry.redhat.io/web-terminal/web-terminal-operator-bundle@sha256:02e55ec3e1891323a0a33432610bd6a1d792aa4a3d3d74419c862cd22b4d012c_amd64",
"Red Hat Web Terminal 1.11:registry.redhat.io/web-terminal/web-terminal-tooling-rhel9@sha256:da64b849bc965960d18250fe15ad3c07a9a648618c546a017d0a1c843e623d4a_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61726"
},
{
"category": "external",
"summary": "RHBZ#2434432",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2434432"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61726",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61726"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726"
},
{
"category": "external",
"summary": "https://go.dev/cl/736712",
"url": "https://go.dev/cl/736712"
},
{
"category": "external",
"summary": "https://go.dev/issue/77101",
"url": "https://go.dev/issue/77101"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc",
"url": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4341",
"url": "https://pkg.go.dev/vuln/GO-2026-4341"
}
],
"release_date": "2026-01-28T19:30:31.215000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-23T20:17:23+00:00",
"details": "To start using the Web Terminal Operator, install the Web Terminal Operator from OpenShift OperatorHub on OpenShift Container Platform 4.16 or higher.",
"product_ids": [
"Red Hat Web Terminal 1.11:registry.redhat.io/web-terminal/web-terminal-exec-rhel9@sha256:3f023579aeb7ef51b78419eadc9a5336ad13d22d437566f57f134ffe8b195a44_amd64",
"Red Hat Web Terminal 1.11:registry.redhat.io/web-terminal/web-terminal-rhel9-operator@sha256:4a962859025e5e34351919c61cd8b62c31117ee85810675ef9a2f9e13f805395_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:10250"
},
{
"category": "workaround",
"details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.",
"product_ids": [
"Red Hat Web Terminal 1.11:registry.redhat.io/web-terminal/web-terminal-exec-rhel9@sha256:3f023579aeb7ef51b78419eadc9a5336ad13d22d437566f57f134ffe8b195a44_amd64",
"Red Hat Web Terminal 1.11:registry.redhat.io/web-terminal/web-terminal-operator-bundle@sha256:02e55ec3e1891323a0a33432610bd6a1d792aa4a3d3d74419c862cd22b4d012c_amd64",
"Red Hat Web Terminal 1.11:registry.redhat.io/web-terminal/web-terminal-rhel9-operator@sha256:4a962859025e5e34351919c61cd8b62c31117ee85810675ef9a2f9e13f805395_amd64",
"Red Hat Web Terminal 1.11:registry.redhat.io/web-terminal/web-terminal-tooling-rhel9@sha256:da64b849bc965960d18250fe15ad3c07a9a648618c546a017d0a1c843e623d4a_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Web Terminal 1.11:registry.redhat.io/web-terminal/web-terminal-exec-rhel9@sha256:3f023579aeb7ef51b78419eadc9a5336ad13d22d437566f57f134ffe8b195a44_amd64",
"Red Hat Web Terminal 1.11:registry.redhat.io/web-terminal/web-terminal-operator-bundle@sha256:02e55ec3e1891323a0a33432610bd6a1d792aa4a3d3d74419c862cd22b4d012c_amd64",
"Red Hat Web Terminal 1.11:registry.redhat.io/web-terminal/web-terminal-rhel9-operator@sha256:4a962859025e5e34351919c61cd8b62c31117ee85810675ef9a2f9e13f805395_amd64",
"Red Hat Web Terminal 1.11:registry.redhat.io/web-terminal/web-terminal-tooling-rhel9@sha256:da64b849bc965960d18250fe15ad3c07a9a648618c546a017d0a1c843e623d4a_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang: net/url: Memory exhaustion in query parameter parsing in net/url"
},
{
"cve": "CVE-2025-61729",
"cwe": {
"id": "CWE-1050",
"name": "Excessive Platform Resource Consumption within a Loop"
},
"discovery_date": "2025-12-02T20:01:45.330964+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Web Terminal 1.11:registry.redhat.io/web-terminal/web-terminal-operator-bundle@sha256:02e55ec3e1891323a0a33432610bd6a1d792aa4a3d3d74419c862cd22b4d012c_amd64",
"Red Hat Web Terminal 1.11:registry.redhat.io/web-terminal/web-terminal-rhel9-operator@sha256:4a962859025e5e34351919c61cd8b62c31117ee85810675ef9a2f9e13f805395_amd64",
"Red Hat Web Terminal 1.11:registry.redhat.io/web-terminal/web-terminal-tooling-rhel9@sha256:da64b849bc965960d18250fe15ad3c07a9a648618c546a017d0a1c843e623d4a_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2418462"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the `HostnameError.Error()` function. This flaw, caused by unbounded string concatenation, leads to excessive resource consumption. Successful exploitation can result in a denial of service (DoS) for the affected system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Web Terminal 1.11:registry.redhat.io/web-terminal/web-terminal-exec-rhel9@sha256:3f023579aeb7ef51b78419eadc9a5336ad13d22d437566f57f134ffe8b195a44_amd64"
],
"known_not_affected": [
"Red Hat Web Terminal 1.11:registry.redhat.io/web-terminal/web-terminal-operator-bundle@sha256:02e55ec3e1891323a0a33432610bd6a1d792aa4a3d3d74419c862cd22b4d012c_amd64",
"Red Hat Web Terminal 1.11:registry.redhat.io/web-terminal/web-terminal-rhel9-operator@sha256:4a962859025e5e34351919c61cd8b62c31117ee85810675ef9a2f9e13f805395_amd64",
"Red Hat Web Terminal 1.11:registry.redhat.io/web-terminal/web-terminal-tooling-rhel9@sha256:da64b849bc965960d18250fe15ad3c07a9a648618c546a017d0a1c843e623d4a_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61729"
},
{
"category": "external",
"summary": "RHBZ#2418462",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418462"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61729",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61729"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61729",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61729"
},
{
"category": "external",
"summary": "https://go.dev/cl/725920",
"url": "https://go.dev/cl/725920"
},
{
"category": "external",
"summary": "https://go.dev/issue/76445",
"url": "https://go.dev/issue/76445"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4",
"url": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-4155",
"url": "https://pkg.go.dev/vuln/GO-2025-4155"
}
],
"release_date": "2025-12-02T18:54:10.166000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-23T20:17:23+00:00",
"details": "To start using the Web Terminal Operator, install the Web Terminal Operator from OpenShift OperatorHub on OpenShift Container Platform 4.16 or higher.",
"product_ids": [
"Red Hat Web Terminal 1.11:registry.redhat.io/web-terminal/web-terminal-exec-rhel9@sha256:3f023579aeb7ef51b78419eadc9a5336ad13d22d437566f57f134ffe8b195a44_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:10250"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Web Terminal 1.11:registry.redhat.io/web-terminal/web-terminal-exec-rhel9@sha256:3f023579aeb7ef51b78419eadc9a5336ad13d22d437566f57f134ffe8b195a44_amd64",
"Red Hat Web Terminal 1.11:registry.redhat.io/web-terminal/web-terminal-operator-bundle@sha256:02e55ec3e1891323a0a33432610bd6a1d792aa4a3d3d74419c862cd22b4d012c_amd64",
"Red Hat Web Terminal 1.11:registry.redhat.io/web-terminal/web-terminal-rhel9-operator@sha256:4a962859025e5e34351919c61cd8b62c31117ee85810675ef9a2f9e13f805395_amd64",
"Red Hat Web Terminal 1.11:registry.redhat.io/web-terminal/web-terminal-tooling-rhel9@sha256:da64b849bc965960d18250fe15ad3c07a9a648618c546a017d0a1c843e623d4a_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate"
},
{
"cve": "CVE-2025-68121",
"discovery_date": "2026-02-05T18:01:30.086058+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Web Terminal 1.11:registry.redhat.io/web-terminal/web-terminal-operator-bundle@sha256:02e55ec3e1891323a0a33432610bd6a1d792aa4a3d3d74419c862cd22b4d012c_amd64",
"Red Hat Web Terminal 1.11:registry.redhat.io/web-terminal/web-terminal-rhel9-operator@sha256:4a962859025e5e34351919c61cd8b62c31117ee85810675ef9a2f9e13f805395_amd64",
"Red Hat Web Terminal 1.11:registry.redhat.io/web-terminal/web-terminal-tooling-rhel9@sha256:da64b849bc965960d18250fe15ad3c07a9a648618c546a017d0a1c843e623d4a_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2437111"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the crypto/tls component. This vulnerability occurs during Transport Layer Security (TLS) session resumption when certificate authority (CA) settings are modified between the initial and resumed handshakes. An attacker could exploit this to bypass certificate validation, allowing a client or server to establish a connection that should have been rejected. This could lead to an authentication bypass under specific conditions.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is a moderate flaw because it only occurs under specific conditions, such as TLS session resumption with runtime changes to certificate authority settings. Exploitation is not straightforward and requires a controlled setup. The impact is limited to certificate validation within the same component and does not affect system availability.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Web Terminal 1.11:registry.redhat.io/web-terminal/web-terminal-exec-rhel9@sha256:3f023579aeb7ef51b78419eadc9a5336ad13d22d437566f57f134ffe8b195a44_amd64"
],
"known_not_affected": [
"Red Hat Web Terminal 1.11:registry.redhat.io/web-terminal/web-terminal-operator-bundle@sha256:02e55ec3e1891323a0a33432610bd6a1d792aa4a3d3d74419c862cd22b4d012c_amd64",
"Red Hat Web Terminal 1.11:registry.redhat.io/web-terminal/web-terminal-rhel9-operator@sha256:4a962859025e5e34351919c61cd8b62c31117ee85810675ef9a2f9e13f805395_amd64",
"Red Hat Web Terminal 1.11:registry.redhat.io/web-terminal/web-terminal-tooling-rhel9@sha256:da64b849bc965960d18250fe15ad3c07a9a648618c546a017d0a1c843e623d4a_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-68121"
},
{
"category": "external",
"summary": "RHBZ#2437111",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2437111"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-68121",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68121"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-68121",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68121"
},
{
"category": "external",
"summary": "https://go.dev/cl/737700",
"url": "https://go.dev/cl/737700"
},
{
"category": "external",
"summary": "https://go.dev/issue/77217",
"url": "https://go.dev/issue/77217"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk",
"url": "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4337",
"url": "https://pkg.go.dev/vuln/GO-2026-4337"
}
],
"release_date": "2026-02-05T17:48:44.141000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-23T20:17:23+00:00",
"details": "To start using the Web Terminal Operator, install the Web Terminal Operator from OpenShift OperatorHub on OpenShift Container Platform 4.16 or higher.",
"product_ids": [
"Red Hat Web Terminal 1.11:registry.redhat.io/web-terminal/web-terminal-exec-rhel9@sha256:3f023579aeb7ef51b78419eadc9a5336ad13d22d437566f57f134ffe8b195a44_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:10250"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Web Terminal 1.11:registry.redhat.io/web-terminal/web-terminal-exec-rhel9@sha256:3f023579aeb7ef51b78419eadc9a5336ad13d22d437566f57f134ffe8b195a44_amd64",
"Red Hat Web Terminal 1.11:registry.redhat.io/web-terminal/web-terminal-operator-bundle@sha256:02e55ec3e1891323a0a33432610bd6a1d792aa4a3d3d74419c862cd22b4d012c_amd64",
"Red Hat Web Terminal 1.11:registry.redhat.io/web-terminal/web-terminal-rhel9-operator@sha256:4a962859025e5e34351919c61cd8b62c31117ee85810675ef9a2f9e13f805395_amd64",
"Red Hat Web Terminal 1.11:registry.redhat.io/web-terminal/web-terminal-tooling-rhel9@sha256:da64b849bc965960d18250fe15ad3c07a9a648618c546a017d0a1c843e623d4a_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption"
},
{
"cve": "CVE-2026-25679",
"cwe": {
"id": "CWE-1286",
"name": "Improper Validation of Syntactic Correctness of Input"
},
"discovery_date": "2026-03-06T22:02:11.567841+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Web Terminal 1.11:registry.redhat.io/web-terminal/web-terminal-operator-bundle@sha256:02e55ec3e1891323a0a33432610bd6a1d792aa4a3d3d74419c862cd22b4d012c_amd64",
"Red Hat Web Terminal 1.11:registry.redhat.io/web-terminal/web-terminal-rhel9-operator@sha256:4a962859025e5e34351919c61cd8b62c31117ee85810675ef9a2f9e13f805395_amd64",
"Red Hat Web Terminal 1.11:registry.redhat.io/web-terminal/web-terminal-tooling-rhel9@sha256:da64b849bc965960d18250fe15ad3c07a9a648618c546a017d0a1c843e623d4a_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2445356"
}
],
"notes": [
{
"category": "description",
"text": "The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "net/url: Incorrect parsing of IPv6 host literals in net/url",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Web Terminal 1.11:registry.redhat.io/web-terminal/web-terminal-exec-rhel9@sha256:3f023579aeb7ef51b78419eadc9a5336ad13d22d437566f57f134ffe8b195a44_amd64"
],
"known_not_affected": [
"Red Hat Web Terminal 1.11:registry.redhat.io/web-terminal/web-terminal-operator-bundle@sha256:02e55ec3e1891323a0a33432610bd6a1d792aa4a3d3d74419c862cd22b4d012c_amd64",
"Red Hat Web Terminal 1.11:registry.redhat.io/web-terminal/web-terminal-rhel9-operator@sha256:4a962859025e5e34351919c61cd8b62c31117ee85810675ef9a2f9e13f805395_amd64",
"Red Hat Web Terminal 1.11:registry.redhat.io/web-terminal/web-terminal-tooling-rhel9@sha256:da64b849bc965960d18250fe15ad3c07a9a648618c546a017d0a1c843e623d4a_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-25679"
},
{
"category": "external",
"summary": "RHBZ#2445356",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445356"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-25679",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25679"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-25679",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25679"
},
{
"category": "external",
"summary": "https://go.dev/cl/752180",
"url": "https://go.dev/cl/752180"
},
{
"category": "external",
"summary": "https://go.dev/issue/77578",
"url": "https://go.dev/issue/77578"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk",
"url": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4601",
"url": "https://pkg.go.dev/vuln/GO-2026-4601"
}
],
"release_date": "2026-03-06T21:28:14.211000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-23T20:17:23+00:00",
"details": "To start using the Web Terminal Operator, install the Web Terminal Operator from OpenShift OperatorHub on OpenShift Container Platform 4.16 or higher.",
"product_ids": [
"Red Hat Web Terminal 1.11:registry.redhat.io/web-terminal/web-terminal-exec-rhel9@sha256:3f023579aeb7ef51b78419eadc9a5336ad13d22d437566f57f134ffe8b195a44_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:10250"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Web Terminal 1.11:registry.redhat.io/web-terminal/web-terminal-exec-rhel9@sha256:3f023579aeb7ef51b78419eadc9a5336ad13d22d437566f57f134ffe8b195a44_amd64",
"Red Hat Web Terminal 1.11:registry.redhat.io/web-terminal/web-terminal-operator-bundle@sha256:02e55ec3e1891323a0a33432610bd6a1d792aa4a3d3d74419c862cd22b4d012c_amd64",
"Red Hat Web Terminal 1.11:registry.redhat.io/web-terminal/web-terminal-rhel9-operator@sha256:4a962859025e5e34351919c61cd8b62c31117ee85810675ef9a2f9e13f805395_amd64",
"Red Hat Web Terminal 1.11:registry.redhat.io/web-terminal/web-terminal-tooling-rhel9@sha256:da64b849bc965960d18250fe15ad3c07a9a648618c546a017d0a1c843e623d4a_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Web Terminal 1.11:registry.redhat.io/web-terminal/web-terminal-exec-rhel9@sha256:3f023579aeb7ef51b78419eadc9a5336ad13d22d437566f57f134ffe8b195a44_amd64",
"Red Hat Web Terminal 1.11:registry.redhat.io/web-terminal/web-terminal-operator-bundle@sha256:02e55ec3e1891323a0a33432610bd6a1d792aa4a3d3d74419c862cd22b4d012c_amd64",
"Red Hat Web Terminal 1.11:registry.redhat.io/web-terminal/web-terminal-rhel9-operator@sha256:4a962859025e5e34351919c61cd8b62c31117ee85810675ef9a2f9e13f805395_amd64",
"Red Hat Web Terminal 1.11:registry.redhat.io/web-terminal/web-terminal-tooling-rhel9@sha256:da64b849bc965960d18250fe15ad3c07a9a648618c546a017d0a1c843e623d4a_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "net/url: Incorrect parsing of IPv6 host literals in net/url"
},
{
"cve": "CVE-2026-27137",
"cwe": {
"id": "CWE-295",
"name": "Improper Certificate Validation"
},
"discovery_date": "2026-03-06T22:01:38.859733+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Web Terminal 1.11:registry.redhat.io/web-terminal/web-terminal-operator-bundle@sha256:02e55ec3e1891323a0a33432610bd6a1d792aa4a3d3d74419c862cd22b4d012c_amd64",
"Red Hat Web Terminal 1.11:registry.redhat.io/web-terminal/web-terminal-rhel9-operator@sha256:4a962859025e5e34351919c61cd8b62c31117ee85810675ef9a2f9e13f805395_amd64",
"Red Hat Web Terminal 1.11:registry.redhat.io/web-terminal/web-terminal-tooling-rhel9@sha256:da64b849bc965960d18250fe15ad3c07a9a648618c546a017d0a1c843e623d4a_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2445345"
}
],
"notes": [
{
"category": "description",
"text": "A certificate validation flaw has been discovered in the golang crypto/x509 module. When verifying a certificate chain which contains a certificate containing multiple email address constraints which share common local portions but different domain portions, these constraints will not be properly applied, and only the last constraint will be considered.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: Incorrect enforcement of email constraints in crypto/x509",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Web Terminal 1.11:registry.redhat.io/web-terminal/web-terminal-exec-rhel9@sha256:3f023579aeb7ef51b78419eadc9a5336ad13d22d437566f57f134ffe8b195a44_amd64"
],
"known_not_affected": [
"Red Hat Web Terminal 1.11:registry.redhat.io/web-terminal/web-terminal-operator-bundle@sha256:02e55ec3e1891323a0a33432610bd6a1d792aa4a3d3d74419c862cd22b4d012c_amd64",
"Red Hat Web Terminal 1.11:registry.redhat.io/web-terminal/web-terminal-rhel9-operator@sha256:4a962859025e5e34351919c61cd8b62c31117ee85810675ef9a2f9e13f805395_amd64",
"Red Hat Web Terminal 1.11:registry.redhat.io/web-terminal/web-terminal-tooling-rhel9@sha256:da64b849bc965960d18250fe15ad3c07a9a648618c546a017d0a1c843e623d4a_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-27137"
},
{
"category": "external",
"summary": "RHBZ#2445345",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445345"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-27137",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27137"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-27137",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27137"
},
{
"category": "external",
"summary": "https://go.dev/cl/752182",
"url": "https://go.dev/cl/752182"
},
{
"category": "external",
"summary": "https://go.dev/issue/77952",
"url": "https://go.dev/issue/77952"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk",
"url": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4599",
"url": "https://pkg.go.dev/vuln/GO-2026-4599"
}
],
"release_date": "2026-03-06T21:28:13.748000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-23T20:17:23+00:00",
"details": "To start using the Web Terminal Operator, install the Web Terminal Operator from OpenShift OperatorHub on OpenShift Container Platform 4.16 or higher.",
"product_ids": [
"Red Hat Web Terminal 1.11:registry.redhat.io/web-terminal/web-terminal-exec-rhel9@sha256:3f023579aeb7ef51b78419eadc9a5336ad13d22d437566f57f134ffe8b195a44_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:10250"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Web Terminal 1.11:registry.redhat.io/web-terminal/web-terminal-exec-rhel9@sha256:3f023579aeb7ef51b78419eadc9a5336ad13d22d437566f57f134ffe8b195a44_amd64",
"Red Hat Web Terminal 1.11:registry.redhat.io/web-terminal/web-terminal-operator-bundle@sha256:02e55ec3e1891323a0a33432610bd6a1d792aa4a3d3d74419c862cd22b4d012c_amd64",
"Red Hat Web Terminal 1.11:registry.redhat.io/web-terminal/web-terminal-rhel9-operator@sha256:4a962859025e5e34351919c61cd8b62c31117ee85810675ef9a2f9e13f805395_amd64",
"Red Hat Web Terminal 1.11:registry.redhat.io/web-terminal/web-terminal-tooling-rhel9@sha256:da64b849bc965960d18250fe15ad3c07a9a648618c546a017d0a1c843e623d4a_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Web Terminal 1.11:registry.redhat.io/web-terminal/web-terminal-exec-rhel9@sha256:3f023579aeb7ef51b78419eadc9a5336ad13d22d437566f57f134ffe8b195a44_amd64",
"Red Hat Web Terminal 1.11:registry.redhat.io/web-terminal/web-terminal-operator-bundle@sha256:02e55ec3e1891323a0a33432610bd6a1d792aa4a3d3d74419c862cd22b4d012c_amd64",
"Red Hat Web Terminal 1.11:registry.redhat.io/web-terminal/web-terminal-rhel9-operator@sha256:4a962859025e5e34351919c61cd8b62c31117ee85810675ef9a2f9e13f805395_amd64",
"Red Hat Web Terminal 1.11:registry.redhat.io/web-terminal/web-terminal-tooling-rhel9@sha256:da64b849bc965960d18250fe15ad3c07a9a648618c546a017d0a1c843e623d4a_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crypto/x509: Incorrect enforcement of email constraints in crypto/x509"
}
]
}
RHSA-2026:11331
Vulnerability from csaf_redhat - Published: 2026-04-28 07:19 - Updated: 2026-06-27 19:50Summary
Red Hat Security Advisory: Red Hat OpenShift Builds 1.7.2
Severity
Important
Notes
Topic: Red Hat OpenShift Builds 1.7.2
Details: Releases of Red Hat OpenShift Builds 1.7.2
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in the crypto/tls component. This vulnerability occurs during Transport Layer Security (TLS) session resumption when certificate authority (CA) settings are modified between the initial and resumed handshakes. An attacker could exploit this to bypass certificate validation, allowing a client or server to establish a connection that should have been rejected. This could lead to an authentication bypass under specific conditions.
7.4 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:153f9e059139e6dbaeb2e5166d21bfeec59a59aa5cd8045e11dbfa091479b4bb_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:b2173caa314ae26d2a300f61cfa94031c34fe7676fd007418849212082db3636_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:cd9ada6b38c080eec45e1d053ec305dde2d574899019ffb01a28dbe1dd582912_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:f17eb032f7250aa4a3bb99e2754fa4cb0dbfc9fbbb8c787f70ad30b71b27b5a2_ppc64le | — |
Vendor Fix
fix
|
Known not affected
33 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:5008dcb0428a0837b9abd827963e7008c8e16af8cfcbd432421286fca63fe714_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:5856cba3fe26ab7f756ba93e06caa6e522336ff36ff4c515132a8d35c85a2f64_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:6ddf185f2714d45fab92c831bf32673da55c7a43dbcf1bd22090b203791e03b2_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:eb32b129ea6a10b4aada4313ff11b04c33b99877eea9a5e567245d361d69f140_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:165f6085028f3859f6ede9176d413274ee1a457b72cd9c437795146c20b0722c_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:7a39f26f51bcbb4ef395208db01e2b0ee8b1fe9b15b3701c9c35d8f636f790d9_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:a4d609ff22b610b625a74fffd22883d5debe93c2e0c6ae2bcbbfd8f5f6b2cf12_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:ec02f5f031fefd5a610b69a81be5350f96e54511e2d2c619e8b9fe8f193297b6_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:0070df2a8c7882ae021000c498ead96b19f1bd6819e46657d5898cb71e6ec506_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:4b578a8ef1579d7168b7f0a1b7cebe66213003f8225a86cfdd4c9f24a5e2d871_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:8d6371a5fe374e3bc5c19a930ea712d266fab13a722768204b128bc71e928c97_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:985b19d79b3e54fc8b99b9b0239b74dcf6d0102d3ff0cd5363ae4627069d2ee1_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:2a0a6ea6465a6d165f072ef782a1825cc16ecfb2f8c58d5ec58c1d40d02e5208_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:679b470190ff7a7fc04e283884be4f24d1b0c475d0730fb718f2f45c60551b61_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:9734d0dc0367884e128837b7d02038a3b4136c4865ed3dc90902801393e178b4_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:f5f35702e424cd4e9b768c59d44928844b2d09fbb98d368ae7b54b7ec0771d13_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-operator-bundle@sha256:093834bac2e2f7f01968ef542b9bcbf5fbe530c9f0dd86521825797abb4a33a2_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:190edd3effb60c56c885fc964d3eb48076293e1e43d745c4615ed00ef7daa145_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:382be8775c61942123adac2acec9f48085ebf7fd2b286c20e36a33ea6462baa7_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:5e83175abaef1e3046bac94621a86e036317833c740cdd6d235f1133a1388dd3_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:7173a298b07cbde3cd9ff12ca25f26ccf79b9ff8cfcb35a001c9f8c0b0291436_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:16cf5e33f297c027686d3ba9c6cbb01dba7a39299e2765fe4eaacc892b32f0d1_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:4715242f98234d2018f8317d9a57f63ff23b4d63be96491d55af2a2ef4572261_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:678c8d38900d994c4aa2e23669b7901747028690a4c5e4ba9aced4cbfe22b248_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:b39a2930e310d432a840798f03f7e55b8da42ff16ccda31790f85558d2be2537_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:1d01e27a3cdea6c99a985b877e29629d1c1fb00203f4a90c45db6df7a602e2cc_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:88b38ad10068e0574d2e5934849b98429c69305633b42aa4d19822ede2a6e10d_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:b020334c46f2d7276ba0c3aa8be7951254b197b2da310f0c22d2e16681a6a265_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:f2c222424cd66659ebea6787b6934c2d01d9eeb4f7db03ebfa16ab7b65aeb5b2_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:1a57b53f8642ccb95884687efc251ad52e8ee3e718b55d0f4d21f800dfd3f5fa_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:6234cfecf4dd75b8c4ff1c527ad4eb306d966cfa0170ecdb8ea4bc69c2cdc495_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:779e75a94141db7f8223b9861ba2fa3ba8baf6fa470bb0ab109945d75e20121b_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:e593bebc4e753ac3c4cdd1be05711452dbda6e3b015b37926fa804851bdad6a8_s390x | — |
Threats
Impact
Moderate
The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:153f9e059139e6dbaeb2e5166d21bfeec59a59aa5cd8045e11dbfa091479b4bb_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:b2173caa314ae26d2a300f61cfa94031c34fe7676fd007418849212082db3636_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:cd9ada6b38c080eec45e1d053ec305dde2d574899019ffb01a28dbe1dd582912_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:f17eb032f7250aa4a3bb99e2754fa4cb0dbfc9fbbb8c787f70ad30b71b27b5a2_ppc64le | — |
Vendor Fix
fix
Workaround
|
Known not affected
33 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:5008dcb0428a0837b9abd827963e7008c8e16af8cfcbd432421286fca63fe714_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:5856cba3fe26ab7f756ba93e06caa6e522336ff36ff4c515132a8d35c85a2f64_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:6ddf185f2714d45fab92c831bf32673da55c7a43dbcf1bd22090b203791e03b2_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:eb32b129ea6a10b4aada4313ff11b04c33b99877eea9a5e567245d361d69f140_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:165f6085028f3859f6ede9176d413274ee1a457b72cd9c437795146c20b0722c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:7a39f26f51bcbb4ef395208db01e2b0ee8b1fe9b15b3701c9c35d8f636f790d9_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:a4d609ff22b610b625a74fffd22883d5debe93c2e0c6ae2bcbbfd8f5f6b2cf12_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:ec02f5f031fefd5a610b69a81be5350f96e54511e2d2c619e8b9fe8f193297b6_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:0070df2a8c7882ae021000c498ead96b19f1bd6819e46657d5898cb71e6ec506_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:4b578a8ef1579d7168b7f0a1b7cebe66213003f8225a86cfdd4c9f24a5e2d871_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:8d6371a5fe374e3bc5c19a930ea712d266fab13a722768204b128bc71e928c97_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:985b19d79b3e54fc8b99b9b0239b74dcf6d0102d3ff0cd5363ae4627069d2ee1_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:2a0a6ea6465a6d165f072ef782a1825cc16ecfb2f8c58d5ec58c1d40d02e5208_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:679b470190ff7a7fc04e283884be4f24d1b0c475d0730fb718f2f45c60551b61_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:9734d0dc0367884e128837b7d02038a3b4136c4865ed3dc90902801393e178b4_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:f5f35702e424cd4e9b768c59d44928844b2d09fbb98d368ae7b54b7ec0771d13_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-operator-bundle@sha256:093834bac2e2f7f01968ef542b9bcbf5fbe530c9f0dd86521825797abb4a33a2_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:190edd3effb60c56c885fc964d3eb48076293e1e43d745c4615ed00ef7daa145_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:382be8775c61942123adac2acec9f48085ebf7fd2b286c20e36a33ea6462baa7_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:5e83175abaef1e3046bac94621a86e036317833c740cdd6d235f1133a1388dd3_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:7173a298b07cbde3cd9ff12ca25f26ccf79b9ff8cfcb35a001c9f8c0b0291436_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:16cf5e33f297c027686d3ba9c6cbb01dba7a39299e2765fe4eaacc892b32f0d1_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:4715242f98234d2018f8317d9a57f63ff23b4d63be96491d55af2a2ef4572261_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:678c8d38900d994c4aa2e23669b7901747028690a4c5e4ba9aced4cbfe22b248_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:b39a2930e310d432a840798f03f7e55b8da42ff16ccda31790f85558d2be2537_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:1d01e27a3cdea6c99a985b877e29629d1c1fb00203f4a90c45db6df7a602e2cc_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:88b38ad10068e0574d2e5934849b98429c69305633b42aa4d19822ede2a6e10d_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:b020334c46f2d7276ba0c3aa8be7951254b197b2da310f0c22d2e16681a6a265_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:f2c222424cd66659ebea6787b6934c2d01d9eeb4f7db03ebfa16ab7b65aeb5b2_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:1a57b53f8642ccb95884687efc251ad52e8ee3e718b55d0f4d21f800dfd3f5fa_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:6234cfecf4dd75b8c4ff1c527ad4eb306d966cfa0170ecdb8ea4bc69c2cdc495_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:779e75a94141db7f8223b9861ba2fa3ba8baf6fa470bb0ab109945d75e20121b_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:e593bebc4e753ac3c4cdd1be05711452dbda6e3b015b37926fa804851bdad6a8_s390x | — |
Workaround
|
Threats
Impact
Important
A certificate validation flaw has been discovered in the golang crypto/x509 module. When verifying a certificate chain which contains a certificate containing multiple email address constraints which share common local portions but different domain portions, these constraints will not be properly applied, and only the last constraint will be considered.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:153f9e059139e6dbaeb2e5166d21bfeec59a59aa5cd8045e11dbfa091479b4bb_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:b2173caa314ae26d2a300f61cfa94031c34fe7676fd007418849212082db3636_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:cd9ada6b38c080eec45e1d053ec305dde2d574899019ffb01a28dbe1dd582912_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:f17eb032f7250aa4a3bb99e2754fa4cb0dbfc9fbbb8c787f70ad30b71b27b5a2_ppc64le | — |
Vendor Fix
fix
Workaround
|
Known not affected
33 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:5008dcb0428a0837b9abd827963e7008c8e16af8cfcbd432421286fca63fe714_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:5856cba3fe26ab7f756ba93e06caa6e522336ff36ff4c515132a8d35c85a2f64_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:6ddf185f2714d45fab92c831bf32673da55c7a43dbcf1bd22090b203791e03b2_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:eb32b129ea6a10b4aada4313ff11b04c33b99877eea9a5e567245d361d69f140_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:165f6085028f3859f6ede9176d413274ee1a457b72cd9c437795146c20b0722c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:7a39f26f51bcbb4ef395208db01e2b0ee8b1fe9b15b3701c9c35d8f636f790d9_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:a4d609ff22b610b625a74fffd22883d5debe93c2e0c6ae2bcbbfd8f5f6b2cf12_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:ec02f5f031fefd5a610b69a81be5350f96e54511e2d2c619e8b9fe8f193297b6_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:0070df2a8c7882ae021000c498ead96b19f1bd6819e46657d5898cb71e6ec506_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:4b578a8ef1579d7168b7f0a1b7cebe66213003f8225a86cfdd4c9f24a5e2d871_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:8d6371a5fe374e3bc5c19a930ea712d266fab13a722768204b128bc71e928c97_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:985b19d79b3e54fc8b99b9b0239b74dcf6d0102d3ff0cd5363ae4627069d2ee1_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:2a0a6ea6465a6d165f072ef782a1825cc16ecfb2f8c58d5ec58c1d40d02e5208_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:679b470190ff7a7fc04e283884be4f24d1b0c475d0730fb718f2f45c60551b61_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:9734d0dc0367884e128837b7d02038a3b4136c4865ed3dc90902801393e178b4_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:f5f35702e424cd4e9b768c59d44928844b2d09fbb98d368ae7b54b7ec0771d13_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-operator-bundle@sha256:093834bac2e2f7f01968ef542b9bcbf5fbe530c9f0dd86521825797abb4a33a2_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:190edd3effb60c56c885fc964d3eb48076293e1e43d745c4615ed00ef7daa145_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:382be8775c61942123adac2acec9f48085ebf7fd2b286c20e36a33ea6462baa7_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:5e83175abaef1e3046bac94621a86e036317833c740cdd6d235f1133a1388dd3_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:7173a298b07cbde3cd9ff12ca25f26ccf79b9ff8cfcb35a001c9f8c0b0291436_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:16cf5e33f297c027686d3ba9c6cbb01dba7a39299e2765fe4eaacc892b32f0d1_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:4715242f98234d2018f8317d9a57f63ff23b4d63be96491d55af2a2ef4572261_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:678c8d38900d994c4aa2e23669b7901747028690a4c5e4ba9aced4cbfe22b248_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:b39a2930e310d432a840798f03f7e55b8da42ff16ccda31790f85558d2be2537_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:1d01e27a3cdea6c99a985b877e29629d1c1fb00203f4a90c45db6df7a602e2cc_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:88b38ad10068e0574d2e5934849b98429c69305633b42aa4d19822ede2a6e10d_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:b020334c46f2d7276ba0c3aa8be7951254b197b2da310f0c22d2e16681a6a265_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:f2c222424cd66659ebea6787b6934c2d01d9eeb4f7db03ebfa16ab7b65aeb5b2_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:1a57b53f8642ccb95884687efc251ad52e8ee3e718b55d0f4d21f800dfd3f5fa_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:6234cfecf4dd75b8c4ff1c527ad4eb306d966cfa0170ecdb8ea4bc69c2cdc495_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:779e75a94141db7f8223b9861ba2fa3ba8baf6fa470bb0ab109945d75e20121b_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:e593bebc4e753ac3c4cdd1be05711452dbda6e3b015b37926fa804851bdad6a8_s390x | — |
Workaround
|
Threats
Impact
Important
A flaw was found in gRPC-Go, the Go language implementation of gRPC. This vulnerability, an authorization bypass, is caused by improper input validation of the HTTP/2 `:path` pseudo-header. A remote attacker can exploit this by sending raw HTTP/2 frames with a malformed `:path` that omits the mandatory leading slash. This allows the attacker to bypass defined security policies, potentially leading to unauthorized access to services or information disclosure.
9.1 (Critical)
Affected products
Fixed
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:190edd3effb60c56c885fc964d3eb48076293e1e43d745c4615ed00ef7daa145_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:382be8775c61942123adac2acec9f48085ebf7fd2b286c20e36a33ea6462baa7_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:5e83175abaef1e3046bac94621a86e036317833c740cdd6d235f1133a1388dd3_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:7173a298b07cbde3cd9ff12ca25f26ccf79b9ff8cfcb35a001c9f8c0b0291436_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:16cf5e33f297c027686d3ba9c6cbb01dba7a39299e2765fe4eaacc892b32f0d1_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:4715242f98234d2018f8317d9a57f63ff23b4d63be96491d55af2a2ef4572261_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:678c8d38900d994c4aa2e23669b7901747028690a4c5e4ba9aced4cbfe22b248_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:b39a2930e310d432a840798f03f7e55b8da42ff16ccda31790f85558d2be2537_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:1d01e27a3cdea6c99a985b877e29629d1c1fb00203f4a90c45db6df7a602e2cc_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:88b38ad10068e0574d2e5934849b98429c69305633b42aa4d19822ede2a6e10d_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:b020334c46f2d7276ba0c3aa8be7951254b197b2da310f0c22d2e16681a6a265_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:f2c222424cd66659ebea6787b6934c2d01d9eeb4f7db03ebfa16ab7b65aeb5b2_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
25 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:5008dcb0428a0837b9abd827963e7008c8e16af8cfcbd432421286fca63fe714_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:5856cba3fe26ab7f756ba93e06caa6e522336ff36ff4c515132a8d35c85a2f64_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:6ddf185f2714d45fab92c831bf32673da55c7a43dbcf1bd22090b203791e03b2_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:eb32b129ea6a10b4aada4313ff11b04c33b99877eea9a5e567245d361d69f140_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:165f6085028f3859f6ede9176d413274ee1a457b72cd9c437795146c20b0722c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:7a39f26f51bcbb4ef395208db01e2b0ee8b1fe9b15b3701c9c35d8f636f790d9_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:a4d609ff22b610b625a74fffd22883d5debe93c2e0c6ae2bcbbfd8f5f6b2cf12_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:ec02f5f031fefd5a610b69a81be5350f96e54511e2d2c619e8b9fe8f193297b6_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:0070df2a8c7882ae021000c498ead96b19f1bd6819e46657d5898cb71e6ec506_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:4b578a8ef1579d7168b7f0a1b7cebe66213003f8225a86cfdd4c9f24a5e2d871_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:8d6371a5fe374e3bc5c19a930ea712d266fab13a722768204b128bc71e928c97_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:985b19d79b3e54fc8b99b9b0239b74dcf6d0102d3ff0cd5363ae4627069d2ee1_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:2a0a6ea6465a6d165f072ef782a1825cc16ecfb2f8c58d5ec58c1d40d02e5208_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:679b470190ff7a7fc04e283884be4f24d1b0c475d0730fb718f2f45c60551b61_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:9734d0dc0367884e128837b7d02038a3b4136c4865ed3dc90902801393e178b4_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:f5f35702e424cd4e9b768c59d44928844b2d09fbb98d368ae7b54b7ec0771d13_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-operator-bundle@sha256:093834bac2e2f7f01968ef542b9bcbf5fbe530c9f0dd86521825797abb4a33a2_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:153f9e059139e6dbaeb2e5166d21bfeec59a59aa5cd8045e11dbfa091479b4bb_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:b2173caa314ae26d2a300f61cfa94031c34fe7676fd007418849212082db3636_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:cd9ada6b38c080eec45e1d053ec305dde2d574899019ffb01a28dbe1dd582912_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:f17eb032f7250aa4a3bb99e2754fa4cb0dbfc9fbbb8c787f70ad30b71b27b5a2_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:1a57b53f8642ccb95884687efc251ad52e8ee3e718b55d0f4d21f800dfd3f5fa_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:6234cfecf4dd75b8c4ff1c527ad4eb306d966cfa0170ecdb8ea4bc69c2cdc495_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:779e75a94141db7f8223b9861ba2fa3ba8baf6fa470bb0ab109945d75e20121b_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:e593bebc4e753ac3c4cdd1be05711452dbda6e3b015b37926fa804851bdad6a8_s390x | — |
Workaround
|
Threats
Impact
Important
A flaw was found in Tekton Pipelines, specifically in the Tekton Pipelines git resolver. A tenant with permissions to create ResolutionRequests can exploit a path traversal vulnerability via the `pathInRepo` parameter. This allows the tenant to read arbitrary files from the resolver pod's filesystem, leading to information disclosure, including sensitive ServiceAccount tokens. The contents of these files are returned in a base64-encoded format.
9.6 (Critical)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:190edd3effb60c56c885fc964d3eb48076293e1e43d745c4615ed00ef7daa145_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:382be8775c61942123adac2acec9f48085ebf7fd2b286c20e36a33ea6462baa7_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:5e83175abaef1e3046bac94621a86e036317833c740cdd6d235f1133a1388dd3_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:7173a298b07cbde3cd9ff12ca25f26ccf79b9ff8cfcb35a001c9f8c0b0291436_s390x | — |
Vendor Fix
fix
Workaround
|
Known not affected
33 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:5008dcb0428a0837b9abd827963e7008c8e16af8cfcbd432421286fca63fe714_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:5856cba3fe26ab7f756ba93e06caa6e522336ff36ff4c515132a8d35c85a2f64_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:6ddf185f2714d45fab92c831bf32673da55c7a43dbcf1bd22090b203791e03b2_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:eb32b129ea6a10b4aada4313ff11b04c33b99877eea9a5e567245d361d69f140_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:165f6085028f3859f6ede9176d413274ee1a457b72cd9c437795146c20b0722c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:7a39f26f51bcbb4ef395208db01e2b0ee8b1fe9b15b3701c9c35d8f636f790d9_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:a4d609ff22b610b625a74fffd22883d5debe93c2e0c6ae2bcbbfd8f5f6b2cf12_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:ec02f5f031fefd5a610b69a81be5350f96e54511e2d2c619e8b9fe8f193297b6_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:0070df2a8c7882ae021000c498ead96b19f1bd6819e46657d5898cb71e6ec506_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:4b578a8ef1579d7168b7f0a1b7cebe66213003f8225a86cfdd4c9f24a5e2d871_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:8d6371a5fe374e3bc5c19a930ea712d266fab13a722768204b128bc71e928c97_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:985b19d79b3e54fc8b99b9b0239b74dcf6d0102d3ff0cd5363ae4627069d2ee1_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:2a0a6ea6465a6d165f072ef782a1825cc16ecfb2f8c58d5ec58c1d40d02e5208_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:679b470190ff7a7fc04e283884be4f24d1b0c475d0730fb718f2f45c60551b61_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:9734d0dc0367884e128837b7d02038a3b4136c4865ed3dc90902801393e178b4_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:f5f35702e424cd4e9b768c59d44928844b2d09fbb98d368ae7b54b7ec0771d13_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-operator-bundle@sha256:093834bac2e2f7f01968ef542b9bcbf5fbe530c9f0dd86521825797abb4a33a2_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:16cf5e33f297c027686d3ba9c6cbb01dba7a39299e2765fe4eaacc892b32f0d1_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:4715242f98234d2018f8317d9a57f63ff23b4d63be96491d55af2a2ef4572261_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:678c8d38900d994c4aa2e23669b7901747028690a4c5e4ba9aced4cbfe22b248_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:b39a2930e310d432a840798f03f7e55b8da42ff16ccda31790f85558d2be2537_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:1d01e27a3cdea6c99a985b877e29629d1c1fb00203f4a90c45db6df7a602e2cc_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:88b38ad10068e0574d2e5934849b98429c69305633b42aa4d19822ede2a6e10d_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:b020334c46f2d7276ba0c3aa8be7951254b197b2da310f0c22d2e16681a6a265_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:f2c222424cd66659ebea6787b6934c2d01d9eeb4f7db03ebfa16ab7b65aeb5b2_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:153f9e059139e6dbaeb2e5166d21bfeec59a59aa5cd8045e11dbfa091479b4bb_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:b2173caa314ae26d2a300f61cfa94031c34fe7676fd007418849212082db3636_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:cd9ada6b38c080eec45e1d053ec305dde2d574899019ffb01a28dbe1dd582912_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:f17eb032f7250aa4a3bb99e2754fa4cb0dbfc9fbbb8c787f70ad30b71b27b5a2_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:1a57b53f8642ccb95884687efc251ad52e8ee3e718b55d0f4d21f800dfd3f5fa_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:6234cfecf4dd75b8c4ff1c527ad4eb306d966cfa0170ecdb8ea4bc69c2cdc495_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:779e75a94141db7f8223b9861ba2fa3ba8baf6fa470bb0ab109945d75e20121b_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:e593bebc4e753ac3c4cdd1be05711452dbda6e3b015b37926fa804851bdad6a8_s390x | — |
Workaround
|
Threats
Impact
Important
A flaw was found in the `crypto/x509` package within Go (golang). When verifying a certificate chain, excluded DNS (Domain Name System) constraints are not correctly applied to wildcard DNS Subject Alternative Names (SANs) if the case of the SAN differs from the constraint. This oversight could allow an attacker to bypass certificate validation, potentially leading to the acceptance of a malicious certificate that should have been rejected. This issue specifically impacts the validation of trusted certificate chains.
8.8 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:153f9e059139e6dbaeb2e5166d21bfeec59a59aa5cd8045e11dbfa091479b4bb_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:b2173caa314ae26d2a300f61cfa94031c34fe7676fd007418849212082db3636_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:cd9ada6b38c080eec45e1d053ec305dde2d574899019ffb01a28dbe1dd582912_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:f17eb032f7250aa4a3bb99e2754fa4cb0dbfc9fbbb8c787f70ad30b71b27b5a2_ppc64le | — |
Vendor Fix
fix
|
Known not affected
33 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:5008dcb0428a0837b9abd827963e7008c8e16af8cfcbd432421286fca63fe714_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:5856cba3fe26ab7f756ba93e06caa6e522336ff36ff4c515132a8d35c85a2f64_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:6ddf185f2714d45fab92c831bf32673da55c7a43dbcf1bd22090b203791e03b2_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:eb32b129ea6a10b4aada4313ff11b04c33b99877eea9a5e567245d361d69f140_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:165f6085028f3859f6ede9176d413274ee1a457b72cd9c437795146c20b0722c_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:7a39f26f51bcbb4ef395208db01e2b0ee8b1fe9b15b3701c9c35d8f636f790d9_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:a4d609ff22b610b625a74fffd22883d5debe93c2e0c6ae2bcbbfd8f5f6b2cf12_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:ec02f5f031fefd5a610b69a81be5350f96e54511e2d2c619e8b9fe8f193297b6_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:0070df2a8c7882ae021000c498ead96b19f1bd6819e46657d5898cb71e6ec506_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:4b578a8ef1579d7168b7f0a1b7cebe66213003f8225a86cfdd4c9f24a5e2d871_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:8d6371a5fe374e3bc5c19a930ea712d266fab13a722768204b128bc71e928c97_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:985b19d79b3e54fc8b99b9b0239b74dcf6d0102d3ff0cd5363ae4627069d2ee1_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:2a0a6ea6465a6d165f072ef782a1825cc16ecfb2f8c58d5ec58c1d40d02e5208_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:679b470190ff7a7fc04e283884be4f24d1b0c475d0730fb718f2f45c60551b61_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:9734d0dc0367884e128837b7d02038a3b4136c4865ed3dc90902801393e178b4_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:f5f35702e424cd4e9b768c59d44928844b2d09fbb98d368ae7b54b7ec0771d13_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-operator-bundle@sha256:093834bac2e2f7f01968ef542b9bcbf5fbe530c9f0dd86521825797abb4a33a2_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:190edd3effb60c56c885fc964d3eb48076293e1e43d745c4615ed00ef7daa145_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:382be8775c61942123adac2acec9f48085ebf7fd2b286c20e36a33ea6462baa7_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:5e83175abaef1e3046bac94621a86e036317833c740cdd6d235f1133a1388dd3_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:7173a298b07cbde3cd9ff12ca25f26ccf79b9ff8cfcb35a001c9f8c0b0291436_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:16cf5e33f297c027686d3ba9c6cbb01dba7a39299e2765fe4eaacc892b32f0d1_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:4715242f98234d2018f8317d9a57f63ff23b4d63be96491d55af2a2ef4572261_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:678c8d38900d994c4aa2e23669b7901747028690a4c5e4ba9aced4cbfe22b248_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:b39a2930e310d432a840798f03f7e55b8da42ff16ccda31790f85558d2be2537_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:1d01e27a3cdea6c99a985b877e29629d1c1fb00203f4a90c45db6df7a602e2cc_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:88b38ad10068e0574d2e5934849b98429c69305633b42aa4d19822ede2a6e10d_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:b020334c46f2d7276ba0c3aa8be7951254b197b2da310f0c22d2e16681a6a265_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:f2c222424cd66659ebea6787b6934c2d01d9eeb4f7db03ebfa16ab7b65aeb5b2_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:1a57b53f8642ccb95884687efc251ad52e8ee3e718b55d0f4d21f800dfd3f5fa_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:6234cfecf4dd75b8c4ff1c527ad4eb306d966cfa0170ecdb8ea4bc69c2cdc495_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:779e75a94141db7f8223b9861ba2fa3ba8baf6fa470bb0ab109945d75e20121b_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:e593bebc4e753ac3c4cdd1be05711452dbda6e3b015b37926fa804851bdad6a8_s390x | — |
Threats
Impact
Important
References
58 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat OpenShift Builds 1.7.2",
"title": "Topic"
},
{
"category": "general",
"text": "Releases of Red Hat OpenShift Builds 1.7.2",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:11331",
"url": "https://access.redhat.com/errata/RHSA-2026:11331"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-68121",
"url": "https://access.redhat.com/security/cve/CVE-2025-68121"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-25679",
"url": "https://access.redhat.com/security/cve/CVE-2026-25679"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-27137",
"url": "https://access.redhat.com/security/cve/CVE-2026-27137"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-33186",
"url": "https://access.redhat.com/security/cve/CVE-2026-33186"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-33211",
"url": "https://access.redhat.com/security/cve/CVE-2026-33211"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-33810",
"url": "https://access.redhat.com/security/cve/CVE-2026-33810"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "external",
"summary": "https://docs.redhat.com/en/documentation/builds_for_red_hat_openshift/1.7",
"url": "https://docs.redhat.com/en/documentation/builds_for_red_hat_openshift/1.7"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_11331.json"
}
],
"title": "Red Hat Security Advisory: Red Hat OpenShift Builds 1.7.2",
"tracking": {
"current_release_date": "2026-06-27T19:50:10+00:00",
"generator": {
"date": "2026-06-27T19:50:10+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.2.6"
}
},
"id": "RHSA-2026:11331",
"initial_release_date": "2026-04-28T07:19:47+00:00",
"revision_history": [
{
"date": "2026-04-28T07:19:47+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-04-28T07:20:00+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-27T19:50:10+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift Builds 1.7.3",
"product": {
"name": "Red Hat OpenShift Builds 1.7.3",
"product_id": "Red Hat OpenShift Builds 1.7.3",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift_builds:1.7::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Builds"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:5008dcb0428a0837b9abd827963e7008c8e16af8cfcbd432421286fca63fe714_amd64",
"product": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:5008dcb0428a0837b9abd827963e7008c8e16af8cfcbd432421286fca63fe714_amd64",
"product_id": "registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:5008dcb0428a0837b9abd827963e7008c8e16af8cfcbd432421286fca63fe714_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-builds-controller-rhel9@sha256%3A5008dcb0428a0837b9abd827963e7008c8e16af8cfcbd432421286fca63fe714?arch=amd64\u0026repository_url=registry.redhat.io/openshift-builds\u0026tag=1776846689"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:165f6085028f3859f6ede9176d413274ee1a457b72cd9c437795146c20b0722c_amd64",
"product": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:165f6085028f3859f6ede9176d413274ee1a457b72cd9c437795146c20b0722c_amd64",
"product_id": "registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:165f6085028f3859f6ede9176d413274ee1a457b72cd9c437795146c20b0722c_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-builds-git-cloner-rhel9@sha256%3A165f6085028f3859f6ede9176d413274ee1a457b72cd9c437795146c20b0722c?arch=amd64\u0026repository_url=registry.redhat.io/openshift-builds\u0026tag=1776847166"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:985b19d79b3e54fc8b99b9b0239b74dcf6d0102d3ff0cd5363ae4627069d2ee1_amd64",
"product": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:985b19d79b3e54fc8b99b9b0239b74dcf6d0102d3ff0cd5363ae4627069d2ee1_amd64",
"product_id": "registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:985b19d79b3e54fc8b99b9b0239b74dcf6d0102d3ff0cd5363ae4627069d2ee1_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-builds-image-bundler-rhel9@sha256%3A985b19d79b3e54fc8b99b9b0239b74dcf6d0102d3ff0cd5363ae4627069d2ee1?arch=amd64\u0026repository_url=registry.redhat.io/openshift-builds\u0026tag=1776846372"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:f5f35702e424cd4e9b768c59d44928844b2d09fbb98d368ae7b54b7ec0771d13_amd64",
"product": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:f5f35702e424cd4e9b768c59d44928844b2d09fbb98d368ae7b54b7ec0771d13_amd64",
"product_id": "registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:f5f35702e424cd4e9b768c59d44928844b2d09fbb98d368ae7b54b7ec0771d13_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-builds-image-processing-rhel9@sha256%3Af5f35702e424cd4e9b768c59d44928844b2d09fbb98d368ae7b54b7ec0771d13?arch=amd64\u0026repository_url=registry.redhat.io/openshift-builds\u0026tag=1776849396"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:5e83175abaef1e3046bac94621a86e036317833c740cdd6d235f1133a1388dd3_amd64",
"product": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:5e83175abaef1e3046bac94621a86e036317833c740cdd6d235f1133a1388dd3_amd64",
"product_id": "registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:5e83175abaef1e3046bac94621a86e036317833c740cdd6d235f1133a1388dd3_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-builds-rhel9-operator@sha256%3A5e83175abaef1e3046bac94621a86e036317833c740cdd6d235f1133a1388dd3?arch=amd64\u0026repository_url=registry.redhat.io/openshift-builds\u0026tag=1776860241"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-builds/openshift-builds-operator-bundle@sha256:093834bac2e2f7f01968ef542b9bcbf5fbe530c9f0dd86521825797abb4a33a2_amd64",
"product": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-operator-bundle@sha256:093834bac2e2f7f01968ef542b9bcbf5fbe530c9f0dd86521825797abb4a33a2_amd64",
"product_id": "registry.redhat.io/openshift-builds/openshift-builds-operator-bundle@sha256:093834bac2e2f7f01968ef542b9bcbf5fbe530c9f0dd86521825797abb4a33a2_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-builds-operator-bundle@sha256%3A093834bac2e2f7f01968ef542b9bcbf5fbe530c9f0dd86521825797abb4a33a2?arch=amd64\u0026repository_url=registry.redhat.io/openshift-builds\u0026tag=1776937971"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:16cf5e33f297c027686d3ba9c6cbb01dba7a39299e2765fe4eaacc892b32f0d1_amd64",
"product": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:16cf5e33f297c027686d3ba9c6cbb01dba7a39299e2765fe4eaacc892b32f0d1_amd64",
"product_id": "registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:16cf5e33f297c027686d3ba9c6cbb01dba7a39299e2765fe4eaacc892b32f0d1_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-builds-shared-resource-rhel9@sha256%3A16cf5e33f297c027686d3ba9c6cbb01dba7a39299e2765fe4eaacc892b32f0d1?arch=amd64\u0026repository_url=registry.redhat.io/openshift-builds\u0026tag=1776851459"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:f2c222424cd66659ebea6787b6934c2d01d9eeb4f7db03ebfa16ab7b65aeb5b2_amd64",
"product": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:f2c222424cd66659ebea6787b6934c2d01d9eeb4f7db03ebfa16ab7b65aeb5b2_amd64",
"product_id": "registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:f2c222424cd66659ebea6787b6934c2d01d9eeb4f7db03ebfa16ab7b65aeb5b2_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-builds-shared-resource-webhook-rhel9@sha256%3Af2c222424cd66659ebea6787b6934c2d01d9eeb4f7db03ebfa16ab7b65aeb5b2?arch=amd64\u0026repository_url=registry.redhat.io/openshift-builds\u0026tag=1776852111"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:153f9e059139e6dbaeb2e5166d21bfeec59a59aa5cd8045e11dbfa091479b4bb_amd64",
"product": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:153f9e059139e6dbaeb2e5166d21bfeec59a59aa5cd8045e11dbfa091479b4bb_amd64",
"product_id": "registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:153f9e059139e6dbaeb2e5166d21bfeec59a59aa5cd8045e11dbfa091479b4bb_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-builds-waiters-rhel9@sha256%3A153f9e059139e6dbaeb2e5166d21bfeec59a59aa5cd8045e11dbfa091479b4bb?arch=amd64\u0026repository_url=registry.redhat.io/openshift-builds\u0026tag=1776846936"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:6234cfecf4dd75b8c4ff1c527ad4eb306d966cfa0170ecdb8ea4bc69c2cdc495_amd64",
"product": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:6234cfecf4dd75b8c4ff1c527ad4eb306d966cfa0170ecdb8ea4bc69c2cdc495_amd64",
"product_id": "registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:6234cfecf4dd75b8c4ff1c527ad4eb306d966cfa0170ecdb8ea4bc69c2cdc495_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-builds-webhook-rhel9@sha256%3A6234cfecf4dd75b8c4ff1c527ad4eb306d966cfa0170ecdb8ea4bc69c2cdc495?arch=amd64\u0026repository_url=registry.redhat.io/openshift-builds\u0026tag=1776846493"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:eb32b129ea6a10b4aada4313ff11b04c33b99877eea9a5e567245d361d69f140_arm64",
"product": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:eb32b129ea6a10b4aada4313ff11b04c33b99877eea9a5e567245d361d69f140_arm64",
"product_id": "registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:eb32b129ea6a10b4aada4313ff11b04c33b99877eea9a5e567245d361d69f140_arm64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-builds-controller-rhel9@sha256%3Aeb32b129ea6a10b4aada4313ff11b04c33b99877eea9a5e567245d361d69f140?arch=arm64\u0026repository_url=registry.redhat.io/openshift-builds\u0026tag=1776846689"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:7a39f26f51bcbb4ef395208db01e2b0ee8b1fe9b15b3701c9c35d8f636f790d9_arm64",
"product": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:7a39f26f51bcbb4ef395208db01e2b0ee8b1fe9b15b3701c9c35d8f636f790d9_arm64",
"product_id": "registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:7a39f26f51bcbb4ef395208db01e2b0ee8b1fe9b15b3701c9c35d8f636f790d9_arm64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-builds-git-cloner-rhel9@sha256%3A7a39f26f51bcbb4ef395208db01e2b0ee8b1fe9b15b3701c9c35d8f636f790d9?arch=arm64\u0026repository_url=registry.redhat.io/openshift-builds\u0026tag=1776847166"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:0070df2a8c7882ae021000c498ead96b19f1bd6819e46657d5898cb71e6ec506_arm64",
"product": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:0070df2a8c7882ae021000c498ead96b19f1bd6819e46657d5898cb71e6ec506_arm64",
"product_id": "registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:0070df2a8c7882ae021000c498ead96b19f1bd6819e46657d5898cb71e6ec506_arm64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-builds-image-bundler-rhel9@sha256%3A0070df2a8c7882ae021000c498ead96b19f1bd6819e46657d5898cb71e6ec506?arch=arm64\u0026repository_url=registry.redhat.io/openshift-builds\u0026tag=1776846372"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:2a0a6ea6465a6d165f072ef782a1825cc16ecfb2f8c58d5ec58c1d40d02e5208_arm64",
"product": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:2a0a6ea6465a6d165f072ef782a1825cc16ecfb2f8c58d5ec58c1d40d02e5208_arm64",
"product_id": "registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:2a0a6ea6465a6d165f072ef782a1825cc16ecfb2f8c58d5ec58c1d40d02e5208_arm64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-builds-image-processing-rhel9@sha256%3A2a0a6ea6465a6d165f072ef782a1825cc16ecfb2f8c58d5ec58c1d40d02e5208?arch=arm64\u0026repository_url=registry.redhat.io/openshift-builds\u0026tag=1776849396"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:382be8775c61942123adac2acec9f48085ebf7fd2b286c20e36a33ea6462baa7_arm64",
"product": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:382be8775c61942123adac2acec9f48085ebf7fd2b286c20e36a33ea6462baa7_arm64",
"product_id": "registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:382be8775c61942123adac2acec9f48085ebf7fd2b286c20e36a33ea6462baa7_arm64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-builds-rhel9-operator@sha256%3A382be8775c61942123adac2acec9f48085ebf7fd2b286c20e36a33ea6462baa7?arch=arm64\u0026repository_url=registry.redhat.io/openshift-builds\u0026tag=1776860241"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:4715242f98234d2018f8317d9a57f63ff23b4d63be96491d55af2a2ef4572261_arm64",
"product": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:4715242f98234d2018f8317d9a57f63ff23b4d63be96491d55af2a2ef4572261_arm64",
"product_id": "registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:4715242f98234d2018f8317d9a57f63ff23b4d63be96491d55af2a2ef4572261_arm64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-builds-shared-resource-rhel9@sha256%3A4715242f98234d2018f8317d9a57f63ff23b4d63be96491d55af2a2ef4572261?arch=arm64\u0026repository_url=registry.redhat.io/openshift-builds\u0026tag=1776851459"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:b020334c46f2d7276ba0c3aa8be7951254b197b2da310f0c22d2e16681a6a265_arm64",
"product": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:b020334c46f2d7276ba0c3aa8be7951254b197b2da310f0c22d2e16681a6a265_arm64",
"product_id": "registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:b020334c46f2d7276ba0c3aa8be7951254b197b2da310f0c22d2e16681a6a265_arm64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-builds-shared-resource-webhook-rhel9@sha256%3Ab020334c46f2d7276ba0c3aa8be7951254b197b2da310f0c22d2e16681a6a265?arch=arm64\u0026repository_url=registry.redhat.io/openshift-builds\u0026tag=1776852111"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:cd9ada6b38c080eec45e1d053ec305dde2d574899019ffb01a28dbe1dd582912_arm64",
"product": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:cd9ada6b38c080eec45e1d053ec305dde2d574899019ffb01a28dbe1dd582912_arm64",
"product_id": "registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:cd9ada6b38c080eec45e1d053ec305dde2d574899019ffb01a28dbe1dd582912_arm64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-builds-waiters-rhel9@sha256%3Acd9ada6b38c080eec45e1d053ec305dde2d574899019ffb01a28dbe1dd582912?arch=arm64\u0026repository_url=registry.redhat.io/openshift-builds\u0026tag=1776846936"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:1a57b53f8642ccb95884687efc251ad52e8ee3e718b55d0f4d21f800dfd3f5fa_arm64",
"product": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:1a57b53f8642ccb95884687efc251ad52e8ee3e718b55d0f4d21f800dfd3f5fa_arm64",
"product_id": "registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:1a57b53f8642ccb95884687efc251ad52e8ee3e718b55d0f4d21f800dfd3f5fa_arm64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-builds-webhook-rhel9@sha256%3A1a57b53f8642ccb95884687efc251ad52e8ee3e718b55d0f4d21f800dfd3f5fa?arch=arm64\u0026repository_url=registry.redhat.io/openshift-builds\u0026tag=1776846493"
}
}
}
],
"category": "architecture",
"name": "arm64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:6ddf185f2714d45fab92c831bf32673da55c7a43dbcf1bd22090b203791e03b2_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:6ddf185f2714d45fab92c831bf32673da55c7a43dbcf1bd22090b203791e03b2_ppc64le",
"product_id": "registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:6ddf185f2714d45fab92c831bf32673da55c7a43dbcf1bd22090b203791e03b2_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/openshift-builds-controller-rhel9@sha256%3A6ddf185f2714d45fab92c831bf32673da55c7a43dbcf1bd22090b203791e03b2?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-builds\u0026tag=1776846689"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:ec02f5f031fefd5a610b69a81be5350f96e54511e2d2c619e8b9fe8f193297b6_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:ec02f5f031fefd5a610b69a81be5350f96e54511e2d2c619e8b9fe8f193297b6_ppc64le",
"product_id": "registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:ec02f5f031fefd5a610b69a81be5350f96e54511e2d2c619e8b9fe8f193297b6_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/openshift-builds-git-cloner-rhel9@sha256%3Aec02f5f031fefd5a610b69a81be5350f96e54511e2d2c619e8b9fe8f193297b6?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-builds\u0026tag=1776847166"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:4b578a8ef1579d7168b7f0a1b7cebe66213003f8225a86cfdd4c9f24a5e2d871_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:4b578a8ef1579d7168b7f0a1b7cebe66213003f8225a86cfdd4c9f24a5e2d871_ppc64le",
"product_id": "registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:4b578a8ef1579d7168b7f0a1b7cebe66213003f8225a86cfdd4c9f24a5e2d871_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/openshift-builds-image-bundler-rhel9@sha256%3A4b578a8ef1579d7168b7f0a1b7cebe66213003f8225a86cfdd4c9f24a5e2d871?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-builds\u0026tag=1776846372"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:9734d0dc0367884e128837b7d02038a3b4136c4865ed3dc90902801393e178b4_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:9734d0dc0367884e128837b7d02038a3b4136c4865ed3dc90902801393e178b4_ppc64le",
"product_id": "registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:9734d0dc0367884e128837b7d02038a3b4136c4865ed3dc90902801393e178b4_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/openshift-builds-image-processing-rhel9@sha256%3A9734d0dc0367884e128837b7d02038a3b4136c4865ed3dc90902801393e178b4?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-builds\u0026tag=1776849396"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:190edd3effb60c56c885fc964d3eb48076293e1e43d745c4615ed00ef7daa145_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:190edd3effb60c56c885fc964d3eb48076293e1e43d745c4615ed00ef7daa145_ppc64le",
"product_id": "registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:190edd3effb60c56c885fc964d3eb48076293e1e43d745c4615ed00ef7daa145_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/openshift-builds-rhel9-operator@sha256%3A190edd3effb60c56c885fc964d3eb48076293e1e43d745c4615ed00ef7daa145?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-builds\u0026tag=1776860241"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:678c8d38900d994c4aa2e23669b7901747028690a4c5e4ba9aced4cbfe22b248_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:678c8d38900d994c4aa2e23669b7901747028690a4c5e4ba9aced4cbfe22b248_ppc64le",
"product_id": "registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:678c8d38900d994c4aa2e23669b7901747028690a4c5e4ba9aced4cbfe22b248_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/openshift-builds-shared-resource-rhel9@sha256%3A678c8d38900d994c4aa2e23669b7901747028690a4c5e4ba9aced4cbfe22b248?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-builds\u0026tag=1776851459"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:88b38ad10068e0574d2e5934849b98429c69305633b42aa4d19822ede2a6e10d_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:88b38ad10068e0574d2e5934849b98429c69305633b42aa4d19822ede2a6e10d_ppc64le",
"product_id": "registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:88b38ad10068e0574d2e5934849b98429c69305633b42aa4d19822ede2a6e10d_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/openshift-builds-shared-resource-webhook-rhel9@sha256%3A88b38ad10068e0574d2e5934849b98429c69305633b42aa4d19822ede2a6e10d?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-builds\u0026tag=1776852111"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:f17eb032f7250aa4a3bb99e2754fa4cb0dbfc9fbbb8c787f70ad30b71b27b5a2_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:f17eb032f7250aa4a3bb99e2754fa4cb0dbfc9fbbb8c787f70ad30b71b27b5a2_ppc64le",
"product_id": "registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:f17eb032f7250aa4a3bb99e2754fa4cb0dbfc9fbbb8c787f70ad30b71b27b5a2_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/openshift-builds-waiters-rhel9@sha256%3Af17eb032f7250aa4a3bb99e2754fa4cb0dbfc9fbbb8c787f70ad30b71b27b5a2?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-builds\u0026tag=1776846936"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:779e75a94141db7f8223b9861ba2fa3ba8baf6fa470bb0ab109945d75e20121b_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:779e75a94141db7f8223b9861ba2fa3ba8baf6fa470bb0ab109945d75e20121b_ppc64le",
"product_id": "registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:779e75a94141db7f8223b9861ba2fa3ba8baf6fa470bb0ab109945d75e20121b_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/openshift-builds-webhook-rhel9@sha256%3A779e75a94141db7f8223b9861ba2fa3ba8baf6fa470bb0ab109945d75e20121b?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-builds\u0026tag=1776846493"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:5856cba3fe26ab7f756ba93e06caa6e522336ff36ff4c515132a8d35c85a2f64_s390x",
"product": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:5856cba3fe26ab7f756ba93e06caa6e522336ff36ff4c515132a8d35c85a2f64_s390x",
"product_id": "registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:5856cba3fe26ab7f756ba93e06caa6e522336ff36ff4c515132a8d35c85a2f64_s390x",
"product_identification_helper": {
"purl": "pkg:oci/openshift-builds-controller-rhel9@sha256%3A5856cba3fe26ab7f756ba93e06caa6e522336ff36ff4c515132a8d35c85a2f64?arch=s390x\u0026repository_url=registry.redhat.io/openshift-builds\u0026tag=1776846689"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:a4d609ff22b610b625a74fffd22883d5debe93c2e0c6ae2bcbbfd8f5f6b2cf12_s390x",
"product": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:a4d609ff22b610b625a74fffd22883d5debe93c2e0c6ae2bcbbfd8f5f6b2cf12_s390x",
"product_id": "registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:a4d609ff22b610b625a74fffd22883d5debe93c2e0c6ae2bcbbfd8f5f6b2cf12_s390x",
"product_identification_helper": {
"purl": "pkg:oci/openshift-builds-git-cloner-rhel9@sha256%3Aa4d609ff22b610b625a74fffd22883d5debe93c2e0c6ae2bcbbfd8f5f6b2cf12?arch=s390x\u0026repository_url=registry.redhat.io/openshift-builds\u0026tag=1776847166"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:8d6371a5fe374e3bc5c19a930ea712d266fab13a722768204b128bc71e928c97_s390x",
"product": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:8d6371a5fe374e3bc5c19a930ea712d266fab13a722768204b128bc71e928c97_s390x",
"product_id": "registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:8d6371a5fe374e3bc5c19a930ea712d266fab13a722768204b128bc71e928c97_s390x",
"product_identification_helper": {
"purl": "pkg:oci/openshift-builds-image-bundler-rhel9@sha256%3A8d6371a5fe374e3bc5c19a930ea712d266fab13a722768204b128bc71e928c97?arch=s390x\u0026repository_url=registry.redhat.io/openshift-builds\u0026tag=1776846372"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:679b470190ff7a7fc04e283884be4f24d1b0c475d0730fb718f2f45c60551b61_s390x",
"product": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:679b470190ff7a7fc04e283884be4f24d1b0c475d0730fb718f2f45c60551b61_s390x",
"product_id": "registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:679b470190ff7a7fc04e283884be4f24d1b0c475d0730fb718f2f45c60551b61_s390x",
"product_identification_helper": {
"purl": "pkg:oci/openshift-builds-image-processing-rhel9@sha256%3A679b470190ff7a7fc04e283884be4f24d1b0c475d0730fb718f2f45c60551b61?arch=s390x\u0026repository_url=registry.redhat.io/openshift-builds\u0026tag=1776849396"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:7173a298b07cbde3cd9ff12ca25f26ccf79b9ff8cfcb35a001c9f8c0b0291436_s390x",
"product": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:7173a298b07cbde3cd9ff12ca25f26ccf79b9ff8cfcb35a001c9f8c0b0291436_s390x",
"product_id": "registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:7173a298b07cbde3cd9ff12ca25f26ccf79b9ff8cfcb35a001c9f8c0b0291436_s390x",
"product_identification_helper": {
"purl": "pkg:oci/openshift-builds-rhel9-operator@sha256%3A7173a298b07cbde3cd9ff12ca25f26ccf79b9ff8cfcb35a001c9f8c0b0291436?arch=s390x\u0026repository_url=registry.redhat.io/openshift-builds\u0026tag=1776860241"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:b39a2930e310d432a840798f03f7e55b8da42ff16ccda31790f85558d2be2537_s390x",
"product": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:b39a2930e310d432a840798f03f7e55b8da42ff16ccda31790f85558d2be2537_s390x",
"product_id": "registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:b39a2930e310d432a840798f03f7e55b8da42ff16ccda31790f85558d2be2537_s390x",
"product_identification_helper": {
"purl": "pkg:oci/openshift-builds-shared-resource-rhel9@sha256%3Ab39a2930e310d432a840798f03f7e55b8da42ff16ccda31790f85558d2be2537?arch=s390x\u0026repository_url=registry.redhat.io/openshift-builds\u0026tag=1776851459"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:1d01e27a3cdea6c99a985b877e29629d1c1fb00203f4a90c45db6df7a602e2cc_s390x",
"product": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:1d01e27a3cdea6c99a985b877e29629d1c1fb00203f4a90c45db6df7a602e2cc_s390x",
"product_id": "registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:1d01e27a3cdea6c99a985b877e29629d1c1fb00203f4a90c45db6df7a602e2cc_s390x",
"product_identification_helper": {
"purl": "pkg:oci/openshift-builds-shared-resource-webhook-rhel9@sha256%3A1d01e27a3cdea6c99a985b877e29629d1c1fb00203f4a90c45db6df7a602e2cc?arch=s390x\u0026repository_url=registry.redhat.io/openshift-builds\u0026tag=1776852111"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:b2173caa314ae26d2a300f61cfa94031c34fe7676fd007418849212082db3636_s390x",
"product": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:b2173caa314ae26d2a300f61cfa94031c34fe7676fd007418849212082db3636_s390x",
"product_id": "registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:b2173caa314ae26d2a300f61cfa94031c34fe7676fd007418849212082db3636_s390x",
"product_identification_helper": {
"purl": "pkg:oci/openshift-builds-waiters-rhel9@sha256%3Ab2173caa314ae26d2a300f61cfa94031c34fe7676fd007418849212082db3636?arch=s390x\u0026repository_url=registry.redhat.io/openshift-builds\u0026tag=1776846936"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:e593bebc4e753ac3c4cdd1be05711452dbda6e3b015b37926fa804851bdad6a8_s390x",
"product": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:e593bebc4e753ac3c4cdd1be05711452dbda6e3b015b37926fa804851bdad6a8_s390x",
"product_id": "registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:e593bebc4e753ac3c4cdd1be05711452dbda6e3b015b37926fa804851bdad6a8_s390x",
"product_identification_helper": {
"purl": "pkg:oci/openshift-builds-webhook-rhel9@sha256%3Ae593bebc4e753ac3c4cdd1be05711452dbda6e3b015b37926fa804851bdad6a8?arch=s390x\u0026repository_url=registry.redhat.io/openshift-builds\u0026tag=1776846493"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:5008dcb0428a0837b9abd827963e7008c8e16af8cfcbd432421286fca63fe714_amd64 as a component of Red Hat OpenShift Builds 1.7.3",
"product_id": "Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:5008dcb0428a0837b9abd827963e7008c8e16af8cfcbd432421286fca63fe714_amd64"
},
"product_reference": "registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:5008dcb0428a0837b9abd827963e7008c8e16af8cfcbd432421286fca63fe714_amd64",
"relates_to_product_reference": "Red Hat OpenShift Builds 1.7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:5856cba3fe26ab7f756ba93e06caa6e522336ff36ff4c515132a8d35c85a2f64_s390x as a component of Red Hat OpenShift Builds 1.7.3",
"product_id": "Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:5856cba3fe26ab7f756ba93e06caa6e522336ff36ff4c515132a8d35c85a2f64_s390x"
},
"product_reference": "registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:5856cba3fe26ab7f756ba93e06caa6e522336ff36ff4c515132a8d35c85a2f64_s390x",
"relates_to_product_reference": "Red Hat OpenShift Builds 1.7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:6ddf185f2714d45fab92c831bf32673da55c7a43dbcf1bd22090b203791e03b2_ppc64le as a component of Red Hat OpenShift Builds 1.7.3",
"product_id": "Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:6ddf185f2714d45fab92c831bf32673da55c7a43dbcf1bd22090b203791e03b2_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:6ddf185f2714d45fab92c831bf32673da55c7a43dbcf1bd22090b203791e03b2_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Builds 1.7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:eb32b129ea6a10b4aada4313ff11b04c33b99877eea9a5e567245d361d69f140_arm64 as a component of Red Hat OpenShift Builds 1.7.3",
"product_id": "Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:eb32b129ea6a10b4aada4313ff11b04c33b99877eea9a5e567245d361d69f140_arm64"
},
"product_reference": "registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:eb32b129ea6a10b4aada4313ff11b04c33b99877eea9a5e567245d361d69f140_arm64",
"relates_to_product_reference": "Red Hat OpenShift Builds 1.7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:165f6085028f3859f6ede9176d413274ee1a457b72cd9c437795146c20b0722c_amd64 as a component of Red Hat OpenShift Builds 1.7.3",
"product_id": "Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:165f6085028f3859f6ede9176d413274ee1a457b72cd9c437795146c20b0722c_amd64"
},
"product_reference": "registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:165f6085028f3859f6ede9176d413274ee1a457b72cd9c437795146c20b0722c_amd64",
"relates_to_product_reference": "Red Hat OpenShift Builds 1.7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:7a39f26f51bcbb4ef395208db01e2b0ee8b1fe9b15b3701c9c35d8f636f790d9_arm64 as a component of Red Hat OpenShift Builds 1.7.3",
"product_id": "Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:7a39f26f51bcbb4ef395208db01e2b0ee8b1fe9b15b3701c9c35d8f636f790d9_arm64"
},
"product_reference": "registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:7a39f26f51bcbb4ef395208db01e2b0ee8b1fe9b15b3701c9c35d8f636f790d9_arm64",
"relates_to_product_reference": "Red Hat OpenShift Builds 1.7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:a4d609ff22b610b625a74fffd22883d5debe93c2e0c6ae2bcbbfd8f5f6b2cf12_s390x as a component of Red Hat OpenShift Builds 1.7.3",
"product_id": "Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:a4d609ff22b610b625a74fffd22883d5debe93c2e0c6ae2bcbbfd8f5f6b2cf12_s390x"
},
"product_reference": "registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:a4d609ff22b610b625a74fffd22883d5debe93c2e0c6ae2bcbbfd8f5f6b2cf12_s390x",
"relates_to_product_reference": "Red Hat OpenShift Builds 1.7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:ec02f5f031fefd5a610b69a81be5350f96e54511e2d2c619e8b9fe8f193297b6_ppc64le as a component of Red Hat OpenShift Builds 1.7.3",
"product_id": "Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:ec02f5f031fefd5a610b69a81be5350f96e54511e2d2c619e8b9fe8f193297b6_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:ec02f5f031fefd5a610b69a81be5350f96e54511e2d2c619e8b9fe8f193297b6_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Builds 1.7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:0070df2a8c7882ae021000c498ead96b19f1bd6819e46657d5898cb71e6ec506_arm64 as a component of Red Hat OpenShift Builds 1.7.3",
"product_id": "Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:0070df2a8c7882ae021000c498ead96b19f1bd6819e46657d5898cb71e6ec506_arm64"
},
"product_reference": "registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:0070df2a8c7882ae021000c498ead96b19f1bd6819e46657d5898cb71e6ec506_arm64",
"relates_to_product_reference": "Red Hat OpenShift Builds 1.7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:4b578a8ef1579d7168b7f0a1b7cebe66213003f8225a86cfdd4c9f24a5e2d871_ppc64le as a component of Red Hat OpenShift Builds 1.7.3",
"product_id": "Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:4b578a8ef1579d7168b7f0a1b7cebe66213003f8225a86cfdd4c9f24a5e2d871_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:4b578a8ef1579d7168b7f0a1b7cebe66213003f8225a86cfdd4c9f24a5e2d871_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Builds 1.7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:8d6371a5fe374e3bc5c19a930ea712d266fab13a722768204b128bc71e928c97_s390x as a component of Red Hat OpenShift Builds 1.7.3",
"product_id": "Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:8d6371a5fe374e3bc5c19a930ea712d266fab13a722768204b128bc71e928c97_s390x"
},
"product_reference": "registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:8d6371a5fe374e3bc5c19a930ea712d266fab13a722768204b128bc71e928c97_s390x",
"relates_to_product_reference": "Red Hat OpenShift Builds 1.7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:985b19d79b3e54fc8b99b9b0239b74dcf6d0102d3ff0cd5363ae4627069d2ee1_amd64 as a component of Red Hat OpenShift Builds 1.7.3",
"product_id": "Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:985b19d79b3e54fc8b99b9b0239b74dcf6d0102d3ff0cd5363ae4627069d2ee1_amd64"
},
"product_reference": "registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:985b19d79b3e54fc8b99b9b0239b74dcf6d0102d3ff0cd5363ae4627069d2ee1_amd64",
"relates_to_product_reference": "Red Hat OpenShift Builds 1.7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:2a0a6ea6465a6d165f072ef782a1825cc16ecfb2f8c58d5ec58c1d40d02e5208_arm64 as a component of Red Hat OpenShift Builds 1.7.3",
"product_id": "Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:2a0a6ea6465a6d165f072ef782a1825cc16ecfb2f8c58d5ec58c1d40d02e5208_arm64"
},
"product_reference": "registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:2a0a6ea6465a6d165f072ef782a1825cc16ecfb2f8c58d5ec58c1d40d02e5208_arm64",
"relates_to_product_reference": "Red Hat OpenShift Builds 1.7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:679b470190ff7a7fc04e283884be4f24d1b0c475d0730fb718f2f45c60551b61_s390x as a component of Red Hat OpenShift Builds 1.7.3",
"product_id": "Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:679b470190ff7a7fc04e283884be4f24d1b0c475d0730fb718f2f45c60551b61_s390x"
},
"product_reference": "registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:679b470190ff7a7fc04e283884be4f24d1b0c475d0730fb718f2f45c60551b61_s390x",
"relates_to_product_reference": "Red Hat OpenShift Builds 1.7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:9734d0dc0367884e128837b7d02038a3b4136c4865ed3dc90902801393e178b4_ppc64le as a component of Red Hat OpenShift Builds 1.7.3",
"product_id": "Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:9734d0dc0367884e128837b7d02038a3b4136c4865ed3dc90902801393e178b4_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:9734d0dc0367884e128837b7d02038a3b4136c4865ed3dc90902801393e178b4_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Builds 1.7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:f5f35702e424cd4e9b768c59d44928844b2d09fbb98d368ae7b54b7ec0771d13_amd64 as a component of Red Hat OpenShift Builds 1.7.3",
"product_id": "Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:f5f35702e424cd4e9b768c59d44928844b2d09fbb98d368ae7b54b7ec0771d13_amd64"
},
"product_reference": "registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:f5f35702e424cd4e9b768c59d44928844b2d09fbb98d368ae7b54b7ec0771d13_amd64",
"relates_to_product_reference": "Red Hat OpenShift Builds 1.7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-operator-bundle@sha256:093834bac2e2f7f01968ef542b9bcbf5fbe530c9f0dd86521825797abb4a33a2_amd64 as a component of Red Hat OpenShift Builds 1.7.3",
"product_id": "Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-operator-bundle@sha256:093834bac2e2f7f01968ef542b9bcbf5fbe530c9f0dd86521825797abb4a33a2_amd64"
},
"product_reference": "registry.redhat.io/openshift-builds/openshift-builds-operator-bundle@sha256:093834bac2e2f7f01968ef542b9bcbf5fbe530c9f0dd86521825797abb4a33a2_amd64",
"relates_to_product_reference": "Red Hat OpenShift Builds 1.7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:190edd3effb60c56c885fc964d3eb48076293e1e43d745c4615ed00ef7daa145_ppc64le as a component of Red Hat OpenShift Builds 1.7.3",
"product_id": "Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:190edd3effb60c56c885fc964d3eb48076293e1e43d745c4615ed00ef7daa145_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:190edd3effb60c56c885fc964d3eb48076293e1e43d745c4615ed00ef7daa145_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Builds 1.7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:382be8775c61942123adac2acec9f48085ebf7fd2b286c20e36a33ea6462baa7_arm64 as a component of Red Hat OpenShift Builds 1.7.3",
"product_id": "Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:382be8775c61942123adac2acec9f48085ebf7fd2b286c20e36a33ea6462baa7_arm64"
},
"product_reference": "registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:382be8775c61942123adac2acec9f48085ebf7fd2b286c20e36a33ea6462baa7_arm64",
"relates_to_product_reference": "Red Hat OpenShift Builds 1.7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:5e83175abaef1e3046bac94621a86e036317833c740cdd6d235f1133a1388dd3_amd64 as a component of Red Hat OpenShift Builds 1.7.3",
"product_id": "Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:5e83175abaef1e3046bac94621a86e036317833c740cdd6d235f1133a1388dd3_amd64"
},
"product_reference": "registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:5e83175abaef1e3046bac94621a86e036317833c740cdd6d235f1133a1388dd3_amd64",
"relates_to_product_reference": "Red Hat OpenShift Builds 1.7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:7173a298b07cbde3cd9ff12ca25f26ccf79b9ff8cfcb35a001c9f8c0b0291436_s390x as a component of Red Hat OpenShift Builds 1.7.3",
"product_id": "Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:7173a298b07cbde3cd9ff12ca25f26ccf79b9ff8cfcb35a001c9f8c0b0291436_s390x"
},
"product_reference": "registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:7173a298b07cbde3cd9ff12ca25f26ccf79b9ff8cfcb35a001c9f8c0b0291436_s390x",
"relates_to_product_reference": "Red Hat OpenShift Builds 1.7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:16cf5e33f297c027686d3ba9c6cbb01dba7a39299e2765fe4eaacc892b32f0d1_amd64 as a component of Red Hat OpenShift Builds 1.7.3",
"product_id": "Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:16cf5e33f297c027686d3ba9c6cbb01dba7a39299e2765fe4eaacc892b32f0d1_amd64"
},
"product_reference": "registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:16cf5e33f297c027686d3ba9c6cbb01dba7a39299e2765fe4eaacc892b32f0d1_amd64",
"relates_to_product_reference": "Red Hat OpenShift Builds 1.7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:4715242f98234d2018f8317d9a57f63ff23b4d63be96491d55af2a2ef4572261_arm64 as a component of Red Hat OpenShift Builds 1.7.3",
"product_id": "Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:4715242f98234d2018f8317d9a57f63ff23b4d63be96491d55af2a2ef4572261_arm64"
},
"product_reference": "registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:4715242f98234d2018f8317d9a57f63ff23b4d63be96491d55af2a2ef4572261_arm64",
"relates_to_product_reference": "Red Hat OpenShift Builds 1.7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:678c8d38900d994c4aa2e23669b7901747028690a4c5e4ba9aced4cbfe22b248_ppc64le as a component of Red Hat OpenShift Builds 1.7.3",
"product_id": "Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:678c8d38900d994c4aa2e23669b7901747028690a4c5e4ba9aced4cbfe22b248_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:678c8d38900d994c4aa2e23669b7901747028690a4c5e4ba9aced4cbfe22b248_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Builds 1.7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:b39a2930e310d432a840798f03f7e55b8da42ff16ccda31790f85558d2be2537_s390x as a component of Red Hat OpenShift Builds 1.7.3",
"product_id": "Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:b39a2930e310d432a840798f03f7e55b8da42ff16ccda31790f85558d2be2537_s390x"
},
"product_reference": "registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:b39a2930e310d432a840798f03f7e55b8da42ff16ccda31790f85558d2be2537_s390x",
"relates_to_product_reference": "Red Hat OpenShift Builds 1.7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:1d01e27a3cdea6c99a985b877e29629d1c1fb00203f4a90c45db6df7a602e2cc_s390x as a component of Red Hat OpenShift Builds 1.7.3",
"product_id": "Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:1d01e27a3cdea6c99a985b877e29629d1c1fb00203f4a90c45db6df7a602e2cc_s390x"
},
"product_reference": "registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:1d01e27a3cdea6c99a985b877e29629d1c1fb00203f4a90c45db6df7a602e2cc_s390x",
"relates_to_product_reference": "Red Hat OpenShift Builds 1.7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:88b38ad10068e0574d2e5934849b98429c69305633b42aa4d19822ede2a6e10d_ppc64le as a component of Red Hat OpenShift Builds 1.7.3",
"product_id": "Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:88b38ad10068e0574d2e5934849b98429c69305633b42aa4d19822ede2a6e10d_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:88b38ad10068e0574d2e5934849b98429c69305633b42aa4d19822ede2a6e10d_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Builds 1.7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:b020334c46f2d7276ba0c3aa8be7951254b197b2da310f0c22d2e16681a6a265_arm64 as a component of Red Hat OpenShift Builds 1.7.3",
"product_id": "Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:b020334c46f2d7276ba0c3aa8be7951254b197b2da310f0c22d2e16681a6a265_arm64"
},
"product_reference": "registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:b020334c46f2d7276ba0c3aa8be7951254b197b2da310f0c22d2e16681a6a265_arm64",
"relates_to_product_reference": "Red Hat OpenShift Builds 1.7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:f2c222424cd66659ebea6787b6934c2d01d9eeb4f7db03ebfa16ab7b65aeb5b2_amd64 as a component of Red Hat OpenShift Builds 1.7.3",
"product_id": "Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:f2c222424cd66659ebea6787b6934c2d01d9eeb4f7db03ebfa16ab7b65aeb5b2_amd64"
},
"product_reference": "registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:f2c222424cd66659ebea6787b6934c2d01d9eeb4f7db03ebfa16ab7b65aeb5b2_amd64",
"relates_to_product_reference": "Red Hat OpenShift Builds 1.7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:153f9e059139e6dbaeb2e5166d21bfeec59a59aa5cd8045e11dbfa091479b4bb_amd64 as a component of Red Hat OpenShift Builds 1.7.3",
"product_id": "Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:153f9e059139e6dbaeb2e5166d21bfeec59a59aa5cd8045e11dbfa091479b4bb_amd64"
},
"product_reference": "registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:153f9e059139e6dbaeb2e5166d21bfeec59a59aa5cd8045e11dbfa091479b4bb_amd64",
"relates_to_product_reference": "Red Hat OpenShift Builds 1.7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:b2173caa314ae26d2a300f61cfa94031c34fe7676fd007418849212082db3636_s390x as a component of Red Hat OpenShift Builds 1.7.3",
"product_id": "Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:b2173caa314ae26d2a300f61cfa94031c34fe7676fd007418849212082db3636_s390x"
},
"product_reference": "registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:b2173caa314ae26d2a300f61cfa94031c34fe7676fd007418849212082db3636_s390x",
"relates_to_product_reference": "Red Hat OpenShift Builds 1.7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:cd9ada6b38c080eec45e1d053ec305dde2d574899019ffb01a28dbe1dd582912_arm64 as a component of Red Hat OpenShift Builds 1.7.3",
"product_id": "Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:cd9ada6b38c080eec45e1d053ec305dde2d574899019ffb01a28dbe1dd582912_arm64"
},
"product_reference": "registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:cd9ada6b38c080eec45e1d053ec305dde2d574899019ffb01a28dbe1dd582912_arm64",
"relates_to_product_reference": "Red Hat OpenShift Builds 1.7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:f17eb032f7250aa4a3bb99e2754fa4cb0dbfc9fbbb8c787f70ad30b71b27b5a2_ppc64le as a component of Red Hat OpenShift Builds 1.7.3",
"product_id": "Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:f17eb032f7250aa4a3bb99e2754fa4cb0dbfc9fbbb8c787f70ad30b71b27b5a2_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:f17eb032f7250aa4a3bb99e2754fa4cb0dbfc9fbbb8c787f70ad30b71b27b5a2_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Builds 1.7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:1a57b53f8642ccb95884687efc251ad52e8ee3e718b55d0f4d21f800dfd3f5fa_arm64 as a component of Red Hat OpenShift Builds 1.7.3",
"product_id": "Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:1a57b53f8642ccb95884687efc251ad52e8ee3e718b55d0f4d21f800dfd3f5fa_arm64"
},
"product_reference": "registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:1a57b53f8642ccb95884687efc251ad52e8ee3e718b55d0f4d21f800dfd3f5fa_arm64",
"relates_to_product_reference": "Red Hat OpenShift Builds 1.7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:6234cfecf4dd75b8c4ff1c527ad4eb306d966cfa0170ecdb8ea4bc69c2cdc495_amd64 as a component of Red Hat OpenShift Builds 1.7.3",
"product_id": "Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:6234cfecf4dd75b8c4ff1c527ad4eb306d966cfa0170ecdb8ea4bc69c2cdc495_amd64"
},
"product_reference": "registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:6234cfecf4dd75b8c4ff1c527ad4eb306d966cfa0170ecdb8ea4bc69c2cdc495_amd64",
"relates_to_product_reference": "Red Hat OpenShift Builds 1.7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:779e75a94141db7f8223b9861ba2fa3ba8baf6fa470bb0ab109945d75e20121b_ppc64le as a component of Red Hat OpenShift Builds 1.7.3",
"product_id": "Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:779e75a94141db7f8223b9861ba2fa3ba8baf6fa470bb0ab109945d75e20121b_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:779e75a94141db7f8223b9861ba2fa3ba8baf6fa470bb0ab109945d75e20121b_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Builds 1.7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:e593bebc4e753ac3c4cdd1be05711452dbda6e3b015b37926fa804851bdad6a8_s390x as a component of Red Hat OpenShift Builds 1.7.3",
"product_id": "Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:e593bebc4e753ac3c4cdd1be05711452dbda6e3b015b37926fa804851bdad6a8_s390x"
},
"product_reference": "registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:e593bebc4e753ac3c4cdd1be05711452dbda6e3b015b37926fa804851bdad6a8_s390x",
"relates_to_product_reference": "Red Hat OpenShift Builds 1.7.3"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-68121",
"discovery_date": "2026-02-05T18:01:30.086058+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:5008dcb0428a0837b9abd827963e7008c8e16af8cfcbd432421286fca63fe714_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:5856cba3fe26ab7f756ba93e06caa6e522336ff36ff4c515132a8d35c85a2f64_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:6ddf185f2714d45fab92c831bf32673da55c7a43dbcf1bd22090b203791e03b2_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:eb32b129ea6a10b4aada4313ff11b04c33b99877eea9a5e567245d361d69f140_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:165f6085028f3859f6ede9176d413274ee1a457b72cd9c437795146c20b0722c_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:7a39f26f51bcbb4ef395208db01e2b0ee8b1fe9b15b3701c9c35d8f636f790d9_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:a4d609ff22b610b625a74fffd22883d5debe93c2e0c6ae2bcbbfd8f5f6b2cf12_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:ec02f5f031fefd5a610b69a81be5350f96e54511e2d2c619e8b9fe8f193297b6_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:0070df2a8c7882ae021000c498ead96b19f1bd6819e46657d5898cb71e6ec506_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:4b578a8ef1579d7168b7f0a1b7cebe66213003f8225a86cfdd4c9f24a5e2d871_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:8d6371a5fe374e3bc5c19a930ea712d266fab13a722768204b128bc71e928c97_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:985b19d79b3e54fc8b99b9b0239b74dcf6d0102d3ff0cd5363ae4627069d2ee1_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:2a0a6ea6465a6d165f072ef782a1825cc16ecfb2f8c58d5ec58c1d40d02e5208_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:679b470190ff7a7fc04e283884be4f24d1b0c475d0730fb718f2f45c60551b61_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:9734d0dc0367884e128837b7d02038a3b4136c4865ed3dc90902801393e178b4_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:f5f35702e424cd4e9b768c59d44928844b2d09fbb98d368ae7b54b7ec0771d13_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-operator-bundle@sha256:093834bac2e2f7f01968ef542b9bcbf5fbe530c9f0dd86521825797abb4a33a2_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:190edd3effb60c56c885fc964d3eb48076293e1e43d745c4615ed00ef7daa145_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:382be8775c61942123adac2acec9f48085ebf7fd2b286c20e36a33ea6462baa7_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:5e83175abaef1e3046bac94621a86e036317833c740cdd6d235f1133a1388dd3_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:7173a298b07cbde3cd9ff12ca25f26ccf79b9ff8cfcb35a001c9f8c0b0291436_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:16cf5e33f297c027686d3ba9c6cbb01dba7a39299e2765fe4eaacc892b32f0d1_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:4715242f98234d2018f8317d9a57f63ff23b4d63be96491d55af2a2ef4572261_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:678c8d38900d994c4aa2e23669b7901747028690a4c5e4ba9aced4cbfe22b248_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:b39a2930e310d432a840798f03f7e55b8da42ff16ccda31790f85558d2be2537_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:1d01e27a3cdea6c99a985b877e29629d1c1fb00203f4a90c45db6df7a602e2cc_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:88b38ad10068e0574d2e5934849b98429c69305633b42aa4d19822ede2a6e10d_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:b020334c46f2d7276ba0c3aa8be7951254b197b2da310f0c22d2e16681a6a265_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:f2c222424cd66659ebea6787b6934c2d01d9eeb4f7db03ebfa16ab7b65aeb5b2_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:1a57b53f8642ccb95884687efc251ad52e8ee3e718b55d0f4d21f800dfd3f5fa_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:6234cfecf4dd75b8c4ff1c527ad4eb306d966cfa0170ecdb8ea4bc69c2cdc495_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:779e75a94141db7f8223b9861ba2fa3ba8baf6fa470bb0ab109945d75e20121b_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:e593bebc4e753ac3c4cdd1be05711452dbda6e3b015b37926fa804851bdad6a8_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2437111"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the crypto/tls component. This vulnerability occurs during Transport Layer Security (TLS) session resumption when certificate authority (CA) settings are modified between the initial and resumed handshakes. An attacker could exploit this to bypass certificate validation, allowing a client or server to establish a connection that should have been rejected. This could lead to an authentication bypass under specific conditions.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is a moderate flaw because it only occurs under specific conditions, such as TLS session resumption with runtime changes to certificate authority settings. Exploitation is not straightforward and requires a controlled setup. The impact is limited to certificate validation within the same component and does not affect system availability.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:153f9e059139e6dbaeb2e5166d21bfeec59a59aa5cd8045e11dbfa091479b4bb_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:b2173caa314ae26d2a300f61cfa94031c34fe7676fd007418849212082db3636_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:cd9ada6b38c080eec45e1d053ec305dde2d574899019ffb01a28dbe1dd582912_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:f17eb032f7250aa4a3bb99e2754fa4cb0dbfc9fbbb8c787f70ad30b71b27b5a2_ppc64le"
],
"known_not_affected": [
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:5008dcb0428a0837b9abd827963e7008c8e16af8cfcbd432421286fca63fe714_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:5856cba3fe26ab7f756ba93e06caa6e522336ff36ff4c515132a8d35c85a2f64_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:6ddf185f2714d45fab92c831bf32673da55c7a43dbcf1bd22090b203791e03b2_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:eb32b129ea6a10b4aada4313ff11b04c33b99877eea9a5e567245d361d69f140_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:165f6085028f3859f6ede9176d413274ee1a457b72cd9c437795146c20b0722c_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:7a39f26f51bcbb4ef395208db01e2b0ee8b1fe9b15b3701c9c35d8f636f790d9_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:a4d609ff22b610b625a74fffd22883d5debe93c2e0c6ae2bcbbfd8f5f6b2cf12_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:ec02f5f031fefd5a610b69a81be5350f96e54511e2d2c619e8b9fe8f193297b6_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:0070df2a8c7882ae021000c498ead96b19f1bd6819e46657d5898cb71e6ec506_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:4b578a8ef1579d7168b7f0a1b7cebe66213003f8225a86cfdd4c9f24a5e2d871_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:8d6371a5fe374e3bc5c19a930ea712d266fab13a722768204b128bc71e928c97_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:985b19d79b3e54fc8b99b9b0239b74dcf6d0102d3ff0cd5363ae4627069d2ee1_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:2a0a6ea6465a6d165f072ef782a1825cc16ecfb2f8c58d5ec58c1d40d02e5208_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:679b470190ff7a7fc04e283884be4f24d1b0c475d0730fb718f2f45c60551b61_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:9734d0dc0367884e128837b7d02038a3b4136c4865ed3dc90902801393e178b4_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:f5f35702e424cd4e9b768c59d44928844b2d09fbb98d368ae7b54b7ec0771d13_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-operator-bundle@sha256:093834bac2e2f7f01968ef542b9bcbf5fbe530c9f0dd86521825797abb4a33a2_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:190edd3effb60c56c885fc964d3eb48076293e1e43d745c4615ed00ef7daa145_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:382be8775c61942123adac2acec9f48085ebf7fd2b286c20e36a33ea6462baa7_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:5e83175abaef1e3046bac94621a86e036317833c740cdd6d235f1133a1388dd3_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:7173a298b07cbde3cd9ff12ca25f26ccf79b9ff8cfcb35a001c9f8c0b0291436_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:16cf5e33f297c027686d3ba9c6cbb01dba7a39299e2765fe4eaacc892b32f0d1_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:4715242f98234d2018f8317d9a57f63ff23b4d63be96491d55af2a2ef4572261_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:678c8d38900d994c4aa2e23669b7901747028690a4c5e4ba9aced4cbfe22b248_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:b39a2930e310d432a840798f03f7e55b8da42ff16ccda31790f85558d2be2537_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:1d01e27a3cdea6c99a985b877e29629d1c1fb00203f4a90c45db6df7a602e2cc_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:88b38ad10068e0574d2e5934849b98429c69305633b42aa4d19822ede2a6e10d_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:b020334c46f2d7276ba0c3aa8be7951254b197b2da310f0c22d2e16681a6a265_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:f2c222424cd66659ebea6787b6934c2d01d9eeb4f7db03ebfa16ab7b65aeb5b2_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:1a57b53f8642ccb95884687efc251ad52e8ee3e718b55d0f4d21f800dfd3f5fa_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:6234cfecf4dd75b8c4ff1c527ad4eb306d966cfa0170ecdb8ea4bc69c2cdc495_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:779e75a94141db7f8223b9861ba2fa3ba8baf6fa470bb0ab109945d75e20121b_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:e593bebc4e753ac3c4cdd1be05711452dbda6e3b015b37926fa804851bdad6a8_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-68121"
},
{
"category": "external",
"summary": "RHBZ#2437111",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2437111"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-68121",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68121"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-68121",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68121"
},
{
"category": "external",
"summary": "https://go.dev/cl/737700",
"url": "https://go.dev/cl/737700"
},
{
"category": "external",
"summary": "https://go.dev/issue/77217",
"url": "https://go.dev/issue/77217"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk",
"url": "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4337",
"url": "https://pkg.go.dev/vuln/GO-2026-4337"
}
],
"release_date": "2026-02-05T17:48:44.141000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-28T07:19:47+00:00",
"details": "It is recommended that existing users of Red Hat OpenShift Builds 1.7.1 upgrades to to 1.7.2",
"product_ids": [
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:153f9e059139e6dbaeb2e5166d21bfeec59a59aa5cd8045e11dbfa091479b4bb_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:b2173caa314ae26d2a300f61cfa94031c34fe7676fd007418849212082db3636_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:cd9ada6b38c080eec45e1d053ec305dde2d574899019ffb01a28dbe1dd582912_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:f17eb032f7250aa4a3bb99e2754fa4cb0dbfc9fbbb8c787f70ad30b71b27b5a2_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:11331"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:5008dcb0428a0837b9abd827963e7008c8e16af8cfcbd432421286fca63fe714_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:5856cba3fe26ab7f756ba93e06caa6e522336ff36ff4c515132a8d35c85a2f64_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:6ddf185f2714d45fab92c831bf32673da55c7a43dbcf1bd22090b203791e03b2_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:eb32b129ea6a10b4aada4313ff11b04c33b99877eea9a5e567245d361d69f140_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:165f6085028f3859f6ede9176d413274ee1a457b72cd9c437795146c20b0722c_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:7a39f26f51bcbb4ef395208db01e2b0ee8b1fe9b15b3701c9c35d8f636f790d9_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:a4d609ff22b610b625a74fffd22883d5debe93c2e0c6ae2bcbbfd8f5f6b2cf12_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:ec02f5f031fefd5a610b69a81be5350f96e54511e2d2c619e8b9fe8f193297b6_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:0070df2a8c7882ae021000c498ead96b19f1bd6819e46657d5898cb71e6ec506_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:4b578a8ef1579d7168b7f0a1b7cebe66213003f8225a86cfdd4c9f24a5e2d871_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:8d6371a5fe374e3bc5c19a930ea712d266fab13a722768204b128bc71e928c97_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:985b19d79b3e54fc8b99b9b0239b74dcf6d0102d3ff0cd5363ae4627069d2ee1_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:2a0a6ea6465a6d165f072ef782a1825cc16ecfb2f8c58d5ec58c1d40d02e5208_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:679b470190ff7a7fc04e283884be4f24d1b0c475d0730fb718f2f45c60551b61_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:9734d0dc0367884e128837b7d02038a3b4136c4865ed3dc90902801393e178b4_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:f5f35702e424cd4e9b768c59d44928844b2d09fbb98d368ae7b54b7ec0771d13_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-operator-bundle@sha256:093834bac2e2f7f01968ef542b9bcbf5fbe530c9f0dd86521825797abb4a33a2_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:190edd3effb60c56c885fc964d3eb48076293e1e43d745c4615ed00ef7daa145_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:382be8775c61942123adac2acec9f48085ebf7fd2b286c20e36a33ea6462baa7_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:5e83175abaef1e3046bac94621a86e036317833c740cdd6d235f1133a1388dd3_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:7173a298b07cbde3cd9ff12ca25f26ccf79b9ff8cfcb35a001c9f8c0b0291436_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:16cf5e33f297c027686d3ba9c6cbb01dba7a39299e2765fe4eaacc892b32f0d1_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:4715242f98234d2018f8317d9a57f63ff23b4d63be96491d55af2a2ef4572261_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:678c8d38900d994c4aa2e23669b7901747028690a4c5e4ba9aced4cbfe22b248_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:b39a2930e310d432a840798f03f7e55b8da42ff16ccda31790f85558d2be2537_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:1d01e27a3cdea6c99a985b877e29629d1c1fb00203f4a90c45db6df7a602e2cc_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:88b38ad10068e0574d2e5934849b98429c69305633b42aa4d19822ede2a6e10d_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:b020334c46f2d7276ba0c3aa8be7951254b197b2da310f0c22d2e16681a6a265_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:f2c222424cd66659ebea6787b6934c2d01d9eeb4f7db03ebfa16ab7b65aeb5b2_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:153f9e059139e6dbaeb2e5166d21bfeec59a59aa5cd8045e11dbfa091479b4bb_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:b2173caa314ae26d2a300f61cfa94031c34fe7676fd007418849212082db3636_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:cd9ada6b38c080eec45e1d053ec305dde2d574899019ffb01a28dbe1dd582912_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:f17eb032f7250aa4a3bb99e2754fa4cb0dbfc9fbbb8c787f70ad30b71b27b5a2_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:1a57b53f8642ccb95884687efc251ad52e8ee3e718b55d0f4d21f800dfd3f5fa_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:6234cfecf4dd75b8c4ff1c527ad4eb306d966cfa0170ecdb8ea4bc69c2cdc495_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:779e75a94141db7f8223b9861ba2fa3ba8baf6fa470bb0ab109945d75e20121b_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:e593bebc4e753ac3c4cdd1be05711452dbda6e3b015b37926fa804851bdad6a8_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption"
},
{
"cve": "CVE-2026-25679",
"cwe": {
"id": "CWE-1286",
"name": "Improper Validation of Syntactic Correctness of Input"
},
"discovery_date": "2026-03-06T22:02:11.567841+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:5008dcb0428a0837b9abd827963e7008c8e16af8cfcbd432421286fca63fe714_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:5856cba3fe26ab7f756ba93e06caa6e522336ff36ff4c515132a8d35c85a2f64_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:6ddf185f2714d45fab92c831bf32673da55c7a43dbcf1bd22090b203791e03b2_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:eb32b129ea6a10b4aada4313ff11b04c33b99877eea9a5e567245d361d69f140_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:165f6085028f3859f6ede9176d413274ee1a457b72cd9c437795146c20b0722c_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:7a39f26f51bcbb4ef395208db01e2b0ee8b1fe9b15b3701c9c35d8f636f790d9_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:a4d609ff22b610b625a74fffd22883d5debe93c2e0c6ae2bcbbfd8f5f6b2cf12_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:ec02f5f031fefd5a610b69a81be5350f96e54511e2d2c619e8b9fe8f193297b6_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:0070df2a8c7882ae021000c498ead96b19f1bd6819e46657d5898cb71e6ec506_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:4b578a8ef1579d7168b7f0a1b7cebe66213003f8225a86cfdd4c9f24a5e2d871_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:8d6371a5fe374e3bc5c19a930ea712d266fab13a722768204b128bc71e928c97_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:985b19d79b3e54fc8b99b9b0239b74dcf6d0102d3ff0cd5363ae4627069d2ee1_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:2a0a6ea6465a6d165f072ef782a1825cc16ecfb2f8c58d5ec58c1d40d02e5208_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:679b470190ff7a7fc04e283884be4f24d1b0c475d0730fb718f2f45c60551b61_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:9734d0dc0367884e128837b7d02038a3b4136c4865ed3dc90902801393e178b4_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:f5f35702e424cd4e9b768c59d44928844b2d09fbb98d368ae7b54b7ec0771d13_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-operator-bundle@sha256:093834bac2e2f7f01968ef542b9bcbf5fbe530c9f0dd86521825797abb4a33a2_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:190edd3effb60c56c885fc964d3eb48076293e1e43d745c4615ed00ef7daa145_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:382be8775c61942123adac2acec9f48085ebf7fd2b286c20e36a33ea6462baa7_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:5e83175abaef1e3046bac94621a86e036317833c740cdd6d235f1133a1388dd3_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:7173a298b07cbde3cd9ff12ca25f26ccf79b9ff8cfcb35a001c9f8c0b0291436_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:16cf5e33f297c027686d3ba9c6cbb01dba7a39299e2765fe4eaacc892b32f0d1_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:4715242f98234d2018f8317d9a57f63ff23b4d63be96491d55af2a2ef4572261_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:678c8d38900d994c4aa2e23669b7901747028690a4c5e4ba9aced4cbfe22b248_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:b39a2930e310d432a840798f03f7e55b8da42ff16ccda31790f85558d2be2537_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:1d01e27a3cdea6c99a985b877e29629d1c1fb00203f4a90c45db6df7a602e2cc_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:88b38ad10068e0574d2e5934849b98429c69305633b42aa4d19822ede2a6e10d_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:b020334c46f2d7276ba0c3aa8be7951254b197b2da310f0c22d2e16681a6a265_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:f2c222424cd66659ebea6787b6934c2d01d9eeb4f7db03ebfa16ab7b65aeb5b2_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:1a57b53f8642ccb95884687efc251ad52e8ee3e718b55d0f4d21f800dfd3f5fa_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:6234cfecf4dd75b8c4ff1c527ad4eb306d966cfa0170ecdb8ea4bc69c2cdc495_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:779e75a94141db7f8223b9861ba2fa3ba8baf6fa470bb0ab109945d75e20121b_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:e593bebc4e753ac3c4cdd1be05711452dbda6e3b015b37926fa804851bdad6a8_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2445356"
}
],
"notes": [
{
"category": "description",
"text": "The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "net/url: Incorrect parsing of IPv6 host literals in net/url",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:153f9e059139e6dbaeb2e5166d21bfeec59a59aa5cd8045e11dbfa091479b4bb_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:b2173caa314ae26d2a300f61cfa94031c34fe7676fd007418849212082db3636_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:cd9ada6b38c080eec45e1d053ec305dde2d574899019ffb01a28dbe1dd582912_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:f17eb032f7250aa4a3bb99e2754fa4cb0dbfc9fbbb8c787f70ad30b71b27b5a2_ppc64le"
],
"known_not_affected": [
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:5008dcb0428a0837b9abd827963e7008c8e16af8cfcbd432421286fca63fe714_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:5856cba3fe26ab7f756ba93e06caa6e522336ff36ff4c515132a8d35c85a2f64_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:6ddf185f2714d45fab92c831bf32673da55c7a43dbcf1bd22090b203791e03b2_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:eb32b129ea6a10b4aada4313ff11b04c33b99877eea9a5e567245d361d69f140_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:165f6085028f3859f6ede9176d413274ee1a457b72cd9c437795146c20b0722c_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:7a39f26f51bcbb4ef395208db01e2b0ee8b1fe9b15b3701c9c35d8f636f790d9_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:a4d609ff22b610b625a74fffd22883d5debe93c2e0c6ae2bcbbfd8f5f6b2cf12_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:ec02f5f031fefd5a610b69a81be5350f96e54511e2d2c619e8b9fe8f193297b6_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:0070df2a8c7882ae021000c498ead96b19f1bd6819e46657d5898cb71e6ec506_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:4b578a8ef1579d7168b7f0a1b7cebe66213003f8225a86cfdd4c9f24a5e2d871_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:8d6371a5fe374e3bc5c19a930ea712d266fab13a722768204b128bc71e928c97_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:985b19d79b3e54fc8b99b9b0239b74dcf6d0102d3ff0cd5363ae4627069d2ee1_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:2a0a6ea6465a6d165f072ef782a1825cc16ecfb2f8c58d5ec58c1d40d02e5208_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:679b470190ff7a7fc04e283884be4f24d1b0c475d0730fb718f2f45c60551b61_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:9734d0dc0367884e128837b7d02038a3b4136c4865ed3dc90902801393e178b4_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:f5f35702e424cd4e9b768c59d44928844b2d09fbb98d368ae7b54b7ec0771d13_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-operator-bundle@sha256:093834bac2e2f7f01968ef542b9bcbf5fbe530c9f0dd86521825797abb4a33a2_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:190edd3effb60c56c885fc964d3eb48076293e1e43d745c4615ed00ef7daa145_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:382be8775c61942123adac2acec9f48085ebf7fd2b286c20e36a33ea6462baa7_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:5e83175abaef1e3046bac94621a86e036317833c740cdd6d235f1133a1388dd3_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:7173a298b07cbde3cd9ff12ca25f26ccf79b9ff8cfcb35a001c9f8c0b0291436_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:16cf5e33f297c027686d3ba9c6cbb01dba7a39299e2765fe4eaacc892b32f0d1_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:4715242f98234d2018f8317d9a57f63ff23b4d63be96491d55af2a2ef4572261_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:678c8d38900d994c4aa2e23669b7901747028690a4c5e4ba9aced4cbfe22b248_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:b39a2930e310d432a840798f03f7e55b8da42ff16ccda31790f85558d2be2537_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:1d01e27a3cdea6c99a985b877e29629d1c1fb00203f4a90c45db6df7a602e2cc_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:88b38ad10068e0574d2e5934849b98429c69305633b42aa4d19822ede2a6e10d_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:b020334c46f2d7276ba0c3aa8be7951254b197b2da310f0c22d2e16681a6a265_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:f2c222424cd66659ebea6787b6934c2d01d9eeb4f7db03ebfa16ab7b65aeb5b2_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:1a57b53f8642ccb95884687efc251ad52e8ee3e718b55d0f4d21f800dfd3f5fa_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:6234cfecf4dd75b8c4ff1c527ad4eb306d966cfa0170ecdb8ea4bc69c2cdc495_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:779e75a94141db7f8223b9861ba2fa3ba8baf6fa470bb0ab109945d75e20121b_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:e593bebc4e753ac3c4cdd1be05711452dbda6e3b015b37926fa804851bdad6a8_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-25679"
},
{
"category": "external",
"summary": "RHBZ#2445356",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445356"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-25679",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25679"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-25679",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25679"
},
{
"category": "external",
"summary": "https://go.dev/cl/752180",
"url": "https://go.dev/cl/752180"
},
{
"category": "external",
"summary": "https://go.dev/issue/77578",
"url": "https://go.dev/issue/77578"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk",
"url": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4601",
"url": "https://pkg.go.dev/vuln/GO-2026-4601"
}
],
"release_date": "2026-03-06T21:28:14.211000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-28T07:19:47+00:00",
"details": "It is recommended that existing users of Red Hat OpenShift Builds 1.7.1 upgrades to to 1.7.2",
"product_ids": [
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:153f9e059139e6dbaeb2e5166d21bfeec59a59aa5cd8045e11dbfa091479b4bb_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:b2173caa314ae26d2a300f61cfa94031c34fe7676fd007418849212082db3636_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:cd9ada6b38c080eec45e1d053ec305dde2d574899019ffb01a28dbe1dd582912_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:f17eb032f7250aa4a3bb99e2754fa4cb0dbfc9fbbb8c787f70ad30b71b27b5a2_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:11331"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:5008dcb0428a0837b9abd827963e7008c8e16af8cfcbd432421286fca63fe714_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:5856cba3fe26ab7f756ba93e06caa6e522336ff36ff4c515132a8d35c85a2f64_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:6ddf185f2714d45fab92c831bf32673da55c7a43dbcf1bd22090b203791e03b2_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:eb32b129ea6a10b4aada4313ff11b04c33b99877eea9a5e567245d361d69f140_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:165f6085028f3859f6ede9176d413274ee1a457b72cd9c437795146c20b0722c_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:7a39f26f51bcbb4ef395208db01e2b0ee8b1fe9b15b3701c9c35d8f636f790d9_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:a4d609ff22b610b625a74fffd22883d5debe93c2e0c6ae2bcbbfd8f5f6b2cf12_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:ec02f5f031fefd5a610b69a81be5350f96e54511e2d2c619e8b9fe8f193297b6_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:0070df2a8c7882ae021000c498ead96b19f1bd6819e46657d5898cb71e6ec506_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:4b578a8ef1579d7168b7f0a1b7cebe66213003f8225a86cfdd4c9f24a5e2d871_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:8d6371a5fe374e3bc5c19a930ea712d266fab13a722768204b128bc71e928c97_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:985b19d79b3e54fc8b99b9b0239b74dcf6d0102d3ff0cd5363ae4627069d2ee1_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:2a0a6ea6465a6d165f072ef782a1825cc16ecfb2f8c58d5ec58c1d40d02e5208_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:679b470190ff7a7fc04e283884be4f24d1b0c475d0730fb718f2f45c60551b61_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:9734d0dc0367884e128837b7d02038a3b4136c4865ed3dc90902801393e178b4_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:f5f35702e424cd4e9b768c59d44928844b2d09fbb98d368ae7b54b7ec0771d13_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-operator-bundle@sha256:093834bac2e2f7f01968ef542b9bcbf5fbe530c9f0dd86521825797abb4a33a2_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:190edd3effb60c56c885fc964d3eb48076293e1e43d745c4615ed00ef7daa145_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:382be8775c61942123adac2acec9f48085ebf7fd2b286c20e36a33ea6462baa7_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:5e83175abaef1e3046bac94621a86e036317833c740cdd6d235f1133a1388dd3_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:7173a298b07cbde3cd9ff12ca25f26ccf79b9ff8cfcb35a001c9f8c0b0291436_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:16cf5e33f297c027686d3ba9c6cbb01dba7a39299e2765fe4eaacc892b32f0d1_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:4715242f98234d2018f8317d9a57f63ff23b4d63be96491d55af2a2ef4572261_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:678c8d38900d994c4aa2e23669b7901747028690a4c5e4ba9aced4cbfe22b248_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:b39a2930e310d432a840798f03f7e55b8da42ff16ccda31790f85558d2be2537_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:1d01e27a3cdea6c99a985b877e29629d1c1fb00203f4a90c45db6df7a602e2cc_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:88b38ad10068e0574d2e5934849b98429c69305633b42aa4d19822ede2a6e10d_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:b020334c46f2d7276ba0c3aa8be7951254b197b2da310f0c22d2e16681a6a265_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:f2c222424cd66659ebea6787b6934c2d01d9eeb4f7db03ebfa16ab7b65aeb5b2_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:153f9e059139e6dbaeb2e5166d21bfeec59a59aa5cd8045e11dbfa091479b4bb_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:b2173caa314ae26d2a300f61cfa94031c34fe7676fd007418849212082db3636_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:cd9ada6b38c080eec45e1d053ec305dde2d574899019ffb01a28dbe1dd582912_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:f17eb032f7250aa4a3bb99e2754fa4cb0dbfc9fbbb8c787f70ad30b71b27b5a2_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:1a57b53f8642ccb95884687efc251ad52e8ee3e718b55d0f4d21f800dfd3f5fa_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:6234cfecf4dd75b8c4ff1c527ad4eb306d966cfa0170ecdb8ea4bc69c2cdc495_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:779e75a94141db7f8223b9861ba2fa3ba8baf6fa470bb0ab109945d75e20121b_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:e593bebc4e753ac3c4cdd1be05711452dbda6e3b015b37926fa804851bdad6a8_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:5008dcb0428a0837b9abd827963e7008c8e16af8cfcbd432421286fca63fe714_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:5856cba3fe26ab7f756ba93e06caa6e522336ff36ff4c515132a8d35c85a2f64_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:6ddf185f2714d45fab92c831bf32673da55c7a43dbcf1bd22090b203791e03b2_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:eb32b129ea6a10b4aada4313ff11b04c33b99877eea9a5e567245d361d69f140_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:165f6085028f3859f6ede9176d413274ee1a457b72cd9c437795146c20b0722c_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:7a39f26f51bcbb4ef395208db01e2b0ee8b1fe9b15b3701c9c35d8f636f790d9_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:a4d609ff22b610b625a74fffd22883d5debe93c2e0c6ae2bcbbfd8f5f6b2cf12_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:ec02f5f031fefd5a610b69a81be5350f96e54511e2d2c619e8b9fe8f193297b6_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:0070df2a8c7882ae021000c498ead96b19f1bd6819e46657d5898cb71e6ec506_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:4b578a8ef1579d7168b7f0a1b7cebe66213003f8225a86cfdd4c9f24a5e2d871_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:8d6371a5fe374e3bc5c19a930ea712d266fab13a722768204b128bc71e928c97_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:985b19d79b3e54fc8b99b9b0239b74dcf6d0102d3ff0cd5363ae4627069d2ee1_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:2a0a6ea6465a6d165f072ef782a1825cc16ecfb2f8c58d5ec58c1d40d02e5208_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:679b470190ff7a7fc04e283884be4f24d1b0c475d0730fb718f2f45c60551b61_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:9734d0dc0367884e128837b7d02038a3b4136c4865ed3dc90902801393e178b4_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:f5f35702e424cd4e9b768c59d44928844b2d09fbb98d368ae7b54b7ec0771d13_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-operator-bundle@sha256:093834bac2e2f7f01968ef542b9bcbf5fbe530c9f0dd86521825797abb4a33a2_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:190edd3effb60c56c885fc964d3eb48076293e1e43d745c4615ed00ef7daa145_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:382be8775c61942123adac2acec9f48085ebf7fd2b286c20e36a33ea6462baa7_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:5e83175abaef1e3046bac94621a86e036317833c740cdd6d235f1133a1388dd3_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:7173a298b07cbde3cd9ff12ca25f26ccf79b9ff8cfcb35a001c9f8c0b0291436_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:16cf5e33f297c027686d3ba9c6cbb01dba7a39299e2765fe4eaacc892b32f0d1_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:4715242f98234d2018f8317d9a57f63ff23b4d63be96491d55af2a2ef4572261_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:678c8d38900d994c4aa2e23669b7901747028690a4c5e4ba9aced4cbfe22b248_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:b39a2930e310d432a840798f03f7e55b8da42ff16ccda31790f85558d2be2537_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:1d01e27a3cdea6c99a985b877e29629d1c1fb00203f4a90c45db6df7a602e2cc_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:88b38ad10068e0574d2e5934849b98429c69305633b42aa4d19822ede2a6e10d_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:b020334c46f2d7276ba0c3aa8be7951254b197b2da310f0c22d2e16681a6a265_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:f2c222424cd66659ebea6787b6934c2d01d9eeb4f7db03ebfa16ab7b65aeb5b2_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:153f9e059139e6dbaeb2e5166d21bfeec59a59aa5cd8045e11dbfa091479b4bb_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:b2173caa314ae26d2a300f61cfa94031c34fe7676fd007418849212082db3636_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:cd9ada6b38c080eec45e1d053ec305dde2d574899019ffb01a28dbe1dd582912_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:f17eb032f7250aa4a3bb99e2754fa4cb0dbfc9fbbb8c787f70ad30b71b27b5a2_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:1a57b53f8642ccb95884687efc251ad52e8ee3e718b55d0f4d21f800dfd3f5fa_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:6234cfecf4dd75b8c4ff1c527ad4eb306d966cfa0170ecdb8ea4bc69c2cdc495_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:779e75a94141db7f8223b9861ba2fa3ba8baf6fa470bb0ab109945d75e20121b_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:e593bebc4e753ac3c4cdd1be05711452dbda6e3b015b37926fa804851bdad6a8_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "net/url: Incorrect parsing of IPv6 host literals in net/url"
},
{
"cve": "CVE-2026-27137",
"cwe": {
"id": "CWE-295",
"name": "Improper Certificate Validation"
},
"discovery_date": "2026-03-06T22:01:38.859733+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:5008dcb0428a0837b9abd827963e7008c8e16af8cfcbd432421286fca63fe714_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:5856cba3fe26ab7f756ba93e06caa6e522336ff36ff4c515132a8d35c85a2f64_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:6ddf185f2714d45fab92c831bf32673da55c7a43dbcf1bd22090b203791e03b2_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:eb32b129ea6a10b4aada4313ff11b04c33b99877eea9a5e567245d361d69f140_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:165f6085028f3859f6ede9176d413274ee1a457b72cd9c437795146c20b0722c_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:7a39f26f51bcbb4ef395208db01e2b0ee8b1fe9b15b3701c9c35d8f636f790d9_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:a4d609ff22b610b625a74fffd22883d5debe93c2e0c6ae2bcbbfd8f5f6b2cf12_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:ec02f5f031fefd5a610b69a81be5350f96e54511e2d2c619e8b9fe8f193297b6_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:0070df2a8c7882ae021000c498ead96b19f1bd6819e46657d5898cb71e6ec506_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:4b578a8ef1579d7168b7f0a1b7cebe66213003f8225a86cfdd4c9f24a5e2d871_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:8d6371a5fe374e3bc5c19a930ea712d266fab13a722768204b128bc71e928c97_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:985b19d79b3e54fc8b99b9b0239b74dcf6d0102d3ff0cd5363ae4627069d2ee1_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:2a0a6ea6465a6d165f072ef782a1825cc16ecfb2f8c58d5ec58c1d40d02e5208_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:679b470190ff7a7fc04e283884be4f24d1b0c475d0730fb718f2f45c60551b61_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:9734d0dc0367884e128837b7d02038a3b4136c4865ed3dc90902801393e178b4_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:f5f35702e424cd4e9b768c59d44928844b2d09fbb98d368ae7b54b7ec0771d13_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-operator-bundle@sha256:093834bac2e2f7f01968ef542b9bcbf5fbe530c9f0dd86521825797abb4a33a2_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:190edd3effb60c56c885fc964d3eb48076293e1e43d745c4615ed00ef7daa145_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:382be8775c61942123adac2acec9f48085ebf7fd2b286c20e36a33ea6462baa7_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:5e83175abaef1e3046bac94621a86e036317833c740cdd6d235f1133a1388dd3_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:7173a298b07cbde3cd9ff12ca25f26ccf79b9ff8cfcb35a001c9f8c0b0291436_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:16cf5e33f297c027686d3ba9c6cbb01dba7a39299e2765fe4eaacc892b32f0d1_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:4715242f98234d2018f8317d9a57f63ff23b4d63be96491d55af2a2ef4572261_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:678c8d38900d994c4aa2e23669b7901747028690a4c5e4ba9aced4cbfe22b248_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:b39a2930e310d432a840798f03f7e55b8da42ff16ccda31790f85558d2be2537_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:1d01e27a3cdea6c99a985b877e29629d1c1fb00203f4a90c45db6df7a602e2cc_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:88b38ad10068e0574d2e5934849b98429c69305633b42aa4d19822ede2a6e10d_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:b020334c46f2d7276ba0c3aa8be7951254b197b2da310f0c22d2e16681a6a265_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:f2c222424cd66659ebea6787b6934c2d01d9eeb4f7db03ebfa16ab7b65aeb5b2_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:1a57b53f8642ccb95884687efc251ad52e8ee3e718b55d0f4d21f800dfd3f5fa_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:6234cfecf4dd75b8c4ff1c527ad4eb306d966cfa0170ecdb8ea4bc69c2cdc495_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:779e75a94141db7f8223b9861ba2fa3ba8baf6fa470bb0ab109945d75e20121b_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:e593bebc4e753ac3c4cdd1be05711452dbda6e3b015b37926fa804851bdad6a8_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2445345"
}
],
"notes": [
{
"category": "description",
"text": "A certificate validation flaw has been discovered in the golang crypto/x509 module. When verifying a certificate chain which contains a certificate containing multiple email address constraints which share common local portions but different domain portions, these constraints will not be properly applied, and only the last constraint will be considered.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: Incorrect enforcement of email constraints in crypto/x509",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:153f9e059139e6dbaeb2e5166d21bfeec59a59aa5cd8045e11dbfa091479b4bb_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:b2173caa314ae26d2a300f61cfa94031c34fe7676fd007418849212082db3636_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:cd9ada6b38c080eec45e1d053ec305dde2d574899019ffb01a28dbe1dd582912_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:f17eb032f7250aa4a3bb99e2754fa4cb0dbfc9fbbb8c787f70ad30b71b27b5a2_ppc64le"
],
"known_not_affected": [
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:5008dcb0428a0837b9abd827963e7008c8e16af8cfcbd432421286fca63fe714_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:5856cba3fe26ab7f756ba93e06caa6e522336ff36ff4c515132a8d35c85a2f64_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:6ddf185f2714d45fab92c831bf32673da55c7a43dbcf1bd22090b203791e03b2_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:eb32b129ea6a10b4aada4313ff11b04c33b99877eea9a5e567245d361d69f140_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:165f6085028f3859f6ede9176d413274ee1a457b72cd9c437795146c20b0722c_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:7a39f26f51bcbb4ef395208db01e2b0ee8b1fe9b15b3701c9c35d8f636f790d9_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:a4d609ff22b610b625a74fffd22883d5debe93c2e0c6ae2bcbbfd8f5f6b2cf12_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:ec02f5f031fefd5a610b69a81be5350f96e54511e2d2c619e8b9fe8f193297b6_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:0070df2a8c7882ae021000c498ead96b19f1bd6819e46657d5898cb71e6ec506_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:4b578a8ef1579d7168b7f0a1b7cebe66213003f8225a86cfdd4c9f24a5e2d871_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:8d6371a5fe374e3bc5c19a930ea712d266fab13a722768204b128bc71e928c97_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:985b19d79b3e54fc8b99b9b0239b74dcf6d0102d3ff0cd5363ae4627069d2ee1_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:2a0a6ea6465a6d165f072ef782a1825cc16ecfb2f8c58d5ec58c1d40d02e5208_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:679b470190ff7a7fc04e283884be4f24d1b0c475d0730fb718f2f45c60551b61_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:9734d0dc0367884e128837b7d02038a3b4136c4865ed3dc90902801393e178b4_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:f5f35702e424cd4e9b768c59d44928844b2d09fbb98d368ae7b54b7ec0771d13_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-operator-bundle@sha256:093834bac2e2f7f01968ef542b9bcbf5fbe530c9f0dd86521825797abb4a33a2_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:190edd3effb60c56c885fc964d3eb48076293e1e43d745c4615ed00ef7daa145_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:382be8775c61942123adac2acec9f48085ebf7fd2b286c20e36a33ea6462baa7_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:5e83175abaef1e3046bac94621a86e036317833c740cdd6d235f1133a1388dd3_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:7173a298b07cbde3cd9ff12ca25f26ccf79b9ff8cfcb35a001c9f8c0b0291436_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:16cf5e33f297c027686d3ba9c6cbb01dba7a39299e2765fe4eaacc892b32f0d1_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:4715242f98234d2018f8317d9a57f63ff23b4d63be96491d55af2a2ef4572261_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:678c8d38900d994c4aa2e23669b7901747028690a4c5e4ba9aced4cbfe22b248_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:b39a2930e310d432a840798f03f7e55b8da42ff16ccda31790f85558d2be2537_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:1d01e27a3cdea6c99a985b877e29629d1c1fb00203f4a90c45db6df7a602e2cc_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:88b38ad10068e0574d2e5934849b98429c69305633b42aa4d19822ede2a6e10d_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:b020334c46f2d7276ba0c3aa8be7951254b197b2da310f0c22d2e16681a6a265_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:f2c222424cd66659ebea6787b6934c2d01d9eeb4f7db03ebfa16ab7b65aeb5b2_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:1a57b53f8642ccb95884687efc251ad52e8ee3e718b55d0f4d21f800dfd3f5fa_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:6234cfecf4dd75b8c4ff1c527ad4eb306d966cfa0170ecdb8ea4bc69c2cdc495_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:779e75a94141db7f8223b9861ba2fa3ba8baf6fa470bb0ab109945d75e20121b_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:e593bebc4e753ac3c4cdd1be05711452dbda6e3b015b37926fa804851bdad6a8_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-27137"
},
{
"category": "external",
"summary": "RHBZ#2445345",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445345"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-27137",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27137"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-27137",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27137"
},
{
"category": "external",
"summary": "https://go.dev/cl/752182",
"url": "https://go.dev/cl/752182"
},
{
"category": "external",
"summary": "https://go.dev/issue/77952",
"url": "https://go.dev/issue/77952"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk",
"url": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4599",
"url": "https://pkg.go.dev/vuln/GO-2026-4599"
}
],
"release_date": "2026-03-06T21:28:13.748000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-28T07:19:47+00:00",
"details": "It is recommended that existing users of Red Hat OpenShift Builds 1.7.1 upgrades to to 1.7.2",
"product_ids": [
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:153f9e059139e6dbaeb2e5166d21bfeec59a59aa5cd8045e11dbfa091479b4bb_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:b2173caa314ae26d2a300f61cfa94031c34fe7676fd007418849212082db3636_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:cd9ada6b38c080eec45e1d053ec305dde2d574899019ffb01a28dbe1dd582912_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:f17eb032f7250aa4a3bb99e2754fa4cb0dbfc9fbbb8c787f70ad30b71b27b5a2_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:11331"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:5008dcb0428a0837b9abd827963e7008c8e16af8cfcbd432421286fca63fe714_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:5856cba3fe26ab7f756ba93e06caa6e522336ff36ff4c515132a8d35c85a2f64_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:6ddf185f2714d45fab92c831bf32673da55c7a43dbcf1bd22090b203791e03b2_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:eb32b129ea6a10b4aada4313ff11b04c33b99877eea9a5e567245d361d69f140_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:165f6085028f3859f6ede9176d413274ee1a457b72cd9c437795146c20b0722c_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:7a39f26f51bcbb4ef395208db01e2b0ee8b1fe9b15b3701c9c35d8f636f790d9_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:a4d609ff22b610b625a74fffd22883d5debe93c2e0c6ae2bcbbfd8f5f6b2cf12_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:ec02f5f031fefd5a610b69a81be5350f96e54511e2d2c619e8b9fe8f193297b6_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:0070df2a8c7882ae021000c498ead96b19f1bd6819e46657d5898cb71e6ec506_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:4b578a8ef1579d7168b7f0a1b7cebe66213003f8225a86cfdd4c9f24a5e2d871_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:8d6371a5fe374e3bc5c19a930ea712d266fab13a722768204b128bc71e928c97_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:985b19d79b3e54fc8b99b9b0239b74dcf6d0102d3ff0cd5363ae4627069d2ee1_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:2a0a6ea6465a6d165f072ef782a1825cc16ecfb2f8c58d5ec58c1d40d02e5208_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:679b470190ff7a7fc04e283884be4f24d1b0c475d0730fb718f2f45c60551b61_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:9734d0dc0367884e128837b7d02038a3b4136c4865ed3dc90902801393e178b4_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:f5f35702e424cd4e9b768c59d44928844b2d09fbb98d368ae7b54b7ec0771d13_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-operator-bundle@sha256:093834bac2e2f7f01968ef542b9bcbf5fbe530c9f0dd86521825797abb4a33a2_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:190edd3effb60c56c885fc964d3eb48076293e1e43d745c4615ed00ef7daa145_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:382be8775c61942123adac2acec9f48085ebf7fd2b286c20e36a33ea6462baa7_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:5e83175abaef1e3046bac94621a86e036317833c740cdd6d235f1133a1388dd3_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:7173a298b07cbde3cd9ff12ca25f26ccf79b9ff8cfcb35a001c9f8c0b0291436_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:16cf5e33f297c027686d3ba9c6cbb01dba7a39299e2765fe4eaacc892b32f0d1_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:4715242f98234d2018f8317d9a57f63ff23b4d63be96491d55af2a2ef4572261_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:678c8d38900d994c4aa2e23669b7901747028690a4c5e4ba9aced4cbfe22b248_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:b39a2930e310d432a840798f03f7e55b8da42ff16ccda31790f85558d2be2537_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:1d01e27a3cdea6c99a985b877e29629d1c1fb00203f4a90c45db6df7a602e2cc_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:88b38ad10068e0574d2e5934849b98429c69305633b42aa4d19822ede2a6e10d_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:b020334c46f2d7276ba0c3aa8be7951254b197b2da310f0c22d2e16681a6a265_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:f2c222424cd66659ebea6787b6934c2d01d9eeb4f7db03ebfa16ab7b65aeb5b2_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:153f9e059139e6dbaeb2e5166d21bfeec59a59aa5cd8045e11dbfa091479b4bb_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:b2173caa314ae26d2a300f61cfa94031c34fe7676fd007418849212082db3636_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:cd9ada6b38c080eec45e1d053ec305dde2d574899019ffb01a28dbe1dd582912_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:f17eb032f7250aa4a3bb99e2754fa4cb0dbfc9fbbb8c787f70ad30b71b27b5a2_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:1a57b53f8642ccb95884687efc251ad52e8ee3e718b55d0f4d21f800dfd3f5fa_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:6234cfecf4dd75b8c4ff1c527ad4eb306d966cfa0170ecdb8ea4bc69c2cdc495_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:779e75a94141db7f8223b9861ba2fa3ba8baf6fa470bb0ab109945d75e20121b_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:e593bebc4e753ac3c4cdd1be05711452dbda6e3b015b37926fa804851bdad6a8_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:5008dcb0428a0837b9abd827963e7008c8e16af8cfcbd432421286fca63fe714_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:5856cba3fe26ab7f756ba93e06caa6e522336ff36ff4c515132a8d35c85a2f64_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:6ddf185f2714d45fab92c831bf32673da55c7a43dbcf1bd22090b203791e03b2_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:eb32b129ea6a10b4aada4313ff11b04c33b99877eea9a5e567245d361d69f140_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:165f6085028f3859f6ede9176d413274ee1a457b72cd9c437795146c20b0722c_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:7a39f26f51bcbb4ef395208db01e2b0ee8b1fe9b15b3701c9c35d8f636f790d9_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:a4d609ff22b610b625a74fffd22883d5debe93c2e0c6ae2bcbbfd8f5f6b2cf12_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:ec02f5f031fefd5a610b69a81be5350f96e54511e2d2c619e8b9fe8f193297b6_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:0070df2a8c7882ae021000c498ead96b19f1bd6819e46657d5898cb71e6ec506_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:4b578a8ef1579d7168b7f0a1b7cebe66213003f8225a86cfdd4c9f24a5e2d871_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:8d6371a5fe374e3bc5c19a930ea712d266fab13a722768204b128bc71e928c97_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:985b19d79b3e54fc8b99b9b0239b74dcf6d0102d3ff0cd5363ae4627069d2ee1_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:2a0a6ea6465a6d165f072ef782a1825cc16ecfb2f8c58d5ec58c1d40d02e5208_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:679b470190ff7a7fc04e283884be4f24d1b0c475d0730fb718f2f45c60551b61_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:9734d0dc0367884e128837b7d02038a3b4136c4865ed3dc90902801393e178b4_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:f5f35702e424cd4e9b768c59d44928844b2d09fbb98d368ae7b54b7ec0771d13_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-operator-bundle@sha256:093834bac2e2f7f01968ef542b9bcbf5fbe530c9f0dd86521825797abb4a33a2_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:190edd3effb60c56c885fc964d3eb48076293e1e43d745c4615ed00ef7daa145_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:382be8775c61942123adac2acec9f48085ebf7fd2b286c20e36a33ea6462baa7_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:5e83175abaef1e3046bac94621a86e036317833c740cdd6d235f1133a1388dd3_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:7173a298b07cbde3cd9ff12ca25f26ccf79b9ff8cfcb35a001c9f8c0b0291436_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:16cf5e33f297c027686d3ba9c6cbb01dba7a39299e2765fe4eaacc892b32f0d1_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:4715242f98234d2018f8317d9a57f63ff23b4d63be96491d55af2a2ef4572261_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:678c8d38900d994c4aa2e23669b7901747028690a4c5e4ba9aced4cbfe22b248_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:b39a2930e310d432a840798f03f7e55b8da42ff16ccda31790f85558d2be2537_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:1d01e27a3cdea6c99a985b877e29629d1c1fb00203f4a90c45db6df7a602e2cc_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:88b38ad10068e0574d2e5934849b98429c69305633b42aa4d19822ede2a6e10d_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:b020334c46f2d7276ba0c3aa8be7951254b197b2da310f0c22d2e16681a6a265_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:f2c222424cd66659ebea6787b6934c2d01d9eeb4f7db03ebfa16ab7b65aeb5b2_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:153f9e059139e6dbaeb2e5166d21bfeec59a59aa5cd8045e11dbfa091479b4bb_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:b2173caa314ae26d2a300f61cfa94031c34fe7676fd007418849212082db3636_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:cd9ada6b38c080eec45e1d053ec305dde2d574899019ffb01a28dbe1dd582912_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:f17eb032f7250aa4a3bb99e2754fa4cb0dbfc9fbbb8c787f70ad30b71b27b5a2_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:1a57b53f8642ccb95884687efc251ad52e8ee3e718b55d0f4d21f800dfd3f5fa_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:6234cfecf4dd75b8c4ff1c527ad4eb306d966cfa0170ecdb8ea4bc69c2cdc495_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:779e75a94141db7f8223b9861ba2fa3ba8baf6fa470bb0ab109945d75e20121b_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:e593bebc4e753ac3c4cdd1be05711452dbda6e3b015b37926fa804851bdad6a8_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crypto/x509: Incorrect enforcement of email constraints in crypto/x509"
},
{
"cve": "CVE-2026-33186",
"cwe": {
"id": "CWE-551",
"name": "Incorrect Behavior Order: Authorization Before Parsing and Canonicalization"
},
"discovery_date": "2026-03-20T23:02:27.802640+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:5008dcb0428a0837b9abd827963e7008c8e16af8cfcbd432421286fca63fe714_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:5856cba3fe26ab7f756ba93e06caa6e522336ff36ff4c515132a8d35c85a2f64_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:6ddf185f2714d45fab92c831bf32673da55c7a43dbcf1bd22090b203791e03b2_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:eb32b129ea6a10b4aada4313ff11b04c33b99877eea9a5e567245d361d69f140_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:165f6085028f3859f6ede9176d413274ee1a457b72cd9c437795146c20b0722c_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:7a39f26f51bcbb4ef395208db01e2b0ee8b1fe9b15b3701c9c35d8f636f790d9_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:a4d609ff22b610b625a74fffd22883d5debe93c2e0c6ae2bcbbfd8f5f6b2cf12_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:ec02f5f031fefd5a610b69a81be5350f96e54511e2d2c619e8b9fe8f193297b6_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:0070df2a8c7882ae021000c498ead96b19f1bd6819e46657d5898cb71e6ec506_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:4b578a8ef1579d7168b7f0a1b7cebe66213003f8225a86cfdd4c9f24a5e2d871_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:8d6371a5fe374e3bc5c19a930ea712d266fab13a722768204b128bc71e928c97_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:985b19d79b3e54fc8b99b9b0239b74dcf6d0102d3ff0cd5363ae4627069d2ee1_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:2a0a6ea6465a6d165f072ef782a1825cc16ecfb2f8c58d5ec58c1d40d02e5208_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:679b470190ff7a7fc04e283884be4f24d1b0c475d0730fb718f2f45c60551b61_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:9734d0dc0367884e128837b7d02038a3b4136c4865ed3dc90902801393e178b4_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:f5f35702e424cd4e9b768c59d44928844b2d09fbb98d368ae7b54b7ec0771d13_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-operator-bundle@sha256:093834bac2e2f7f01968ef542b9bcbf5fbe530c9f0dd86521825797abb4a33a2_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:153f9e059139e6dbaeb2e5166d21bfeec59a59aa5cd8045e11dbfa091479b4bb_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:b2173caa314ae26d2a300f61cfa94031c34fe7676fd007418849212082db3636_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:cd9ada6b38c080eec45e1d053ec305dde2d574899019ffb01a28dbe1dd582912_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:f17eb032f7250aa4a3bb99e2754fa4cb0dbfc9fbbb8c787f70ad30b71b27b5a2_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:1a57b53f8642ccb95884687efc251ad52e8ee3e718b55d0f4d21f800dfd3f5fa_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:6234cfecf4dd75b8c4ff1c527ad4eb306d966cfa0170ecdb8ea4bc69c2cdc495_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:779e75a94141db7f8223b9861ba2fa3ba8baf6fa470bb0ab109945d75e20121b_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:e593bebc4e753ac3c4cdd1be05711452dbda6e3b015b37926fa804851bdad6a8_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2449833"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in gRPC-Go, the Go language implementation of gRPC. This vulnerability, an authorization bypass, is caused by improper input validation of the HTTP/2 `:path` pseudo-header. A remote attacker can exploit this by sending raw HTTP/2 frames with a malformed `:path` that omits the mandatory leading slash. This allows the attacker to bypass defined security policies, potentially leading to unauthorized access to services or information disclosure.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "google.golang.org/grpc/grpc-go: google.golang.org/grpc/authz: gRPC-Go: Authorization bypass due to improper HTTP/2 path validation",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:190edd3effb60c56c885fc964d3eb48076293e1e43d745c4615ed00ef7daa145_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:382be8775c61942123adac2acec9f48085ebf7fd2b286c20e36a33ea6462baa7_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:5e83175abaef1e3046bac94621a86e036317833c740cdd6d235f1133a1388dd3_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:7173a298b07cbde3cd9ff12ca25f26ccf79b9ff8cfcb35a001c9f8c0b0291436_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:16cf5e33f297c027686d3ba9c6cbb01dba7a39299e2765fe4eaacc892b32f0d1_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:4715242f98234d2018f8317d9a57f63ff23b4d63be96491d55af2a2ef4572261_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:678c8d38900d994c4aa2e23669b7901747028690a4c5e4ba9aced4cbfe22b248_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:b39a2930e310d432a840798f03f7e55b8da42ff16ccda31790f85558d2be2537_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:1d01e27a3cdea6c99a985b877e29629d1c1fb00203f4a90c45db6df7a602e2cc_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:88b38ad10068e0574d2e5934849b98429c69305633b42aa4d19822ede2a6e10d_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:b020334c46f2d7276ba0c3aa8be7951254b197b2da310f0c22d2e16681a6a265_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:f2c222424cd66659ebea6787b6934c2d01d9eeb4f7db03ebfa16ab7b65aeb5b2_amd64"
],
"known_not_affected": [
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:5008dcb0428a0837b9abd827963e7008c8e16af8cfcbd432421286fca63fe714_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:5856cba3fe26ab7f756ba93e06caa6e522336ff36ff4c515132a8d35c85a2f64_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:6ddf185f2714d45fab92c831bf32673da55c7a43dbcf1bd22090b203791e03b2_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:eb32b129ea6a10b4aada4313ff11b04c33b99877eea9a5e567245d361d69f140_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:165f6085028f3859f6ede9176d413274ee1a457b72cd9c437795146c20b0722c_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:7a39f26f51bcbb4ef395208db01e2b0ee8b1fe9b15b3701c9c35d8f636f790d9_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:a4d609ff22b610b625a74fffd22883d5debe93c2e0c6ae2bcbbfd8f5f6b2cf12_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:ec02f5f031fefd5a610b69a81be5350f96e54511e2d2c619e8b9fe8f193297b6_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:0070df2a8c7882ae021000c498ead96b19f1bd6819e46657d5898cb71e6ec506_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:4b578a8ef1579d7168b7f0a1b7cebe66213003f8225a86cfdd4c9f24a5e2d871_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:8d6371a5fe374e3bc5c19a930ea712d266fab13a722768204b128bc71e928c97_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:985b19d79b3e54fc8b99b9b0239b74dcf6d0102d3ff0cd5363ae4627069d2ee1_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:2a0a6ea6465a6d165f072ef782a1825cc16ecfb2f8c58d5ec58c1d40d02e5208_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:679b470190ff7a7fc04e283884be4f24d1b0c475d0730fb718f2f45c60551b61_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:9734d0dc0367884e128837b7d02038a3b4136c4865ed3dc90902801393e178b4_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:f5f35702e424cd4e9b768c59d44928844b2d09fbb98d368ae7b54b7ec0771d13_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-operator-bundle@sha256:093834bac2e2f7f01968ef542b9bcbf5fbe530c9f0dd86521825797abb4a33a2_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:153f9e059139e6dbaeb2e5166d21bfeec59a59aa5cd8045e11dbfa091479b4bb_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:b2173caa314ae26d2a300f61cfa94031c34fe7676fd007418849212082db3636_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:cd9ada6b38c080eec45e1d053ec305dde2d574899019ffb01a28dbe1dd582912_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:f17eb032f7250aa4a3bb99e2754fa4cb0dbfc9fbbb8c787f70ad30b71b27b5a2_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:1a57b53f8642ccb95884687efc251ad52e8ee3e718b55d0f4d21f800dfd3f5fa_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:6234cfecf4dd75b8c4ff1c527ad4eb306d966cfa0170ecdb8ea4bc69c2cdc495_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:779e75a94141db7f8223b9861ba2fa3ba8baf6fa470bb0ab109945d75e20121b_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:e593bebc4e753ac3c4cdd1be05711452dbda6e3b015b37926fa804851bdad6a8_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-33186"
},
{
"category": "external",
"summary": "RHBZ#2449833",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2449833"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-33186",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33186"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-33186",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33186"
},
{
"category": "external",
"summary": "https://github.com/grpc/grpc-go/security/advisories/GHSA-p77j-4mvh-x3m3",
"url": "https://github.com/grpc/grpc-go/security/advisories/GHSA-p77j-4mvh-x3m3"
}
],
"release_date": "2026-03-20T22:23:32.147000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-28T07:19:47+00:00",
"details": "It is recommended that existing users of Red Hat OpenShift Builds 1.7.1 upgrades to to 1.7.2",
"product_ids": [
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:190edd3effb60c56c885fc964d3eb48076293e1e43d745c4615ed00ef7daa145_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:382be8775c61942123adac2acec9f48085ebf7fd2b286c20e36a33ea6462baa7_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:5e83175abaef1e3046bac94621a86e036317833c740cdd6d235f1133a1388dd3_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:7173a298b07cbde3cd9ff12ca25f26ccf79b9ff8cfcb35a001c9f8c0b0291436_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:16cf5e33f297c027686d3ba9c6cbb01dba7a39299e2765fe4eaacc892b32f0d1_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:4715242f98234d2018f8317d9a57f63ff23b4d63be96491d55af2a2ef4572261_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:678c8d38900d994c4aa2e23669b7901747028690a4c5e4ba9aced4cbfe22b248_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:b39a2930e310d432a840798f03f7e55b8da42ff16ccda31790f85558d2be2537_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:1d01e27a3cdea6c99a985b877e29629d1c1fb00203f4a90c45db6df7a602e2cc_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:88b38ad10068e0574d2e5934849b98429c69305633b42aa4d19822ede2a6e10d_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:b020334c46f2d7276ba0c3aa8be7951254b197b2da310f0c22d2e16681a6a265_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:f2c222424cd66659ebea6787b6934c2d01d9eeb4f7db03ebfa16ab7b65aeb5b2_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:11331"
},
{
"category": "workaround",
"details": "To mitigate this issue, implement infrastructure-level normalization to ensure all incoming HTTP/2 `:path` headers are properly formatted with a leading slash before reaching the gRPC-Go server. This can be achieved by configuring a reverse proxy or API gateway to validate and normalize the `:path` header. Ensure that any such intermediary is properly configured and restarted to apply the changes, which may temporarily impact service availability.",
"product_ids": [
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:5008dcb0428a0837b9abd827963e7008c8e16af8cfcbd432421286fca63fe714_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:5856cba3fe26ab7f756ba93e06caa6e522336ff36ff4c515132a8d35c85a2f64_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:6ddf185f2714d45fab92c831bf32673da55c7a43dbcf1bd22090b203791e03b2_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:eb32b129ea6a10b4aada4313ff11b04c33b99877eea9a5e567245d361d69f140_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:165f6085028f3859f6ede9176d413274ee1a457b72cd9c437795146c20b0722c_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:7a39f26f51bcbb4ef395208db01e2b0ee8b1fe9b15b3701c9c35d8f636f790d9_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:a4d609ff22b610b625a74fffd22883d5debe93c2e0c6ae2bcbbfd8f5f6b2cf12_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:ec02f5f031fefd5a610b69a81be5350f96e54511e2d2c619e8b9fe8f193297b6_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:0070df2a8c7882ae021000c498ead96b19f1bd6819e46657d5898cb71e6ec506_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:4b578a8ef1579d7168b7f0a1b7cebe66213003f8225a86cfdd4c9f24a5e2d871_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:8d6371a5fe374e3bc5c19a930ea712d266fab13a722768204b128bc71e928c97_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:985b19d79b3e54fc8b99b9b0239b74dcf6d0102d3ff0cd5363ae4627069d2ee1_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:2a0a6ea6465a6d165f072ef782a1825cc16ecfb2f8c58d5ec58c1d40d02e5208_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:679b470190ff7a7fc04e283884be4f24d1b0c475d0730fb718f2f45c60551b61_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:9734d0dc0367884e128837b7d02038a3b4136c4865ed3dc90902801393e178b4_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:f5f35702e424cd4e9b768c59d44928844b2d09fbb98d368ae7b54b7ec0771d13_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-operator-bundle@sha256:093834bac2e2f7f01968ef542b9bcbf5fbe530c9f0dd86521825797abb4a33a2_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:190edd3effb60c56c885fc964d3eb48076293e1e43d745c4615ed00ef7daa145_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:382be8775c61942123adac2acec9f48085ebf7fd2b286c20e36a33ea6462baa7_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:5e83175abaef1e3046bac94621a86e036317833c740cdd6d235f1133a1388dd3_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:7173a298b07cbde3cd9ff12ca25f26ccf79b9ff8cfcb35a001c9f8c0b0291436_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:16cf5e33f297c027686d3ba9c6cbb01dba7a39299e2765fe4eaacc892b32f0d1_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:4715242f98234d2018f8317d9a57f63ff23b4d63be96491d55af2a2ef4572261_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:678c8d38900d994c4aa2e23669b7901747028690a4c5e4ba9aced4cbfe22b248_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:b39a2930e310d432a840798f03f7e55b8da42ff16ccda31790f85558d2be2537_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:1d01e27a3cdea6c99a985b877e29629d1c1fb00203f4a90c45db6df7a602e2cc_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:88b38ad10068e0574d2e5934849b98429c69305633b42aa4d19822ede2a6e10d_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:b020334c46f2d7276ba0c3aa8be7951254b197b2da310f0c22d2e16681a6a265_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:f2c222424cd66659ebea6787b6934c2d01d9eeb4f7db03ebfa16ab7b65aeb5b2_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:153f9e059139e6dbaeb2e5166d21bfeec59a59aa5cd8045e11dbfa091479b4bb_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:b2173caa314ae26d2a300f61cfa94031c34fe7676fd007418849212082db3636_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:cd9ada6b38c080eec45e1d053ec305dde2d574899019ffb01a28dbe1dd582912_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:f17eb032f7250aa4a3bb99e2754fa4cb0dbfc9fbbb8c787f70ad30b71b27b5a2_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:1a57b53f8642ccb95884687efc251ad52e8ee3e718b55d0f4d21f800dfd3f5fa_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:6234cfecf4dd75b8c4ff1c527ad4eb306d966cfa0170ecdb8ea4bc69c2cdc495_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:779e75a94141db7f8223b9861ba2fa3ba8baf6fa470bb0ab109945d75e20121b_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:e593bebc4e753ac3c4cdd1be05711452dbda6e3b015b37926fa804851bdad6a8_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:5008dcb0428a0837b9abd827963e7008c8e16af8cfcbd432421286fca63fe714_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:5856cba3fe26ab7f756ba93e06caa6e522336ff36ff4c515132a8d35c85a2f64_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:6ddf185f2714d45fab92c831bf32673da55c7a43dbcf1bd22090b203791e03b2_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:eb32b129ea6a10b4aada4313ff11b04c33b99877eea9a5e567245d361d69f140_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:165f6085028f3859f6ede9176d413274ee1a457b72cd9c437795146c20b0722c_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:7a39f26f51bcbb4ef395208db01e2b0ee8b1fe9b15b3701c9c35d8f636f790d9_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:a4d609ff22b610b625a74fffd22883d5debe93c2e0c6ae2bcbbfd8f5f6b2cf12_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:ec02f5f031fefd5a610b69a81be5350f96e54511e2d2c619e8b9fe8f193297b6_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:0070df2a8c7882ae021000c498ead96b19f1bd6819e46657d5898cb71e6ec506_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:4b578a8ef1579d7168b7f0a1b7cebe66213003f8225a86cfdd4c9f24a5e2d871_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:8d6371a5fe374e3bc5c19a930ea712d266fab13a722768204b128bc71e928c97_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:985b19d79b3e54fc8b99b9b0239b74dcf6d0102d3ff0cd5363ae4627069d2ee1_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:2a0a6ea6465a6d165f072ef782a1825cc16ecfb2f8c58d5ec58c1d40d02e5208_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:679b470190ff7a7fc04e283884be4f24d1b0c475d0730fb718f2f45c60551b61_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:9734d0dc0367884e128837b7d02038a3b4136c4865ed3dc90902801393e178b4_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:f5f35702e424cd4e9b768c59d44928844b2d09fbb98d368ae7b54b7ec0771d13_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-operator-bundle@sha256:093834bac2e2f7f01968ef542b9bcbf5fbe530c9f0dd86521825797abb4a33a2_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:190edd3effb60c56c885fc964d3eb48076293e1e43d745c4615ed00ef7daa145_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:382be8775c61942123adac2acec9f48085ebf7fd2b286c20e36a33ea6462baa7_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:5e83175abaef1e3046bac94621a86e036317833c740cdd6d235f1133a1388dd3_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:7173a298b07cbde3cd9ff12ca25f26ccf79b9ff8cfcb35a001c9f8c0b0291436_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:16cf5e33f297c027686d3ba9c6cbb01dba7a39299e2765fe4eaacc892b32f0d1_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:4715242f98234d2018f8317d9a57f63ff23b4d63be96491d55af2a2ef4572261_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:678c8d38900d994c4aa2e23669b7901747028690a4c5e4ba9aced4cbfe22b248_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:b39a2930e310d432a840798f03f7e55b8da42ff16ccda31790f85558d2be2537_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:1d01e27a3cdea6c99a985b877e29629d1c1fb00203f4a90c45db6df7a602e2cc_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:88b38ad10068e0574d2e5934849b98429c69305633b42aa4d19822ede2a6e10d_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:b020334c46f2d7276ba0c3aa8be7951254b197b2da310f0c22d2e16681a6a265_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:f2c222424cd66659ebea6787b6934c2d01d9eeb4f7db03ebfa16ab7b65aeb5b2_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:153f9e059139e6dbaeb2e5166d21bfeec59a59aa5cd8045e11dbfa091479b4bb_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:b2173caa314ae26d2a300f61cfa94031c34fe7676fd007418849212082db3636_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:cd9ada6b38c080eec45e1d053ec305dde2d574899019ffb01a28dbe1dd582912_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:f17eb032f7250aa4a3bb99e2754fa4cb0dbfc9fbbb8c787f70ad30b71b27b5a2_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:1a57b53f8642ccb95884687efc251ad52e8ee3e718b55d0f4d21f800dfd3f5fa_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:6234cfecf4dd75b8c4ff1c527ad4eb306d966cfa0170ecdb8ea4bc69c2cdc495_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:779e75a94141db7f8223b9861ba2fa3ba8baf6fa470bb0ab109945d75e20121b_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:e593bebc4e753ac3c4cdd1be05711452dbda6e3b015b37926fa804851bdad6a8_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "google.golang.org/grpc/grpc-go: google.golang.org/grpc/authz: gRPC-Go: Authorization bypass due to improper HTTP/2 path validation"
},
{
"cve": "CVE-2026-33211",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2026-03-24T00:02:20.093480+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:5008dcb0428a0837b9abd827963e7008c8e16af8cfcbd432421286fca63fe714_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:5856cba3fe26ab7f756ba93e06caa6e522336ff36ff4c515132a8d35c85a2f64_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:6ddf185f2714d45fab92c831bf32673da55c7a43dbcf1bd22090b203791e03b2_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:eb32b129ea6a10b4aada4313ff11b04c33b99877eea9a5e567245d361d69f140_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:165f6085028f3859f6ede9176d413274ee1a457b72cd9c437795146c20b0722c_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:7a39f26f51bcbb4ef395208db01e2b0ee8b1fe9b15b3701c9c35d8f636f790d9_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:a4d609ff22b610b625a74fffd22883d5debe93c2e0c6ae2bcbbfd8f5f6b2cf12_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:ec02f5f031fefd5a610b69a81be5350f96e54511e2d2c619e8b9fe8f193297b6_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:0070df2a8c7882ae021000c498ead96b19f1bd6819e46657d5898cb71e6ec506_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:4b578a8ef1579d7168b7f0a1b7cebe66213003f8225a86cfdd4c9f24a5e2d871_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:8d6371a5fe374e3bc5c19a930ea712d266fab13a722768204b128bc71e928c97_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:985b19d79b3e54fc8b99b9b0239b74dcf6d0102d3ff0cd5363ae4627069d2ee1_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:2a0a6ea6465a6d165f072ef782a1825cc16ecfb2f8c58d5ec58c1d40d02e5208_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:679b470190ff7a7fc04e283884be4f24d1b0c475d0730fb718f2f45c60551b61_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:9734d0dc0367884e128837b7d02038a3b4136c4865ed3dc90902801393e178b4_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:f5f35702e424cd4e9b768c59d44928844b2d09fbb98d368ae7b54b7ec0771d13_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-operator-bundle@sha256:093834bac2e2f7f01968ef542b9bcbf5fbe530c9f0dd86521825797abb4a33a2_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:16cf5e33f297c027686d3ba9c6cbb01dba7a39299e2765fe4eaacc892b32f0d1_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:4715242f98234d2018f8317d9a57f63ff23b4d63be96491d55af2a2ef4572261_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:678c8d38900d994c4aa2e23669b7901747028690a4c5e4ba9aced4cbfe22b248_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:b39a2930e310d432a840798f03f7e55b8da42ff16ccda31790f85558d2be2537_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:1d01e27a3cdea6c99a985b877e29629d1c1fb00203f4a90c45db6df7a602e2cc_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:88b38ad10068e0574d2e5934849b98429c69305633b42aa4d19822ede2a6e10d_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:b020334c46f2d7276ba0c3aa8be7951254b197b2da310f0c22d2e16681a6a265_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:f2c222424cd66659ebea6787b6934c2d01d9eeb4f7db03ebfa16ab7b65aeb5b2_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:153f9e059139e6dbaeb2e5166d21bfeec59a59aa5cd8045e11dbfa091479b4bb_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:b2173caa314ae26d2a300f61cfa94031c34fe7676fd007418849212082db3636_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:cd9ada6b38c080eec45e1d053ec305dde2d574899019ffb01a28dbe1dd582912_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:f17eb032f7250aa4a3bb99e2754fa4cb0dbfc9fbbb8c787f70ad30b71b27b5a2_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:1a57b53f8642ccb95884687efc251ad52e8ee3e718b55d0f4d21f800dfd3f5fa_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:6234cfecf4dd75b8c4ff1c527ad4eb306d966cfa0170ecdb8ea4bc69c2cdc495_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:779e75a94141db7f8223b9861ba2fa3ba8baf6fa470bb0ab109945d75e20121b_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:e593bebc4e753ac3c4cdd1be05711452dbda6e3b015b37926fa804851bdad6a8_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2450554"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Tekton Pipelines, specifically in the Tekton Pipelines git resolver. A tenant with permissions to create ResolutionRequests can exploit a path traversal vulnerability via the `pathInRepo` parameter. This allows the tenant to read arbitrary files from the resolver pod\u0027s filesystem, leading to information disclosure, including sensitive ServiceAccount tokens. The contents of these files are returned in a base64-encoded format.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Tekton Pipelines: github.com/tektoncd/pipeline: Tekton Pipelines: Information disclosure via path traversal in git resolver",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker needs to have the permission to create ResolutionRequests (e.g., by creating TaskRuns or PipelineRuns that use the git resolver) within at least one specific namespace, limiting the exposure of this issue to authenticated users. Also, an attacker can read any file readable by the resolver pod process, including cluster secrets, allowing an escalation of privileges from namespace-scoped access to cluster-wide access. Due to these reasons, this vulnerability has been rated with an important severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:190edd3effb60c56c885fc964d3eb48076293e1e43d745c4615ed00ef7daa145_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:382be8775c61942123adac2acec9f48085ebf7fd2b286c20e36a33ea6462baa7_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:5e83175abaef1e3046bac94621a86e036317833c740cdd6d235f1133a1388dd3_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:7173a298b07cbde3cd9ff12ca25f26ccf79b9ff8cfcb35a001c9f8c0b0291436_s390x"
],
"known_not_affected": [
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:5008dcb0428a0837b9abd827963e7008c8e16af8cfcbd432421286fca63fe714_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:5856cba3fe26ab7f756ba93e06caa6e522336ff36ff4c515132a8d35c85a2f64_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:6ddf185f2714d45fab92c831bf32673da55c7a43dbcf1bd22090b203791e03b2_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:eb32b129ea6a10b4aada4313ff11b04c33b99877eea9a5e567245d361d69f140_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:165f6085028f3859f6ede9176d413274ee1a457b72cd9c437795146c20b0722c_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:7a39f26f51bcbb4ef395208db01e2b0ee8b1fe9b15b3701c9c35d8f636f790d9_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:a4d609ff22b610b625a74fffd22883d5debe93c2e0c6ae2bcbbfd8f5f6b2cf12_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:ec02f5f031fefd5a610b69a81be5350f96e54511e2d2c619e8b9fe8f193297b6_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:0070df2a8c7882ae021000c498ead96b19f1bd6819e46657d5898cb71e6ec506_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:4b578a8ef1579d7168b7f0a1b7cebe66213003f8225a86cfdd4c9f24a5e2d871_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:8d6371a5fe374e3bc5c19a930ea712d266fab13a722768204b128bc71e928c97_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:985b19d79b3e54fc8b99b9b0239b74dcf6d0102d3ff0cd5363ae4627069d2ee1_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:2a0a6ea6465a6d165f072ef782a1825cc16ecfb2f8c58d5ec58c1d40d02e5208_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:679b470190ff7a7fc04e283884be4f24d1b0c475d0730fb718f2f45c60551b61_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:9734d0dc0367884e128837b7d02038a3b4136c4865ed3dc90902801393e178b4_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:f5f35702e424cd4e9b768c59d44928844b2d09fbb98d368ae7b54b7ec0771d13_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-operator-bundle@sha256:093834bac2e2f7f01968ef542b9bcbf5fbe530c9f0dd86521825797abb4a33a2_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:16cf5e33f297c027686d3ba9c6cbb01dba7a39299e2765fe4eaacc892b32f0d1_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:4715242f98234d2018f8317d9a57f63ff23b4d63be96491d55af2a2ef4572261_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:678c8d38900d994c4aa2e23669b7901747028690a4c5e4ba9aced4cbfe22b248_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:b39a2930e310d432a840798f03f7e55b8da42ff16ccda31790f85558d2be2537_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:1d01e27a3cdea6c99a985b877e29629d1c1fb00203f4a90c45db6df7a602e2cc_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:88b38ad10068e0574d2e5934849b98429c69305633b42aa4d19822ede2a6e10d_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:b020334c46f2d7276ba0c3aa8be7951254b197b2da310f0c22d2e16681a6a265_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:f2c222424cd66659ebea6787b6934c2d01d9eeb4f7db03ebfa16ab7b65aeb5b2_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:153f9e059139e6dbaeb2e5166d21bfeec59a59aa5cd8045e11dbfa091479b4bb_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:b2173caa314ae26d2a300f61cfa94031c34fe7676fd007418849212082db3636_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:cd9ada6b38c080eec45e1d053ec305dde2d574899019ffb01a28dbe1dd582912_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:f17eb032f7250aa4a3bb99e2754fa4cb0dbfc9fbbb8c787f70ad30b71b27b5a2_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:1a57b53f8642ccb95884687efc251ad52e8ee3e718b55d0f4d21f800dfd3f5fa_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:6234cfecf4dd75b8c4ff1c527ad4eb306d966cfa0170ecdb8ea4bc69c2cdc495_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:779e75a94141db7f8223b9861ba2fa3ba8baf6fa470bb0ab109945d75e20121b_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:e593bebc4e753ac3c4cdd1be05711452dbda6e3b015b37926fa804851bdad6a8_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-33211"
},
{
"category": "external",
"summary": "RHBZ#2450554",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450554"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-33211",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33211"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-33211",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33211"
},
{
"category": "external",
"summary": "https://github.com/tektoncd/pipeline/commit/10fa538f9a2b6d01c75138f1ed7ba3da0e34687c",
"url": "https://github.com/tektoncd/pipeline/commit/10fa538f9a2b6d01c75138f1ed7ba3da0e34687c"
},
{
"category": "external",
"summary": "https://github.com/tektoncd/pipeline/commit/318006c4e3a5",
"url": "https://github.com/tektoncd/pipeline/commit/318006c4e3a5"
},
{
"category": "external",
"summary": "https://github.com/tektoncd/pipeline/commit/3ca7bc6e6dd1d97f80b84f78370d91edaf023cbd",
"url": "https://github.com/tektoncd/pipeline/commit/3ca7bc6e6dd1d97f80b84f78370d91edaf023cbd"
},
{
"category": "external",
"summary": "https://github.com/tektoncd/pipeline/commit/961388fcf3374bc7656d28ab58ca84987e0a75ae",
"url": "https://github.com/tektoncd/pipeline/commit/961388fcf3374bc7656d28ab58ca84987e0a75ae"
},
{
"category": "external",
"summary": "https://github.com/tektoncd/pipeline/commit/b1fee65b88aa969069c14c120045e97c37d9ee5e",
"url": "https://github.com/tektoncd/pipeline/commit/b1fee65b88aa969069c14c120045e97c37d9ee5e"
},
{
"category": "external",
"summary": "https://github.com/tektoncd/pipeline/commit/cdb4e1e97a4f3170f9bc2cbfff83a6c8107bc3db",
"url": "https://github.com/tektoncd/pipeline/commit/cdb4e1e97a4f3170f9bc2cbfff83a6c8107bc3db"
},
{
"category": "external",
"summary": "https://github.com/tektoncd/pipeline/commit/ec7755031a183b345cf9e64bea0e0505c1b9cb78",
"url": "https://github.com/tektoncd/pipeline/commit/ec7755031a183b345cf9e64bea0e0505c1b9cb78"
},
{
"category": "external",
"summary": "https://github.com/tektoncd/pipeline/security/advisories/GHSA-j5q5-j9gm-2w5c",
"url": "https://github.com/tektoncd/pipeline/security/advisories/GHSA-j5q5-j9gm-2w5c"
}
],
"release_date": "2026-03-23T23:55:54.089000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-28T07:19:47+00:00",
"details": "It is recommended that existing users of Red Hat OpenShift Builds 1.7.1 upgrades to to 1.7.2",
"product_ids": [
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:190edd3effb60c56c885fc964d3eb48076293e1e43d745c4615ed00ef7daa145_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:382be8775c61942123adac2acec9f48085ebf7fd2b286c20e36a33ea6462baa7_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:5e83175abaef1e3046bac94621a86e036317833c740cdd6d235f1133a1388dd3_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:7173a298b07cbde3cd9ff12ca25f26ccf79b9ff8cfcb35a001c9f8c0b0291436_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:11331"
},
{
"category": "workaround",
"details": "To mitigate this vulnerability, restrict the creation of ResolutionRequests to trusted users and service accounts. Implement strict Role-Based Access Control (RBAC) policies to limit which tenants can create TaskRuns or PipelineRuns that utilize the Tekton Pipelines git resolver. This reduces the exposure by preventing unauthorized access to the resolver pod\u0027s filesystem.",
"product_ids": [
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:5008dcb0428a0837b9abd827963e7008c8e16af8cfcbd432421286fca63fe714_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:5856cba3fe26ab7f756ba93e06caa6e522336ff36ff4c515132a8d35c85a2f64_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:6ddf185f2714d45fab92c831bf32673da55c7a43dbcf1bd22090b203791e03b2_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:eb32b129ea6a10b4aada4313ff11b04c33b99877eea9a5e567245d361d69f140_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:165f6085028f3859f6ede9176d413274ee1a457b72cd9c437795146c20b0722c_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:7a39f26f51bcbb4ef395208db01e2b0ee8b1fe9b15b3701c9c35d8f636f790d9_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:a4d609ff22b610b625a74fffd22883d5debe93c2e0c6ae2bcbbfd8f5f6b2cf12_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:ec02f5f031fefd5a610b69a81be5350f96e54511e2d2c619e8b9fe8f193297b6_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:0070df2a8c7882ae021000c498ead96b19f1bd6819e46657d5898cb71e6ec506_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:4b578a8ef1579d7168b7f0a1b7cebe66213003f8225a86cfdd4c9f24a5e2d871_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:8d6371a5fe374e3bc5c19a930ea712d266fab13a722768204b128bc71e928c97_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:985b19d79b3e54fc8b99b9b0239b74dcf6d0102d3ff0cd5363ae4627069d2ee1_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:2a0a6ea6465a6d165f072ef782a1825cc16ecfb2f8c58d5ec58c1d40d02e5208_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:679b470190ff7a7fc04e283884be4f24d1b0c475d0730fb718f2f45c60551b61_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:9734d0dc0367884e128837b7d02038a3b4136c4865ed3dc90902801393e178b4_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:f5f35702e424cd4e9b768c59d44928844b2d09fbb98d368ae7b54b7ec0771d13_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-operator-bundle@sha256:093834bac2e2f7f01968ef542b9bcbf5fbe530c9f0dd86521825797abb4a33a2_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:190edd3effb60c56c885fc964d3eb48076293e1e43d745c4615ed00ef7daa145_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:382be8775c61942123adac2acec9f48085ebf7fd2b286c20e36a33ea6462baa7_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:5e83175abaef1e3046bac94621a86e036317833c740cdd6d235f1133a1388dd3_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:7173a298b07cbde3cd9ff12ca25f26ccf79b9ff8cfcb35a001c9f8c0b0291436_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:16cf5e33f297c027686d3ba9c6cbb01dba7a39299e2765fe4eaacc892b32f0d1_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:4715242f98234d2018f8317d9a57f63ff23b4d63be96491d55af2a2ef4572261_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:678c8d38900d994c4aa2e23669b7901747028690a4c5e4ba9aced4cbfe22b248_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:b39a2930e310d432a840798f03f7e55b8da42ff16ccda31790f85558d2be2537_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:1d01e27a3cdea6c99a985b877e29629d1c1fb00203f4a90c45db6df7a602e2cc_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:88b38ad10068e0574d2e5934849b98429c69305633b42aa4d19822ede2a6e10d_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:b020334c46f2d7276ba0c3aa8be7951254b197b2da310f0c22d2e16681a6a265_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:f2c222424cd66659ebea6787b6934c2d01d9eeb4f7db03ebfa16ab7b65aeb5b2_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:153f9e059139e6dbaeb2e5166d21bfeec59a59aa5cd8045e11dbfa091479b4bb_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:b2173caa314ae26d2a300f61cfa94031c34fe7676fd007418849212082db3636_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:cd9ada6b38c080eec45e1d053ec305dde2d574899019ffb01a28dbe1dd582912_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:f17eb032f7250aa4a3bb99e2754fa4cb0dbfc9fbbb8c787f70ad30b71b27b5a2_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:1a57b53f8642ccb95884687efc251ad52e8ee3e718b55d0f4d21f800dfd3f5fa_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:6234cfecf4dd75b8c4ff1c527ad4eb306d966cfa0170ecdb8ea4bc69c2cdc495_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:779e75a94141db7f8223b9861ba2fa3ba8baf6fa470bb0ab109945d75e20121b_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:e593bebc4e753ac3c4cdd1be05711452dbda6e3b015b37926fa804851bdad6a8_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:5008dcb0428a0837b9abd827963e7008c8e16af8cfcbd432421286fca63fe714_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:5856cba3fe26ab7f756ba93e06caa6e522336ff36ff4c515132a8d35c85a2f64_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:6ddf185f2714d45fab92c831bf32673da55c7a43dbcf1bd22090b203791e03b2_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:eb32b129ea6a10b4aada4313ff11b04c33b99877eea9a5e567245d361d69f140_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:165f6085028f3859f6ede9176d413274ee1a457b72cd9c437795146c20b0722c_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:7a39f26f51bcbb4ef395208db01e2b0ee8b1fe9b15b3701c9c35d8f636f790d9_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:a4d609ff22b610b625a74fffd22883d5debe93c2e0c6ae2bcbbfd8f5f6b2cf12_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:ec02f5f031fefd5a610b69a81be5350f96e54511e2d2c619e8b9fe8f193297b6_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:0070df2a8c7882ae021000c498ead96b19f1bd6819e46657d5898cb71e6ec506_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:4b578a8ef1579d7168b7f0a1b7cebe66213003f8225a86cfdd4c9f24a5e2d871_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:8d6371a5fe374e3bc5c19a930ea712d266fab13a722768204b128bc71e928c97_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:985b19d79b3e54fc8b99b9b0239b74dcf6d0102d3ff0cd5363ae4627069d2ee1_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:2a0a6ea6465a6d165f072ef782a1825cc16ecfb2f8c58d5ec58c1d40d02e5208_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:679b470190ff7a7fc04e283884be4f24d1b0c475d0730fb718f2f45c60551b61_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:9734d0dc0367884e128837b7d02038a3b4136c4865ed3dc90902801393e178b4_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:f5f35702e424cd4e9b768c59d44928844b2d09fbb98d368ae7b54b7ec0771d13_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-operator-bundle@sha256:093834bac2e2f7f01968ef542b9bcbf5fbe530c9f0dd86521825797abb4a33a2_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:190edd3effb60c56c885fc964d3eb48076293e1e43d745c4615ed00ef7daa145_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:382be8775c61942123adac2acec9f48085ebf7fd2b286c20e36a33ea6462baa7_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:5e83175abaef1e3046bac94621a86e036317833c740cdd6d235f1133a1388dd3_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:7173a298b07cbde3cd9ff12ca25f26ccf79b9ff8cfcb35a001c9f8c0b0291436_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:16cf5e33f297c027686d3ba9c6cbb01dba7a39299e2765fe4eaacc892b32f0d1_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:4715242f98234d2018f8317d9a57f63ff23b4d63be96491d55af2a2ef4572261_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:678c8d38900d994c4aa2e23669b7901747028690a4c5e4ba9aced4cbfe22b248_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:b39a2930e310d432a840798f03f7e55b8da42ff16ccda31790f85558d2be2537_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:1d01e27a3cdea6c99a985b877e29629d1c1fb00203f4a90c45db6df7a602e2cc_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:88b38ad10068e0574d2e5934849b98429c69305633b42aa4d19822ede2a6e10d_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:b020334c46f2d7276ba0c3aa8be7951254b197b2da310f0c22d2e16681a6a265_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:f2c222424cd66659ebea6787b6934c2d01d9eeb4f7db03ebfa16ab7b65aeb5b2_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:153f9e059139e6dbaeb2e5166d21bfeec59a59aa5cd8045e11dbfa091479b4bb_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:b2173caa314ae26d2a300f61cfa94031c34fe7676fd007418849212082db3636_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:cd9ada6b38c080eec45e1d053ec305dde2d574899019ffb01a28dbe1dd582912_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:f17eb032f7250aa4a3bb99e2754fa4cb0dbfc9fbbb8c787f70ad30b71b27b5a2_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:1a57b53f8642ccb95884687efc251ad52e8ee3e718b55d0f4d21f800dfd3f5fa_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:6234cfecf4dd75b8c4ff1c527ad4eb306d966cfa0170ecdb8ea4bc69c2cdc495_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:779e75a94141db7f8223b9861ba2fa3ba8baf6fa470bb0ab109945d75e20121b_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:e593bebc4e753ac3c4cdd1be05711452dbda6e3b015b37926fa804851bdad6a8_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Tekton Pipelines: github.com/tektoncd/pipeline: Tekton Pipelines: Information disclosure via path traversal in git resolver"
},
{
"cve": "CVE-2026-33810",
"cwe": {
"id": "CWE-1289",
"name": "Improper Validation of Unsafe Equivalence in Input"
},
"discovery_date": "2026-04-08T02:01:09.100830+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:5008dcb0428a0837b9abd827963e7008c8e16af8cfcbd432421286fca63fe714_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:5856cba3fe26ab7f756ba93e06caa6e522336ff36ff4c515132a8d35c85a2f64_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:6ddf185f2714d45fab92c831bf32673da55c7a43dbcf1bd22090b203791e03b2_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:eb32b129ea6a10b4aada4313ff11b04c33b99877eea9a5e567245d361d69f140_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:165f6085028f3859f6ede9176d413274ee1a457b72cd9c437795146c20b0722c_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:7a39f26f51bcbb4ef395208db01e2b0ee8b1fe9b15b3701c9c35d8f636f790d9_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:a4d609ff22b610b625a74fffd22883d5debe93c2e0c6ae2bcbbfd8f5f6b2cf12_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:ec02f5f031fefd5a610b69a81be5350f96e54511e2d2c619e8b9fe8f193297b6_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:0070df2a8c7882ae021000c498ead96b19f1bd6819e46657d5898cb71e6ec506_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:4b578a8ef1579d7168b7f0a1b7cebe66213003f8225a86cfdd4c9f24a5e2d871_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:8d6371a5fe374e3bc5c19a930ea712d266fab13a722768204b128bc71e928c97_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:985b19d79b3e54fc8b99b9b0239b74dcf6d0102d3ff0cd5363ae4627069d2ee1_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:2a0a6ea6465a6d165f072ef782a1825cc16ecfb2f8c58d5ec58c1d40d02e5208_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:679b470190ff7a7fc04e283884be4f24d1b0c475d0730fb718f2f45c60551b61_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:9734d0dc0367884e128837b7d02038a3b4136c4865ed3dc90902801393e178b4_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:f5f35702e424cd4e9b768c59d44928844b2d09fbb98d368ae7b54b7ec0771d13_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-operator-bundle@sha256:093834bac2e2f7f01968ef542b9bcbf5fbe530c9f0dd86521825797abb4a33a2_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:190edd3effb60c56c885fc964d3eb48076293e1e43d745c4615ed00ef7daa145_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:382be8775c61942123adac2acec9f48085ebf7fd2b286c20e36a33ea6462baa7_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:5e83175abaef1e3046bac94621a86e036317833c740cdd6d235f1133a1388dd3_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:7173a298b07cbde3cd9ff12ca25f26ccf79b9ff8cfcb35a001c9f8c0b0291436_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:16cf5e33f297c027686d3ba9c6cbb01dba7a39299e2765fe4eaacc892b32f0d1_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:4715242f98234d2018f8317d9a57f63ff23b4d63be96491d55af2a2ef4572261_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:678c8d38900d994c4aa2e23669b7901747028690a4c5e4ba9aced4cbfe22b248_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:b39a2930e310d432a840798f03f7e55b8da42ff16ccda31790f85558d2be2537_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:1d01e27a3cdea6c99a985b877e29629d1c1fb00203f4a90c45db6df7a602e2cc_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:88b38ad10068e0574d2e5934849b98429c69305633b42aa4d19822ede2a6e10d_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:b020334c46f2d7276ba0c3aa8be7951254b197b2da310f0c22d2e16681a6a265_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:f2c222424cd66659ebea6787b6934c2d01d9eeb4f7db03ebfa16ab7b65aeb5b2_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:1a57b53f8642ccb95884687efc251ad52e8ee3e718b55d0f4d21f800dfd3f5fa_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:6234cfecf4dd75b8c4ff1c527ad4eb306d966cfa0170ecdb8ea4bc69c2cdc495_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:779e75a94141db7f8223b9861ba2fa3ba8baf6fa470bb0ab109945d75e20121b_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:e593bebc4e753ac3c4cdd1be05711452dbda6e3b015b37926fa804851bdad6a8_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2456335"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the `crypto/x509` package within Go (golang). When verifying a certificate chain, excluded DNS (Domain Name System) constraints are not correctly applied to wildcard DNS Subject Alternative Names (SANs) if the case of the SAN differs from the constraint. This oversight could allow an attacker to bypass certificate validation, potentially leading to the acceptance of a malicious certificate that should have been rejected. This issue specifically impacts the validation of trusted certificate chains.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: golang: Go crypto/x509: Certificate validation bypass due to incorrect DNS constraint application",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:153f9e059139e6dbaeb2e5166d21bfeec59a59aa5cd8045e11dbfa091479b4bb_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:b2173caa314ae26d2a300f61cfa94031c34fe7676fd007418849212082db3636_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:cd9ada6b38c080eec45e1d053ec305dde2d574899019ffb01a28dbe1dd582912_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:f17eb032f7250aa4a3bb99e2754fa4cb0dbfc9fbbb8c787f70ad30b71b27b5a2_ppc64le"
],
"known_not_affected": [
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:5008dcb0428a0837b9abd827963e7008c8e16af8cfcbd432421286fca63fe714_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:5856cba3fe26ab7f756ba93e06caa6e522336ff36ff4c515132a8d35c85a2f64_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:6ddf185f2714d45fab92c831bf32673da55c7a43dbcf1bd22090b203791e03b2_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:eb32b129ea6a10b4aada4313ff11b04c33b99877eea9a5e567245d361d69f140_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:165f6085028f3859f6ede9176d413274ee1a457b72cd9c437795146c20b0722c_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:7a39f26f51bcbb4ef395208db01e2b0ee8b1fe9b15b3701c9c35d8f636f790d9_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:a4d609ff22b610b625a74fffd22883d5debe93c2e0c6ae2bcbbfd8f5f6b2cf12_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:ec02f5f031fefd5a610b69a81be5350f96e54511e2d2c619e8b9fe8f193297b6_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:0070df2a8c7882ae021000c498ead96b19f1bd6819e46657d5898cb71e6ec506_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:4b578a8ef1579d7168b7f0a1b7cebe66213003f8225a86cfdd4c9f24a5e2d871_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:8d6371a5fe374e3bc5c19a930ea712d266fab13a722768204b128bc71e928c97_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:985b19d79b3e54fc8b99b9b0239b74dcf6d0102d3ff0cd5363ae4627069d2ee1_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:2a0a6ea6465a6d165f072ef782a1825cc16ecfb2f8c58d5ec58c1d40d02e5208_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:679b470190ff7a7fc04e283884be4f24d1b0c475d0730fb718f2f45c60551b61_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:9734d0dc0367884e128837b7d02038a3b4136c4865ed3dc90902801393e178b4_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:f5f35702e424cd4e9b768c59d44928844b2d09fbb98d368ae7b54b7ec0771d13_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-operator-bundle@sha256:093834bac2e2f7f01968ef542b9bcbf5fbe530c9f0dd86521825797abb4a33a2_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:190edd3effb60c56c885fc964d3eb48076293e1e43d745c4615ed00ef7daa145_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:382be8775c61942123adac2acec9f48085ebf7fd2b286c20e36a33ea6462baa7_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:5e83175abaef1e3046bac94621a86e036317833c740cdd6d235f1133a1388dd3_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:7173a298b07cbde3cd9ff12ca25f26ccf79b9ff8cfcb35a001c9f8c0b0291436_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:16cf5e33f297c027686d3ba9c6cbb01dba7a39299e2765fe4eaacc892b32f0d1_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:4715242f98234d2018f8317d9a57f63ff23b4d63be96491d55af2a2ef4572261_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:678c8d38900d994c4aa2e23669b7901747028690a4c5e4ba9aced4cbfe22b248_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:b39a2930e310d432a840798f03f7e55b8da42ff16ccda31790f85558d2be2537_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:1d01e27a3cdea6c99a985b877e29629d1c1fb00203f4a90c45db6df7a602e2cc_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:88b38ad10068e0574d2e5934849b98429c69305633b42aa4d19822ede2a6e10d_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:b020334c46f2d7276ba0c3aa8be7951254b197b2da310f0c22d2e16681a6a265_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:f2c222424cd66659ebea6787b6934c2d01d9eeb4f7db03ebfa16ab7b65aeb5b2_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:1a57b53f8642ccb95884687efc251ad52e8ee3e718b55d0f4d21f800dfd3f5fa_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:6234cfecf4dd75b8c4ff1c527ad4eb306d966cfa0170ecdb8ea4bc69c2cdc495_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:779e75a94141db7f8223b9861ba2fa3ba8baf6fa470bb0ab109945d75e20121b_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:e593bebc4e753ac3c4cdd1be05711452dbda6e3b015b37926fa804851bdad6a8_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-33810"
},
{
"category": "external",
"summary": "RHBZ#2456335",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456335"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-33810",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33810"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-33810",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33810"
},
{
"category": "external",
"summary": "https://go.dev/cl/763763",
"url": "https://go.dev/cl/763763"
},
{
"category": "external",
"summary": "https://go.dev/issue/78332",
"url": "https://go.dev/issue/78332"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU",
"url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4866",
"url": "https://pkg.go.dev/vuln/GO-2026-4866"
}
],
"release_date": "2026-04-08T01:06:56.546000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-28T07:19:47+00:00",
"details": "It is recommended that existing users of Red Hat OpenShift Builds 1.7.1 upgrades to to 1.7.2",
"product_ids": [
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:153f9e059139e6dbaeb2e5166d21bfeec59a59aa5cd8045e11dbfa091479b4bb_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:b2173caa314ae26d2a300f61cfa94031c34fe7676fd007418849212082db3636_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:cd9ada6b38c080eec45e1d053ec305dde2d574899019ffb01a28dbe1dd582912_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:f17eb032f7250aa4a3bb99e2754fa4cb0dbfc9fbbb8c787f70ad30b71b27b5a2_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:11331"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:L",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:5008dcb0428a0837b9abd827963e7008c8e16af8cfcbd432421286fca63fe714_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:5856cba3fe26ab7f756ba93e06caa6e522336ff36ff4c515132a8d35c85a2f64_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:6ddf185f2714d45fab92c831bf32673da55c7a43dbcf1bd22090b203791e03b2_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:eb32b129ea6a10b4aada4313ff11b04c33b99877eea9a5e567245d361d69f140_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:165f6085028f3859f6ede9176d413274ee1a457b72cd9c437795146c20b0722c_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:7a39f26f51bcbb4ef395208db01e2b0ee8b1fe9b15b3701c9c35d8f636f790d9_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:a4d609ff22b610b625a74fffd22883d5debe93c2e0c6ae2bcbbfd8f5f6b2cf12_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:ec02f5f031fefd5a610b69a81be5350f96e54511e2d2c619e8b9fe8f193297b6_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:0070df2a8c7882ae021000c498ead96b19f1bd6819e46657d5898cb71e6ec506_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:4b578a8ef1579d7168b7f0a1b7cebe66213003f8225a86cfdd4c9f24a5e2d871_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:8d6371a5fe374e3bc5c19a930ea712d266fab13a722768204b128bc71e928c97_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:985b19d79b3e54fc8b99b9b0239b74dcf6d0102d3ff0cd5363ae4627069d2ee1_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:2a0a6ea6465a6d165f072ef782a1825cc16ecfb2f8c58d5ec58c1d40d02e5208_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:679b470190ff7a7fc04e283884be4f24d1b0c475d0730fb718f2f45c60551b61_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:9734d0dc0367884e128837b7d02038a3b4136c4865ed3dc90902801393e178b4_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:f5f35702e424cd4e9b768c59d44928844b2d09fbb98d368ae7b54b7ec0771d13_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-operator-bundle@sha256:093834bac2e2f7f01968ef542b9bcbf5fbe530c9f0dd86521825797abb4a33a2_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:190edd3effb60c56c885fc964d3eb48076293e1e43d745c4615ed00ef7daa145_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:382be8775c61942123adac2acec9f48085ebf7fd2b286c20e36a33ea6462baa7_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:5e83175abaef1e3046bac94621a86e036317833c740cdd6d235f1133a1388dd3_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:7173a298b07cbde3cd9ff12ca25f26ccf79b9ff8cfcb35a001c9f8c0b0291436_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:16cf5e33f297c027686d3ba9c6cbb01dba7a39299e2765fe4eaacc892b32f0d1_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:4715242f98234d2018f8317d9a57f63ff23b4d63be96491d55af2a2ef4572261_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:678c8d38900d994c4aa2e23669b7901747028690a4c5e4ba9aced4cbfe22b248_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:b39a2930e310d432a840798f03f7e55b8da42ff16ccda31790f85558d2be2537_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:1d01e27a3cdea6c99a985b877e29629d1c1fb00203f4a90c45db6df7a602e2cc_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:88b38ad10068e0574d2e5934849b98429c69305633b42aa4d19822ede2a6e10d_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:b020334c46f2d7276ba0c3aa8be7951254b197b2da310f0c22d2e16681a6a265_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:f2c222424cd66659ebea6787b6934c2d01d9eeb4f7db03ebfa16ab7b65aeb5b2_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:153f9e059139e6dbaeb2e5166d21bfeec59a59aa5cd8045e11dbfa091479b4bb_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:b2173caa314ae26d2a300f61cfa94031c34fe7676fd007418849212082db3636_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:cd9ada6b38c080eec45e1d053ec305dde2d574899019ffb01a28dbe1dd582912_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:f17eb032f7250aa4a3bb99e2754fa4cb0dbfc9fbbb8c787f70ad30b71b27b5a2_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:1a57b53f8642ccb95884687efc251ad52e8ee3e718b55d0f4d21f800dfd3f5fa_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:6234cfecf4dd75b8c4ff1c527ad4eb306d966cfa0170ecdb8ea4bc69c2cdc495_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:779e75a94141db7f8223b9861ba2fa3ba8baf6fa470bb0ab109945d75e20121b_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:e593bebc4e753ac3c4cdd1be05711452dbda6e3b015b37926fa804851bdad6a8_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crypto/x509: golang: Go crypto/x509: Certificate validation bypass due to incorrect DNS constraint application"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…