Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2026-25679 (GCVE-0-2026-25679)
Vulnerability from cvelistv5 – Published: 2026-03-06 21:28 – Updated: 2026-03-10 13:37
VLAI
EPSS
Title
Incorrect parsing of IPv6 host literals in net/url
Summary
url.Parse insufficiently validated the host/authority component and accepted some invalid URLs.
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-1286 - Improper Validation of Syntactic Correctness of Input
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Go standard library | net/url |
Affected:
0 , < 1.25.8
(semver)
Affected: 1.26.0-0 , < 1.26.1 (semver) |
Credits
Masaki Hara (https://github.com/qnighy) of Wantedly
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-25679",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-10T13:36:26.554241Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-10T13:37:02.459Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://pkg.go.dev",
"defaultStatus": "unaffected",
"packageName": "net/url",
"product": "net/url",
"programRoutines": [
{
"name": "parseHost"
},
{
"name": "JoinPath"
},
{
"name": "Parse"
},
{
"name": "ParseRequestURI"
},
{
"name": "URL.Parse"
},
{
"name": "URL.UnmarshalBinary"
}
],
"vendor": "Go standard library",
"versions": [
{
"lessThan": "1.25.8",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "1.26.1",
"status": "affected",
"version": "1.26.0-0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Masaki Hara (https://github.com/qnighy) of Wantedly"
}
],
"descriptions": [
{
"lang": "en",
"value": "url.Parse insufficiently validated the host/authority component and accepted some invalid URLs."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-1286: Improper Validation of Syntactic Correctness of Input",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-06T21:28:14.211Z",
"orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
"shortName": "Go"
},
"references": [
{
"url": "https://go.dev/cl/752180"
},
{
"url": "https://go.dev/issue/77578"
},
{
"url": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk"
},
{
"url": "https://pkg.go.dev/vuln/GO-2026-4601"
}
],
"title": "Incorrect parsing of IPv6 host literals in net/url"
}
},
"cveMetadata": {
"assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
"assignerShortName": "Go",
"cveId": "CVE-2026-25679",
"datePublished": "2026-03-06T21:28:14.211Z",
"dateReserved": "2026-02-05T01:33:41.943Z",
"dateUpdated": "2026-03-10T13:37:02.459Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2026-25679",
"date": "2026-06-27",
"epss": "0.0052",
"percentile": "0.4025"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2026-25679\",\"sourceIdentifier\":\"security@golang.org\",\"published\":\"2026-03-06T22:16:00.720\",\"lastModified\":\"2026-04-21T14:43:03.800\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"url.Parse insufficiently validated the host/authority component and accepted some invalid URLs.\"},{\"lang\":\"es\",\"value\":\"url.Parse valid\u00f3 insuficientemente el componente de host/autoridad y acept\u00f3 algunas URL inv\u00e1lidas.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-425\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.25.8\",\"matchCriteriaId\":\"2D293CC0-B163-4E62-B985-52FB6ECA64C5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:golang:go:1.26.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A40FE3CB-0D03-462B-8A19-4DF1920ABE82\"}]}]}],\"references\":[{\"url\":\"https://go.dev/cl/752180\",\"source\":\"security@golang.org\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://go.dev/issue/77578\",\"source\":\"security@golang.org\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk\",\"source\":\"security@golang.org\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://pkg.go.dev/vuln/GO-2026-4601\",\"source\":\"security@golang.org\",\"tags\":[\"Vendor Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-25679\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-03-10T13:36:26.554241Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-03-10T13:36:57.330Z\"}}], \"cna\": {\"title\": \"Incorrect parsing of IPv6 host literals in net/url\", \"credits\": [{\"lang\": \"en\", \"value\": \"Masaki Hara (https://github.com/qnighy) of Wantedly\"}], \"affected\": [{\"vendor\": \"Go standard library\", \"product\": \"net/url\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"1.25.8\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"1.26.0-0\", \"lessThan\": \"1.26.1\", \"versionType\": \"semver\"}], \"packageName\": \"net/url\", \"collectionURL\": \"https://pkg.go.dev\", \"defaultStatus\": \"unaffected\", \"programRoutines\": [{\"name\": \"parseHost\"}, {\"name\": \"JoinPath\"}, {\"name\": \"Parse\"}, {\"name\": \"ParseRequestURI\"}, {\"name\": \"URL.Parse\"}, {\"name\": \"URL.UnmarshalBinary\"}]}], \"references\": [{\"url\": \"https://go.dev/cl/752180\"}, {\"url\": \"https://go.dev/issue/77578\"}, {\"url\": \"https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk\"}, {\"url\": \"https://pkg.go.dev/vuln/GO-2026-4601\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"url.Parse insufficiently validated the host/authority component and accepted some invalid URLs.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"description\": \"CWE-1286: Improper Validation of Syntactic Correctness of Input\"}]}], \"providerMetadata\": {\"orgId\": \"1bb62c36-49e3-4200-9d77-64a1400537cc\", \"shortName\": \"Go\", \"dateUpdated\": \"2026-03-06T21:28:14.211Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2026-25679\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-03-10T13:37:02.459Z\", \"dateReserved\": \"2026-02-05T01:33:41.943Z\", \"assignerOrgId\": \"1bb62c36-49e3-4200-9d77-64a1400537cc\", \"datePublished\": \"2026-03-06T21:28:14.211Z\", \"assignerShortName\": \"Go\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
RHSA-2026:11749
Vulnerability from csaf_redhat - Published: 2026-04-29 14:31 - Updated: 2026-06-27 14:37Summary
Red Hat Security Advisory: buildah security update
Severity
Important
Notes
Topic: An update for buildah is now available for Red Hat Enterprise Linux 9.6 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: The buildah package provides a tool for facilitating building OCI container images. Among other things, buildah enables you to: Create a working container, either from scratch or using an image as a starting point; Create an image, either from a working container or using the instructions in a Dockerfile; Build both Docker and OCI images.
Security Fix(es):
* golang.org/x/crypto/ssh/agent: golang.org/x/crypto/ssh/agent: SSH client panic due to unexpected SSH_AGENT_SUCCESS (CVE-2025-47913)
* crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate (CVE-2025-61729)
* golang: net/url: Memory exhaustion in query parameter parsing in net/url (CVE-2025-61726)
* crypto/tls: Unexpected session resumption in crypto/tls (CVE-2025-68121)
* net/url: Incorrect parsing of IPv6 host literals in net/url (CVE-2026-25679)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw in golang.org/x/crypto/ssh/agent causes the SSH agent client to panic when a peer responds with the generic SSH_AGENT_SUCCESS (0x06) message to requests expecting typed replies (e.g., List, Sign). The unmarshal layer produces an unexpected message type, which the client code does not handle, leading to panic("unreachable") or a nil-pointer dereference. A malicious agent or forwarded connection can exploit this to terminate the client process.
7.5 (High)
Affected products
Fixed
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.6.0.Z.EUS:buildah-2:1.39.6-2.el9_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:buildah-2:1.39.6-2.el9_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:buildah-2:1.39.6-2.el9_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:buildah-2:1.39.6-2.el9_6.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:buildah-2:1.39.6-2.el9_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:buildah-debuginfo-2:1.39.6-2.el9_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:buildah-debuginfo-2:1.39.6-2.el9_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:buildah-debuginfo-2:1.39.6-2.el9_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:buildah-debuginfo-2:1.39.6-2.el9_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:buildah-debugsource-2:1.39.6-2.el9_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:buildah-debugsource-2:1.39.6-2.el9_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:buildah-debugsource-2:1.39.6-2.el9_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:buildah-debugsource-2:1.39.6-2.el9_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:buildah-tests-2:1.39.6-2.el9_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:buildah-tests-2:1.39.6-2.el9_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:buildah-tests-2:1.39.6-2.el9_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:buildah-tests-2:1.39.6-2.el9_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:buildah-tests-debuginfo-2:1.39.6-2.el9_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:buildah-tests-debuginfo-2:1.39.6-2.el9_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:buildah-tests-debuginfo-2:1.39.6-2.el9_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:buildah-tests-debuginfo-2:1.39.6-2.el9_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted HTTP request containing a massive number of query parameters will cause the application to consume an excessive amount of memory, eventually causing the application to crash or become unresponsive, resulting in a denial of service.
7.5 (High)
Affected products
Fixed
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.6.0.Z.EUS:buildah-2:1.39.6-2.el9_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:buildah-2:1.39.6-2.el9_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:buildah-2:1.39.6-2.el9_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:buildah-2:1.39.6-2.el9_6.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:buildah-2:1.39.6-2.el9_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:buildah-debuginfo-2:1.39.6-2.el9_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:buildah-debuginfo-2:1.39.6-2.el9_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:buildah-debuginfo-2:1.39.6-2.el9_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:buildah-debuginfo-2:1.39.6-2.el9_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:buildah-debugsource-2:1.39.6-2.el9_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:buildah-debugsource-2:1.39.6-2.el9_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:buildah-debugsource-2:1.39.6-2.el9_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:buildah-debugsource-2:1.39.6-2.el9_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:buildah-tests-2:1.39.6-2.el9_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:buildah-tests-2:1.39.6-2.el9_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:buildah-tests-2:1.39.6-2.el9_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:buildah-tests-2:1.39.6-2.el9_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:buildah-tests-debuginfo-2:1.39.6-2.el9_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:buildah-tests-debuginfo-2:1.39.6-2.el9_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:buildah-tests-debuginfo-2:1.39.6-2.el9_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:buildah-tests-debuginfo-2:1.39.6-2.el9_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the `HostnameError.Error()` function. This flaw, caused by unbounded string concatenation, leads to excessive resource consumption. Successful exploitation can result in a denial of service (DoS) for the affected system.
7.5 (High)
Affected products
Fixed
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.6.0.Z.EUS:buildah-2:1.39.6-2.el9_6.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:buildah-2:1.39.6-2.el9_6.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:buildah-2:1.39.6-2.el9_6.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:buildah-2:1.39.6-2.el9_6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:buildah-2:1.39.6-2.el9_6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:buildah-debuginfo-2:1.39.6-2.el9_6.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:buildah-debuginfo-2:1.39.6-2.el9_6.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:buildah-debuginfo-2:1.39.6-2.el9_6.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:buildah-debuginfo-2:1.39.6-2.el9_6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:buildah-debugsource-2:1.39.6-2.el9_6.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:buildah-debugsource-2:1.39.6-2.el9_6.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:buildah-debugsource-2:1.39.6-2.el9_6.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:buildah-debugsource-2:1.39.6-2.el9_6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:buildah-tests-2:1.39.6-2.el9_6.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:buildah-tests-2:1.39.6-2.el9_6.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:buildah-tests-2:1.39.6-2.el9_6.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:buildah-tests-2:1.39.6-2.el9_6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:buildah-tests-debuginfo-2:1.39.6-2.el9_6.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:buildah-tests-debuginfo-2:1.39.6-2.el9_6.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:buildah-tests-debuginfo-2:1.39.6-2.el9_6.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:buildah-tests-debuginfo-2:1.39.6-2.el9_6.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Important
A flaw was found in the crypto/tls component. This vulnerability occurs during Transport Layer Security (TLS) session resumption when certificate authority (CA) settings are modified between the initial and resumed handshakes. An attacker could exploit this to bypass certificate validation, allowing a client or server to establish a connection that should have been rejected. This could lead to an authentication bypass under specific conditions.
7.4 (High)
Affected products
Fixed
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.6.0.Z.EUS:buildah-2:1.39.6-2.el9_6.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:buildah-2:1.39.6-2.el9_6.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:buildah-2:1.39.6-2.el9_6.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:buildah-2:1.39.6-2.el9_6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:buildah-2:1.39.6-2.el9_6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:buildah-debuginfo-2:1.39.6-2.el9_6.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:buildah-debuginfo-2:1.39.6-2.el9_6.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:buildah-debuginfo-2:1.39.6-2.el9_6.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:buildah-debuginfo-2:1.39.6-2.el9_6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:buildah-debugsource-2:1.39.6-2.el9_6.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:buildah-debugsource-2:1.39.6-2.el9_6.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:buildah-debugsource-2:1.39.6-2.el9_6.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:buildah-debugsource-2:1.39.6-2.el9_6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:buildah-tests-2:1.39.6-2.el9_6.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:buildah-tests-2:1.39.6-2.el9_6.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:buildah-tests-2:1.39.6-2.el9_6.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:buildah-tests-2:1.39.6-2.el9_6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:buildah-tests-debuginfo-2:1.39.6-2.el9_6.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:buildah-tests-debuginfo-2:1.39.6-2.el9_6.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:buildah-tests-debuginfo-2:1.39.6-2.el9_6.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:buildah-tests-debuginfo-2:1.39.6-2.el9_6.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid.
7.5 (High)
Affected products
Fixed
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.6.0.Z.EUS:buildah-2:1.39.6-2.el9_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:buildah-2:1.39.6-2.el9_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:buildah-2:1.39.6-2.el9_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:buildah-2:1.39.6-2.el9_6.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:buildah-2:1.39.6-2.el9_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:buildah-debuginfo-2:1.39.6-2.el9_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:buildah-debuginfo-2:1.39.6-2.el9_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:buildah-debuginfo-2:1.39.6-2.el9_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:buildah-debuginfo-2:1.39.6-2.el9_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:buildah-debugsource-2:1.39.6-2.el9_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:buildah-debugsource-2:1.39.6-2.el9_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:buildah-debugsource-2:1.39.6-2.el9_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:buildah-debugsource-2:1.39.6-2.el9_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:buildah-tests-2:1.39.6-2.el9_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:buildah-tests-2:1.39.6-2.el9_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:buildah-tests-2:1.39.6-2.el9_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:buildah-tests-2:1.39.6-2.el9_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:buildah-tests-debuginfo-2:1.39.6-2.el9_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:buildah-tests-debuginfo-2:1.39.6-2.el9_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:buildah-tests-debuginfo-2:1.39.6-2.el9_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:buildah-tests-debuginfo-2:1.39.6-2.el9_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
References
48 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for buildah is now available for Red Hat Enterprise Linux 9.6 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The buildah package provides a tool for facilitating building OCI container images. Among other things, buildah enables you to: Create a working container, either from scratch or using an image as a starting point; Create an image, either from a working container or using the instructions in a Dockerfile; Build both Docker and OCI images. \n\nSecurity Fix(es):\n\n* golang.org/x/crypto/ssh/agent: golang.org/x/crypto/ssh/agent: SSH client panic due to unexpected SSH_AGENT_SUCCESS (CVE-2025-47913)\n\n* crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate (CVE-2025-61729)\n\n* golang: net/url: Memory exhaustion in query parameter parsing in net/url (CVE-2025-61726)\n\n* crypto/tls: Unexpected session resumption in crypto/tls (CVE-2025-68121)\n\n* net/url: Incorrect parsing of IPv6 host literals in net/url (CVE-2026-25679)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:11749",
"url": "https://access.redhat.com/errata/RHSA-2026:11749"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2414943",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2414943"
},
{
"category": "external",
"summary": "2418462",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418462"
},
{
"category": "external",
"summary": "2434432",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2434432"
},
{
"category": "external",
"summary": "2437111",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2437111"
},
{
"category": "external",
"summary": "2445356",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445356"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_11749.json"
}
],
"title": "Red Hat Security Advisory: buildah security update",
"tracking": {
"current_release_date": "2026-06-27T14:37:49+00:00",
"generator": {
"date": "2026-06-27T14:37:49+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.2.6"
}
},
"id": "RHSA-2026:11749",
"initial_release_date": "2026-04-29T14:31:52+00:00",
"revision_history": [
{
"date": "2026-04-29T14:31:52+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-04-29T14:31:52+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-27T14:37:49+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product": {
"name": "Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_eus:9.6::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "buildah-2:1.39.6-2.el9_6.src",
"product": {
"name": "buildah-2:1.39.6-2.el9_6.src",
"product_id": "buildah-2:1.39.6-2.el9_6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/buildah@1.39.6-2.el9_6?arch=src\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "buildah-2:1.39.6-2.el9_6.aarch64",
"product": {
"name": "buildah-2:1.39.6-2.el9_6.aarch64",
"product_id": "buildah-2:1.39.6-2.el9_6.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/buildah@1.39.6-2.el9_6?arch=aarch64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "buildah-tests-2:1.39.6-2.el9_6.aarch64",
"product": {
"name": "buildah-tests-2:1.39.6-2.el9_6.aarch64",
"product_id": "buildah-tests-2:1.39.6-2.el9_6.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/buildah-tests@1.39.6-2.el9_6?arch=aarch64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "buildah-debugsource-2:1.39.6-2.el9_6.aarch64",
"product": {
"name": "buildah-debugsource-2:1.39.6-2.el9_6.aarch64",
"product_id": "buildah-debugsource-2:1.39.6-2.el9_6.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/buildah-debugsource@1.39.6-2.el9_6?arch=aarch64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "buildah-debuginfo-2:1.39.6-2.el9_6.aarch64",
"product": {
"name": "buildah-debuginfo-2:1.39.6-2.el9_6.aarch64",
"product_id": "buildah-debuginfo-2:1.39.6-2.el9_6.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/buildah-debuginfo@1.39.6-2.el9_6?arch=aarch64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "buildah-tests-debuginfo-2:1.39.6-2.el9_6.aarch64",
"product": {
"name": "buildah-tests-debuginfo-2:1.39.6-2.el9_6.aarch64",
"product_id": "buildah-tests-debuginfo-2:1.39.6-2.el9_6.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/buildah-tests-debuginfo@1.39.6-2.el9_6?arch=aarch64\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "buildah-2:1.39.6-2.el9_6.ppc64le",
"product": {
"name": "buildah-2:1.39.6-2.el9_6.ppc64le",
"product_id": "buildah-2:1.39.6-2.el9_6.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/buildah@1.39.6-2.el9_6?arch=ppc64le\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "buildah-tests-2:1.39.6-2.el9_6.ppc64le",
"product": {
"name": "buildah-tests-2:1.39.6-2.el9_6.ppc64le",
"product_id": "buildah-tests-2:1.39.6-2.el9_6.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/buildah-tests@1.39.6-2.el9_6?arch=ppc64le\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "buildah-debugsource-2:1.39.6-2.el9_6.ppc64le",
"product": {
"name": "buildah-debugsource-2:1.39.6-2.el9_6.ppc64le",
"product_id": "buildah-debugsource-2:1.39.6-2.el9_6.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/buildah-debugsource@1.39.6-2.el9_6?arch=ppc64le\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "buildah-debuginfo-2:1.39.6-2.el9_6.ppc64le",
"product": {
"name": "buildah-debuginfo-2:1.39.6-2.el9_6.ppc64le",
"product_id": "buildah-debuginfo-2:1.39.6-2.el9_6.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/buildah-debuginfo@1.39.6-2.el9_6?arch=ppc64le\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "buildah-tests-debuginfo-2:1.39.6-2.el9_6.ppc64le",
"product": {
"name": "buildah-tests-debuginfo-2:1.39.6-2.el9_6.ppc64le",
"product_id": "buildah-tests-debuginfo-2:1.39.6-2.el9_6.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/buildah-tests-debuginfo@1.39.6-2.el9_6?arch=ppc64le\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "buildah-2:1.39.6-2.el9_6.x86_64",
"product": {
"name": "buildah-2:1.39.6-2.el9_6.x86_64",
"product_id": "buildah-2:1.39.6-2.el9_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/buildah@1.39.6-2.el9_6?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "buildah-tests-2:1.39.6-2.el9_6.x86_64",
"product": {
"name": "buildah-tests-2:1.39.6-2.el9_6.x86_64",
"product_id": "buildah-tests-2:1.39.6-2.el9_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/buildah-tests@1.39.6-2.el9_6?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "buildah-debugsource-2:1.39.6-2.el9_6.x86_64",
"product": {
"name": "buildah-debugsource-2:1.39.6-2.el9_6.x86_64",
"product_id": "buildah-debugsource-2:1.39.6-2.el9_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/buildah-debugsource@1.39.6-2.el9_6?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "buildah-debuginfo-2:1.39.6-2.el9_6.x86_64",
"product": {
"name": "buildah-debuginfo-2:1.39.6-2.el9_6.x86_64",
"product_id": "buildah-debuginfo-2:1.39.6-2.el9_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/buildah-debuginfo@1.39.6-2.el9_6?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "buildah-tests-debuginfo-2:1.39.6-2.el9_6.x86_64",
"product": {
"name": "buildah-tests-debuginfo-2:1.39.6-2.el9_6.x86_64",
"product_id": "buildah-tests-debuginfo-2:1.39.6-2.el9_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/buildah-tests-debuginfo@1.39.6-2.el9_6?arch=x86_64\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "buildah-2:1.39.6-2.el9_6.s390x",
"product": {
"name": "buildah-2:1.39.6-2.el9_6.s390x",
"product_id": "buildah-2:1.39.6-2.el9_6.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/buildah@1.39.6-2.el9_6?arch=s390x\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "buildah-tests-2:1.39.6-2.el9_6.s390x",
"product": {
"name": "buildah-tests-2:1.39.6-2.el9_6.s390x",
"product_id": "buildah-tests-2:1.39.6-2.el9_6.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/buildah-tests@1.39.6-2.el9_6?arch=s390x\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "buildah-debugsource-2:1.39.6-2.el9_6.s390x",
"product": {
"name": "buildah-debugsource-2:1.39.6-2.el9_6.s390x",
"product_id": "buildah-debugsource-2:1.39.6-2.el9_6.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/buildah-debugsource@1.39.6-2.el9_6?arch=s390x\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "buildah-debuginfo-2:1.39.6-2.el9_6.s390x",
"product": {
"name": "buildah-debuginfo-2:1.39.6-2.el9_6.s390x",
"product_id": "buildah-debuginfo-2:1.39.6-2.el9_6.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/buildah-debuginfo@1.39.6-2.el9_6?arch=s390x\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "buildah-tests-debuginfo-2:1.39.6-2.el9_6.s390x",
"product": {
"name": "buildah-tests-debuginfo-2:1.39.6-2.el9_6.s390x",
"product_id": "buildah-tests-debuginfo-2:1.39.6-2.el9_6.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/buildah-tests-debuginfo@1.39.6-2.el9_6?arch=s390x\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-2:1.39.6-2.el9_6.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:buildah-2:1.39.6-2.el9_6.aarch64"
},
"product_reference": "buildah-2:1.39.6-2.el9_6.aarch64",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-2:1.39.6-2.el9_6.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:buildah-2:1.39.6-2.el9_6.ppc64le"
},
"product_reference": "buildah-2:1.39.6-2.el9_6.ppc64le",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-2:1.39.6-2.el9_6.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:buildah-2:1.39.6-2.el9_6.s390x"
},
"product_reference": "buildah-2:1.39.6-2.el9_6.s390x",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-2:1.39.6-2.el9_6.src as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:buildah-2:1.39.6-2.el9_6.src"
},
"product_reference": "buildah-2:1.39.6-2.el9_6.src",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-2:1.39.6-2.el9_6.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:buildah-2:1.39.6-2.el9_6.x86_64"
},
"product_reference": "buildah-2:1.39.6-2.el9_6.x86_64",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-debuginfo-2:1.39.6-2.el9_6.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:buildah-debuginfo-2:1.39.6-2.el9_6.aarch64"
},
"product_reference": "buildah-debuginfo-2:1.39.6-2.el9_6.aarch64",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-debuginfo-2:1.39.6-2.el9_6.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:buildah-debuginfo-2:1.39.6-2.el9_6.ppc64le"
},
"product_reference": "buildah-debuginfo-2:1.39.6-2.el9_6.ppc64le",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-debuginfo-2:1.39.6-2.el9_6.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:buildah-debuginfo-2:1.39.6-2.el9_6.s390x"
},
"product_reference": "buildah-debuginfo-2:1.39.6-2.el9_6.s390x",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-debuginfo-2:1.39.6-2.el9_6.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:buildah-debuginfo-2:1.39.6-2.el9_6.x86_64"
},
"product_reference": "buildah-debuginfo-2:1.39.6-2.el9_6.x86_64",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-debugsource-2:1.39.6-2.el9_6.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:buildah-debugsource-2:1.39.6-2.el9_6.aarch64"
},
"product_reference": "buildah-debugsource-2:1.39.6-2.el9_6.aarch64",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-debugsource-2:1.39.6-2.el9_6.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:buildah-debugsource-2:1.39.6-2.el9_6.ppc64le"
},
"product_reference": "buildah-debugsource-2:1.39.6-2.el9_6.ppc64le",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-debugsource-2:1.39.6-2.el9_6.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:buildah-debugsource-2:1.39.6-2.el9_6.s390x"
},
"product_reference": "buildah-debugsource-2:1.39.6-2.el9_6.s390x",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-debugsource-2:1.39.6-2.el9_6.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:buildah-debugsource-2:1.39.6-2.el9_6.x86_64"
},
"product_reference": "buildah-debugsource-2:1.39.6-2.el9_6.x86_64",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-tests-2:1.39.6-2.el9_6.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:buildah-tests-2:1.39.6-2.el9_6.aarch64"
},
"product_reference": "buildah-tests-2:1.39.6-2.el9_6.aarch64",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-tests-2:1.39.6-2.el9_6.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:buildah-tests-2:1.39.6-2.el9_6.ppc64le"
},
"product_reference": "buildah-tests-2:1.39.6-2.el9_6.ppc64le",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-tests-2:1.39.6-2.el9_6.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:buildah-tests-2:1.39.6-2.el9_6.s390x"
},
"product_reference": "buildah-tests-2:1.39.6-2.el9_6.s390x",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-tests-2:1.39.6-2.el9_6.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:buildah-tests-2:1.39.6-2.el9_6.x86_64"
},
"product_reference": "buildah-tests-2:1.39.6-2.el9_6.x86_64",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-tests-debuginfo-2:1.39.6-2.el9_6.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:buildah-tests-debuginfo-2:1.39.6-2.el9_6.aarch64"
},
"product_reference": "buildah-tests-debuginfo-2:1.39.6-2.el9_6.aarch64",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-tests-debuginfo-2:1.39.6-2.el9_6.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:buildah-tests-debuginfo-2:1.39.6-2.el9_6.ppc64le"
},
"product_reference": "buildah-tests-debuginfo-2:1.39.6-2.el9_6.ppc64le",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-tests-debuginfo-2:1.39.6-2.el9_6.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:buildah-tests-debuginfo-2:1.39.6-2.el9_6.s390x"
},
"product_reference": "buildah-tests-debuginfo-2:1.39.6-2.el9_6.s390x",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-tests-debuginfo-2:1.39.6-2.el9_6.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:buildah-tests-debuginfo-2:1.39.6-2.el9_6.x86_64"
},
"product_reference": "buildah-tests-debuginfo-2:1.39.6-2.el9_6.x86_64",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-47913",
"discovery_date": "2025-11-13T22:01:26.092452+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2414943"
}
],
"notes": [
{
"category": "description",
"text": "A flaw in golang.org/x/crypto/ssh/agent causes the SSH agent client to panic when a peer responds with the generic SSH_AGENT_SUCCESS (0x06) message to requests expecting typed replies (e.g., List, Sign). The unmarshal layer produces an unexpected message type, which the client code does not handle, leading to panic(\"unreachable\") or a nil-pointer dereference. A malicious agent or forwarded connection can exploit this to terminate the client process.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/crypto/ssh/agent: golang.org/x/crypto/ssh/agent: SSH client panic due to unexpected SSH_AGENT_SUCCESS",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability was marked as Important because it allows any malicious or misbehaving SSH agent to force a crash in the client process using a single valid protocol byte. The panic occurs before the client has a chance to validate message structure or recover, which means an attacker controlling\u2014or intercepting\u2014SSH agent traffic can reliably terminate processes that rely on agent interactions. In environments where SSH agents operate over forwarded sockets, shared workspaces, or CI/CD runners, this turns into a reliable, unauthenticated remote denial of service against critical automation or developer tooling. The flaw also stems from unsafe assumptions in the unmarshalling logic, where unexpected but protocol-legal message types drop into \u201cunreachable\u201d code paths instead of being handled gracefully\u2014making it a design-level reliability break rather than a simple error-handling bug. For this reason, it is rated as an important availability-impacting vulnerability rather than a moderate issue.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.6.0.Z.EUS:buildah-2:1.39.6-2.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:buildah-2:1.39.6-2.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:buildah-2:1.39.6-2.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:buildah-2:1.39.6-2.el9_6.src",
"AppStream-9.6.0.Z.EUS:buildah-2:1.39.6-2.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:buildah-debuginfo-2:1.39.6-2.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:buildah-debuginfo-2:1.39.6-2.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:buildah-debuginfo-2:1.39.6-2.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:buildah-debuginfo-2:1.39.6-2.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:buildah-debugsource-2:1.39.6-2.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:buildah-debugsource-2:1.39.6-2.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:buildah-debugsource-2:1.39.6-2.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:buildah-debugsource-2:1.39.6-2.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:buildah-tests-2:1.39.6-2.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:buildah-tests-2:1.39.6-2.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:buildah-tests-2:1.39.6-2.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:buildah-tests-2:1.39.6-2.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:buildah-tests-debuginfo-2:1.39.6-2.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:buildah-tests-debuginfo-2:1.39.6-2.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:buildah-tests-debuginfo-2:1.39.6-2.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:buildah-tests-debuginfo-2:1.39.6-2.el9_6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-47913"
},
{
"category": "external",
"summary": "RHBZ#2414943",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2414943"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-47913",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47913"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-47913",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-47913"
},
{
"category": "external",
"summary": "https://github.com/advisories/GHSA-hcg3-q754-cr77",
"url": "https://github.com/advisories/GHSA-hcg3-q754-cr77"
},
{
"category": "external",
"summary": "https://go.dev/cl/700295",
"url": "https://go.dev/cl/700295"
},
{
"category": "external",
"summary": "https://go.dev/issue/75178",
"url": "https://go.dev/issue/75178"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-4116",
"url": "https://pkg.go.dev/vuln/GO-2025-4116"
}
],
"release_date": "2025-11-13T21:29:39.907000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-29T14:31:52+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.6.0.Z.EUS:buildah-2:1.39.6-2.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:buildah-2:1.39.6-2.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:buildah-2:1.39.6-2.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:buildah-2:1.39.6-2.el9_6.src",
"AppStream-9.6.0.Z.EUS:buildah-2:1.39.6-2.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:buildah-debuginfo-2:1.39.6-2.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:buildah-debuginfo-2:1.39.6-2.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:buildah-debuginfo-2:1.39.6-2.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:buildah-debuginfo-2:1.39.6-2.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:buildah-debugsource-2:1.39.6-2.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:buildah-debugsource-2:1.39.6-2.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:buildah-debugsource-2:1.39.6-2.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:buildah-debugsource-2:1.39.6-2.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:buildah-tests-2:1.39.6-2.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:buildah-tests-2:1.39.6-2.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:buildah-tests-2:1.39.6-2.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:buildah-tests-2:1.39.6-2.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:buildah-tests-debuginfo-2:1.39.6-2.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:buildah-tests-debuginfo-2:1.39.6-2.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:buildah-tests-debuginfo-2:1.39.6-2.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:buildah-tests-debuginfo-2:1.39.6-2.el9_6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:11749"
},
{
"category": "workaround",
"details": "No mitigation is currently available that meets Red Hat Product Security\u2019s standards for usability, deployment, applicability, or stability.",
"product_ids": [
"AppStream-9.6.0.Z.EUS:buildah-2:1.39.6-2.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:buildah-2:1.39.6-2.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:buildah-2:1.39.6-2.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:buildah-2:1.39.6-2.el9_6.src",
"AppStream-9.6.0.Z.EUS:buildah-2:1.39.6-2.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:buildah-debuginfo-2:1.39.6-2.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:buildah-debuginfo-2:1.39.6-2.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:buildah-debuginfo-2:1.39.6-2.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:buildah-debuginfo-2:1.39.6-2.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:buildah-debugsource-2:1.39.6-2.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:buildah-debugsource-2:1.39.6-2.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:buildah-debugsource-2:1.39.6-2.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:buildah-debugsource-2:1.39.6-2.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:buildah-tests-2:1.39.6-2.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:buildah-tests-2:1.39.6-2.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:buildah-tests-2:1.39.6-2.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:buildah-tests-2:1.39.6-2.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:buildah-tests-debuginfo-2:1.39.6-2.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:buildah-tests-debuginfo-2:1.39.6-2.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:buildah-tests-debuginfo-2:1.39.6-2.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:buildah-tests-debuginfo-2:1.39.6-2.el9_6.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.6.0.Z.EUS:buildah-2:1.39.6-2.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:buildah-2:1.39.6-2.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:buildah-2:1.39.6-2.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:buildah-2:1.39.6-2.el9_6.src",
"AppStream-9.6.0.Z.EUS:buildah-2:1.39.6-2.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:buildah-debuginfo-2:1.39.6-2.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:buildah-debuginfo-2:1.39.6-2.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:buildah-debuginfo-2:1.39.6-2.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:buildah-debuginfo-2:1.39.6-2.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:buildah-debugsource-2:1.39.6-2.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:buildah-debugsource-2:1.39.6-2.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:buildah-debugsource-2:1.39.6-2.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:buildah-debugsource-2:1.39.6-2.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:buildah-tests-2:1.39.6-2.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:buildah-tests-2:1.39.6-2.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:buildah-tests-2:1.39.6-2.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:buildah-tests-2:1.39.6-2.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:buildah-tests-debuginfo-2:1.39.6-2.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:buildah-tests-debuginfo-2:1.39.6-2.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:buildah-tests-debuginfo-2:1.39.6-2.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:buildah-tests-debuginfo-2:1.39.6-2.el9_6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang.org/x/crypto/ssh/agent: golang.org/x/crypto/ssh/agent: SSH client panic due to unexpected SSH_AGENT_SUCCESS"
},
{
"cve": "CVE-2025-61726",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-01-28T20:01:42.791305+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2434432"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted HTTP request containing a massive number of query parameters will cause the application to consume an excessive amount of memory, eventually causing the application to crash or become unresponsive, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/url: Memory exhaustion in query parameter parsing in net/url",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker must be able to send a specially crafted HTTP request to an application parsing URL-encoded forms with net/url, specifically a request containing a large number of unique query parameters. The request will cause the application to consume an excessive amount of memory and eventually result in a denial of service, with no impact to confidentiality or integrity. Due to this reason, this vulnerability has been rated with an important severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.6.0.Z.EUS:buildah-2:1.39.6-2.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:buildah-2:1.39.6-2.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:buildah-2:1.39.6-2.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:buildah-2:1.39.6-2.el9_6.src",
"AppStream-9.6.0.Z.EUS:buildah-2:1.39.6-2.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:buildah-debuginfo-2:1.39.6-2.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:buildah-debuginfo-2:1.39.6-2.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:buildah-debuginfo-2:1.39.6-2.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:buildah-debuginfo-2:1.39.6-2.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:buildah-debugsource-2:1.39.6-2.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:buildah-debugsource-2:1.39.6-2.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:buildah-debugsource-2:1.39.6-2.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:buildah-debugsource-2:1.39.6-2.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:buildah-tests-2:1.39.6-2.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:buildah-tests-2:1.39.6-2.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:buildah-tests-2:1.39.6-2.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:buildah-tests-2:1.39.6-2.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:buildah-tests-debuginfo-2:1.39.6-2.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:buildah-tests-debuginfo-2:1.39.6-2.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:buildah-tests-debuginfo-2:1.39.6-2.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:buildah-tests-debuginfo-2:1.39.6-2.el9_6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61726"
},
{
"category": "external",
"summary": "RHBZ#2434432",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2434432"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61726",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61726"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726"
},
{
"category": "external",
"summary": "https://go.dev/cl/736712",
"url": "https://go.dev/cl/736712"
},
{
"category": "external",
"summary": "https://go.dev/issue/77101",
"url": "https://go.dev/issue/77101"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc",
"url": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4341",
"url": "https://pkg.go.dev/vuln/GO-2026-4341"
}
],
"release_date": "2026-01-28T19:30:31.215000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-29T14:31:52+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.6.0.Z.EUS:buildah-2:1.39.6-2.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:buildah-2:1.39.6-2.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:buildah-2:1.39.6-2.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:buildah-2:1.39.6-2.el9_6.src",
"AppStream-9.6.0.Z.EUS:buildah-2:1.39.6-2.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:buildah-debuginfo-2:1.39.6-2.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:buildah-debuginfo-2:1.39.6-2.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:buildah-debuginfo-2:1.39.6-2.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:buildah-debuginfo-2:1.39.6-2.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:buildah-debugsource-2:1.39.6-2.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:buildah-debugsource-2:1.39.6-2.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:buildah-debugsource-2:1.39.6-2.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:buildah-debugsource-2:1.39.6-2.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:buildah-tests-2:1.39.6-2.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:buildah-tests-2:1.39.6-2.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:buildah-tests-2:1.39.6-2.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:buildah-tests-2:1.39.6-2.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:buildah-tests-debuginfo-2:1.39.6-2.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:buildah-tests-debuginfo-2:1.39.6-2.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:buildah-tests-debuginfo-2:1.39.6-2.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:buildah-tests-debuginfo-2:1.39.6-2.el9_6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:11749"
},
{
"category": "workaround",
"details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.",
"product_ids": [
"AppStream-9.6.0.Z.EUS:buildah-2:1.39.6-2.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:buildah-2:1.39.6-2.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:buildah-2:1.39.6-2.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:buildah-2:1.39.6-2.el9_6.src",
"AppStream-9.6.0.Z.EUS:buildah-2:1.39.6-2.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:buildah-debuginfo-2:1.39.6-2.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:buildah-debuginfo-2:1.39.6-2.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:buildah-debuginfo-2:1.39.6-2.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:buildah-debuginfo-2:1.39.6-2.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:buildah-debugsource-2:1.39.6-2.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:buildah-debugsource-2:1.39.6-2.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:buildah-debugsource-2:1.39.6-2.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:buildah-debugsource-2:1.39.6-2.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:buildah-tests-2:1.39.6-2.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:buildah-tests-2:1.39.6-2.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:buildah-tests-2:1.39.6-2.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:buildah-tests-2:1.39.6-2.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:buildah-tests-debuginfo-2:1.39.6-2.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:buildah-tests-debuginfo-2:1.39.6-2.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:buildah-tests-debuginfo-2:1.39.6-2.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:buildah-tests-debuginfo-2:1.39.6-2.el9_6.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.6.0.Z.EUS:buildah-2:1.39.6-2.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:buildah-2:1.39.6-2.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:buildah-2:1.39.6-2.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:buildah-2:1.39.6-2.el9_6.src",
"AppStream-9.6.0.Z.EUS:buildah-2:1.39.6-2.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:buildah-debuginfo-2:1.39.6-2.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:buildah-debuginfo-2:1.39.6-2.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:buildah-debuginfo-2:1.39.6-2.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:buildah-debuginfo-2:1.39.6-2.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:buildah-debugsource-2:1.39.6-2.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:buildah-debugsource-2:1.39.6-2.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:buildah-debugsource-2:1.39.6-2.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:buildah-debugsource-2:1.39.6-2.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:buildah-tests-2:1.39.6-2.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:buildah-tests-2:1.39.6-2.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:buildah-tests-2:1.39.6-2.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:buildah-tests-2:1.39.6-2.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:buildah-tests-debuginfo-2:1.39.6-2.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:buildah-tests-debuginfo-2:1.39.6-2.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:buildah-tests-debuginfo-2:1.39.6-2.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:buildah-tests-debuginfo-2:1.39.6-2.el9_6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang: net/url: Memory exhaustion in query parameter parsing in net/url"
},
{
"cve": "CVE-2025-61729",
"cwe": {
"id": "CWE-1050",
"name": "Excessive Platform Resource Consumption within a Loop"
},
"discovery_date": "2025-12-02T20:01:45.330964+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2418462"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the `HostnameError.Error()` function. This flaw, caused by unbounded string concatenation, leads to excessive resource consumption. Successful exploitation can result in a denial of service (DoS) for the affected system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.6.0.Z.EUS:buildah-2:1.39.6-2.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:buildah-2:1.39.6-2.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:buildah-2:1.39.6-2.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:buildah-2:1.39.6-2.el9_6.src",
"AppStream-9.6.0.Z.EUS:buildah-2:1.39.6-2.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:buildah-debuginfo-2:1.39.6-2.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:buildah-debuginfo-2:1.39.6-2.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:buildah-debuginfo-2:1.39.6-2.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:buildah-debuginfo-2:1.39.6-2.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:buildah-debugsource-2:1.39.6-2.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:buildah-debugsource-2:1.39.6-2.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:buildah-debugsource-2:1.39.6-2.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:buildah-debugsource-2:1.39.6-2.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:buildah-tests-2:1.39.6-2.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:buildah-tests-2:1.39.6-2.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:buildah-tests-2:1.39.6-2.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:buildah-tests-2:1.39.6-2.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:buildah-tests-debuginfo-2:1.39.6-2.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:buildah-tests-debuginfo-2:1.39.6-2.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:buildah-tests-debuginfo-2:1.39.6-2.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:buildah-tests-debuginfo-2:1.39.6-2.el9_6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61729"
},
{
"category": "external",
"summary": "RHBZ#2418462",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418462"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61729",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61729"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61729",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61729"
},
{
"category": "external",
"summary": "https://go.dev/cl/725920",
"url": "https://go.dev/cl/725920"
},
{
"category": "external",
"summary": "https://go.dev/issue/76445",
"url": "https://go.dev/issue/76445"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4",
"url": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-4155",
"url": "https://pkg.go.dev/vuln/GO-2025-4155"
}
],
"release_date": "2025-12-02T18:54:10.166000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-29T14:31:52+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.6.0.Z.EUS:buildah-2:1.39.6-2.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:buildah-2:1.39.6-2.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:buildah-2:1.39.6-2.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:buildah-2:1.39.6-2.el9_6.src",
"AppStream-9.6.0.Z.EUS:buildah-2:1.39.6-2.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:buildah-debuginfo-2:1.39.6-2.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:buildah-debuginfo-2:1.39.6-2.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:buildah-debuginfo-2:1.39.6-2.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:buildah-debuginfo-2:1.39.6-2.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:buildah-debugsource-2:1.39.6-2.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:buildah-debugsource-2:1.39.6-2.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:buildah-debugsource-2:1.39.6-2.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:buildah-debugsource-2:1.39.6-2.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:buildah-tests-2:1.39.6-2.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:buildah-tests-2:1.39.6-2.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:buildah-tests-2:1.39.6-2.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:buildah-tests-2:1.39.6-2.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:buildah-tests-debuginfo-2:1.39.6-2.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:buildah-tests-debuginfo-2:1.39.6-2.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:buildah-tests-debuginfo-2:1.39.6-2.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:buildah-tests-debuginfo-2:1.39.6-2.el9_6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:11749"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.6.0.Z.EUS:buildah-2:1.39.6-2.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:buildah-2:1.39.6-2.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:buildah-2:1.39.6-2.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:buildah-2:1.39.6-2.el9_6.src",
"AppStream-9.6.0.Z.EUS:buildah-2:1.39.6-2.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:buildah-debuginfo-2:1.39.6-2.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:buildah-debuginfo-2:1.39.6-2.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:buildah-debuginfo-2:1.39.6-2.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:buildah-debuginfo-2:1.39.6-2.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:buildah-debugsource-2:1.39.6-2.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:buildah-debugsource-2:1.39.6-2.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:buildah-debugsource-2:1.39.6-2.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:buildah-debugsource-2:1.39.6-2.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:buildah-tests-2:1.39.6-2.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:buildah-tests-2:1.39.6-2.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:buildah-tests-2:1.39.6-2.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:buildah-tests-2:1.39.6-2.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:buildah-tests-debuginfo-2:1.39.6-2.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:buildah-tests-debuginfo-2:1.39.6-2.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:buildah-tests-debuginfo-2:1.39.6-2.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:buildah-tests-debuginfo-2:1.39.6-2.el9_6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate"
},
{
"cve": "CVE-2025-68121",
"discovery_date": "2026-02-05T18:01:30.086058+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2437111"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the crypto/tls component. This vulnerability occurs during Transport Layer Security (TLS) session resumption when certificate authority (CA) settings are modified between the initial and resumed handshakes. An attacker could exploit this to bypass certificate validation, allowing a client or server to establish a connection that should have been rejected. This could lead to an authentication bypass under specific conditions.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is a moderate flaw because it only occurs under specific conditions, such as TLS session resumption with runtime changes to certificate authority settings. Exploitation is not straightforward and requires a controlled setup. The impact is limited to certificate validation within the same component and does not affect system availability.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.6.0.Z.EUS:buildah-2:1.39.6-2.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:buildah-2:1.39.6-2.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:buildah-2:1.39.6-2.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:buildah-2:1.39.6-2.el9_6.src",
"AppStream-9.6.0.Z.EUS:buildah-2:1.39.6-2.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:buildah-debuginfo-2:1.39.6-2.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:buildah-debuginfo-2:1.39.6-2.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:buildah-debuginfo-2:1.39.6-2.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:buildah-debuginfo-2:1.39.6-2.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:buildah-debugsource-2:1.39.6-2.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:buildah-debugsource-2:1.39.6-2.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:buildah-debugsource-2:1.39.6-2.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:buildah-debugsource-2:1.39.6-2.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:buildah-tests-2:1.39.6-2.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:buildah-tests-2:1.39.6-2.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:buildah-tests-2:1.39.6-2.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:buildah-tests-2:1.39.6-2.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:buildah-tests-debuginfo-2:1.39.6-2.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:buildah-tests-debuginfo-2:1.39.6-2.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:buildah-tests-debuginfo-2:1.39.6-2.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:buildah-tests-debuginfo-2:1.39.6-2.el9_6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-68121"
},
{
"category": "external",
"summary": "RHBZ#2437111",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2437111"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-68121",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68121"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-68121",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68121"
},
{
"category": "external",
"summary": "https://go.dev/cl/737700",
"url": "https://go.dev/cl/737700"
},
{
"category": "external",
"summary": "https://go.dev/issue/77217",
"url": "https://go.dev/issue/77217"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk",
"url": "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4337",
"url": "https://pkg.go.dev/vuln/GO-2026-4337"
}
],
"release_date": "2026-02-05T17:48:44.141000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-29T14:31:52+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.6.0.Z.EUS:buildah-2:1.39.6-2.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:buildah-2:1.39.6-2.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:buildah-2:1.39.6-2.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:buildah-2:1.39.6-2.el9_6.src",
"AppStream-9.6.0.Z.EUS:buildah-2:1.39.6-2.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:buildah-debuginfo-2:1.39.6-2.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:buildah-debuginfo-2:1.39.6-2.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:buildah-debuginfo-2:1.39.6-2.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:buildah-debuginfo-2:1.39.6-2.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:buildah-debugsource-2:1.39.6-2.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:buildah-debugsource-2:1.39.6-2.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:buildah-debugsource-2:1.39.6-2.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:buildah-debugsource-2:1.39.6-2.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:buildah-tests-2:1.39.6-2.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:buildah-tests-2:1.39.6-2.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:buildah-tests-2:1.39.6-2.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:buildah-tests-2:1.39.6-2.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:buildah-tests-debuginfo-2:1.39.6-2.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:buildah-tests-debuginfo-2:1.39.6-2.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:buildah-tests-debuginfo-2:1.39.6-2.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:buildah-tests-debuginfo-2:1.39.6-2.el9_6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:11749"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"AppStream-9.6.0.Z.EUS:buildah-2:1.39.6-2.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:buildah-2:1.39.6-2.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:buildah-2:1.39.6-2.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:buildah-2:1.39.6-2.el9_6.src",
"AppStream-9.6.0.Z.EUS:buildah-2:1.39.6-2.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:buildah-debuginfo-2:1.39.6-2.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:buildah-debuginfo-2:1.39.6-2.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:buildah-debuginfo-2:1.39.6-2.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:buildah-debuginfo-2:1.39.6-2.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:buildah-debugsource-2:1.39.6-2.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:buildah-debugsource-2:1.39.6-2.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:buildah-debugsource-2:1.39.6-2.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:buildah-debugsource-2:1.39.6-2.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:buildah-tests-2:1.39.6-2.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:buildah-tests-2:1.39.6-2.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:buildah-tests-2:1.39.6-2.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:buildah-tests-2:1.39.6-2.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:buildah-tests-debuginfo-2:1.39.6-2.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:buildah-tests-debuginfo-2:1.39.6-2.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:buildah-tests-debuginfo-2:1.39.6-2.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:buildah-tests-debuginfo-2:1.39.6-2.el9_6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption"
},
{
"cve": "CVE-2026-25679",
"cwe": {
"id": "CWE-1286",
"name": "Improper Validation of Syntactic Correctness of Input"
},
"discovery_date": "2026-03-06T22:02:11.567841+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2445356"
}
],
"notes": [
{
"category": "description",
"text": "The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "net/url: Incorrect parsing of IPv6 host literals in net/url",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.6.0.Z.EUS:buildah-2:1.39.6-2.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:buildah-2:1.39.6-2.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:buildah-2:1.39.6-2.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:buildah-2:1.39.6-2.el9_6.src",
"AppStream-9.6.0.Z.EUS:buildah-2:1.39.6-2.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:buildah-debuginfo-2:1.39.6-2.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:buildah-debuginfo-2:1.39.6-2.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:buildah-debuginfo-2:1.39.6-2.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:buildah-debuginfo-2:1.39.6-2.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:buildah-debugsource-2:1.39.6-2.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:buildah-debugsource-2:1.39.6-2.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:buildah-debugsource-2:1.39.6-2.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:buildah-debugsource-2:1.39.6-2.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:buildah-tests-2:1.39.6-2.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:buildah-tests-2:1.39.6-2.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:buildah-tests-2:1.39.6-2.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:buildah-tests-2:1.39.6-2.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:buildah-tests-debuginfo-2:1.39.6-2.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:buildah-tests-debuginfo-2:1.39.6-2.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:buildah-tests-debuginfo-2:1.39.6-2.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:buildah-tests-debuginfo-2:1.39.6-2.el9_6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-25679"
},
{
"category": "external",
"summary": "RHBZ#2445356",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445356"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-25679",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25679"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-25679",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25679"
},
{
"category": "external",
"summary": "https://go.dev/cl/752180",
"url": "https://go.dev/cl/752180"
},
{
"category": "external",
"summary": "https://go.dev/issue/77578",
"url": "https://go.dev/issue/77578"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk",
"url": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4601",
"url": "https://pkg.go.dev/vuln/GO-2026-4601"
}
],
"release_date": "2026-03-06T21:28:14.211000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-29T14:31:52+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.6.0.Z.EUS:buildah-2:1.39.6-2.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:buildah-2:1.39.6-2.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:buildah-2:1.39.6-2.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:buildah-2:1.39.6-2.el9_6.src",
"AppStream-9.6.0.Z.EUS:buildah-2:1.39.6-2.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:buildah-debuginfo-2:1.39.6-2.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:buildah-debuginfo-2:1.39.6-2.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:buildah-debuginfo-2:1.39.6-2.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:buildah-debuginfo-2:1.39.6-2.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:buildah-debugsource-2:1.39.6-2.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:buildah-debugsource-2:1.39.6-2.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:buildah-debugsource-2:1.39.6-2.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:buildah-debugsource-2:1.39.6-2.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:buildah-tests-2:1.39.6-2.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:buildah-tests-2:1.39.6-2.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:buildah-tests-2:1.39.6-2.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:buildah-tests-2:1.39.6-2.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:buildah-tests-debuginfo-2:1.39.6-2.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:buildah-tests-debuginfo-2:1.39.6-2.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:buildah-tests-debuginfo-2:1.39.6-2.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:buildah-tests-debuginfo-2:1.39.6-2.el9_6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:11749"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.6.0.Z.EUS:buildah-2:1.39.6-2.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:buildah-2:1.39.6-2.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:buildah-2:1.39.6-2.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:buildah-2:1.39.6-2.el9_6.src",
"AppStream-9.6.0.Z.EUS:buildah-2:1.39.6-2.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:buildah-debuginfo-2:1.39.6-2.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:buildah-debuginfo-2:1.39.6-2.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:buildah-debuginfo-2:1.39.6-2.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:buildah-debuginfo-2:1.39.6-2.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:buildah-debugsource-2:1.39.6-2.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:buildah-debugsource-2:1.39.6-2.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:buildah-debugsource-2:1.39.6-2.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:buildah-debugsource-2:1.39.6-2.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:buildah-tests-2:1.39.6-2.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:buildah-tests-2:1.39.6-2.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:buildah-tests-2:1.39.6-2.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:buildah-tests-2:1.39.6-2.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:buildah-tests-debuginfo-2:1.39.6-2.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:buildah-tests-debuginfo-2:1.39.6-2.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:buildah-tests-debuginfo-2:1.39.6-2.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:buildah-tests-debuginfo-2:1.39.6-2.el9_6.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.6.0.Z.EUS:buildah-2:1.39.6-2.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:buildah-2:1.39.6-2.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:buildah-2:1.39.6-2.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:buildah-2:1.39.6-2.el9_6.src",
"AppStream-9.6.0.Z.EUS:buildah-2:1.39.6-2.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:buildah-debuginfo-2:1.39.6-2.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:buildah-debuginfo-2:1.39.6-2.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:buildah-debuginfo-2:1.39.6-2.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:buildah-debuginfo-2:1.39.6-2.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:buildah-debugsource-2:1.39.6-2.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:buildah-debugsource-2:1.39.6-2.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:buildah-debugsource-2:1.39.6-2.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:buildah-debugsource-2:1.39.6-2.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:buildah-tests-2:1.39.6-2.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:buildah-tests-2:1.39.6-2.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:buildah-tests-2:1.39.6-2.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:buildah-tests-2:1.39.6-2.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:buildah-tests-debuginfo-2:1.39.6-2.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:buildah-tests-debuginfo-2:1.39.6-2.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:buildah-tests-debuginfo-2:1.39.6-2.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:buildah-tests-debuginfo-2:1.39.6-2.el9_6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "net/url: Incorrect parsing of IPv6 host literals in net/url"
}
]
}
RHSA-2026:11768
Vulnerability from csaf_redhat - Published: 2026-04-29 14:26 - Updated: 2026-06-27 08:39Summary
Red Hat Security Advisory: Red Hat Update Infrastructure 5.2 Technology Preview security update
Severity
Important
Notes
Topic: A new set of Red Hat Update Infrastructure container images is now available as a Technology Preview in the Red Hat container registry.
Details: Technology Preview features are not fully supported, may not be functionally complete, and are not suitable for deployment in production.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in libarchive. This heap out-of-bounds read vulnerability exists in the RAR archive processing logic due to improper validation of the LZSS sliding window size after transitions between compression methods. A remote attacker can exploit this by providing a specially crafted RAR archive, leading to the disclosure of sensitive heap memory information without requiring authentication or user interaction.
7.5 (High)
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/cds-kubernetes-tp-rhel9@sha256:9c099abe9fe9f06816a9ddd95c8123bd2909e66aa31b05ce5a143495efedd274_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/installer-tp-rhel9@sha256:9827772c3fffde2b94ac6758eb146209973bb09bd86980e02cd0cafa66f4aa3e_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/rhua-tp-rhel9@sha256:1debabb74204bd06904737367b77cb42ab5d69e73da5c051e74e8dbc7e6719fa_amd64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in the Python webbrowser.open() API. If a specially crafted URL containing "%action" is processed, an attacker could bypass a previous mitigation for CVE-2026-4519. This bypass allows for command injection into the underlying shell, potentially leading to arbitrary code execution.
7.1 (High)
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/cds-kubernetes-tp-rhel9@sha256:9c099abe9fe9f06816a9ddd95c8123bd2909e66aa31b05ce5a143495efedd274_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/installer-tp-rhel9@sha256:9827772c3fffde2b94ac6758eb146209973bb09bd86980e02cd0cafa66f4aa3e_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/rhua-tp-rhel9@sha256:1debabb74204bd06904737367b77cb42ab5d69e73da5c051e74e8dbc7e6719fa_amd64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in libarchive. On 32-bit systems, an integer overflow vulnerability exists in the zisofs block pointer allocation logic. A remote attacker can exploit this by providing a specially crafted ISO9660 image, which can lead to a heap buffer overflow. This could potentially allow for arbitrary code execution on the affected system.
7.5 (High)
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/cds-kubernetes-tp-rhel9@sha256:9c099abe9fe9f06816a9ddd95c8123bd2909e66aa31b05ce5a143495efedd274_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/installer-tp-rhel9@sha256:9827772c3fffde2b94ac6758eb146209973bb09bd86980e02cd0cafa66f4aa3e_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/rhua-tp-rhel9@sha256:1debabb74204bd06904737367b77cb42ab5d69e73da5c051e74e8dbc7e6719fa_amd64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in Python's decompression modules, including `lzma.LZMADecompressor`, `bz2.BZ2Decompressor`, and `gzip.GzipFile`. This vulnerability, a use-after-free, can occur if a program attempts to re-use a decompression object after a memory allocation error, especially when the system is experiencing high memory usage. Exploitation of this flaw could potentially allow an attacker to execute arbitrary code or access sensitive data. The vulnerability is only present if the program re-uses decompressor instances across multiple decompression calls even after a `MemoryError` is raised during decompression. Using the helper functions to one-shot decompress data such as `lzma.decompress()`, `bz2.decompress()`, `gzip.decompress()`, and `zlib.decompress()` are not affected as a new decompressor instance is used per call. If the decompressor instance is not re-used after an error condition, this usage is similarly not vulnerable.
8.1 (High)
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/cds-kubernetes-tp-rhel9@sha256:9c099abe9fe9f06816a9ddd95c8123bd2909e66aa31b05ce5a143495efedd274_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/installer-tp-rhel9@sha256:9827772c3fffde2b94ac6758eb146209973bb09bd86980e02cd0cafa66f4aa3e_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/rhua-tp-rhel9@sha256:1debabb74204bd06904737367b77cb42ab5d69e73da5c051e74e8dbc7e6719fa_amd64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/rhua-tp-rhel9@sha256:1debabb74204bd06904737367b77cb42ab5d69e73da5c051e74e8dbc7e6719fa_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/cds-kubernetes-tp-rhel9@sha256:9c099abe9fe9f06816a9ddd95c8123bd2909e66aa31b05ce5a143495efedd274_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/installer-tp-rhel9@sha256:9827772c3fffde2b94ac6758eb146209973bb09bd86980e02cd0cafa66f4aa3e_amd64 | — |
Workaround
|
Threats
Impact
Important
A flaw was found in nghttp2. Due to missing internal state validation, the library continues to process incoming data even after a session has been terminated. A remote attacker could exploit this by sending a specially crafted HTTP/2 frame, leading to an assertion failure and a denial of service (DoS).
7.5 (High)
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/cds-kubernetes-tp-rhel9@sha256:9c099abe9fe9f06816a9ddd95c8123bd2909e66aa31b05ce5a143495efedd274_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/installer-tp-rhel9@sha256:9827772c3fffde2b94ac6758eb146209973bb09bd86980e02cd0cafa66f4aa3e_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/rhua-tp-rhel9@sha256:1debabb74204bd06904737367b77cb42ab5d69e73da5c051e74e8dbc7e6719fa_amd64 | — |
Vendor Fix
fix
|
Threats
Impact
Important
A flaw was found in Vim, an open-source command-line text editor. Specifically, an operating system (OS) command injection vulnerability exists in the `netrw` standard plugin. A remote attacker could exploit this by tricking a user into opening a specially crafted URL, such as one using the `scp://` protocol handler. Successful exploitation allows the attacker to execute arbitrary shell commands with the same privileges as the Vim process, leading to potential system compromise.
4.4 (Medium)
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/cds-kubernetes-tp-rhel9@sha256:9c099abe9fe9f06816a9ddd95c8123bd2909e66aa31b05ce5a143495efedd274_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/installer-tp-rhel9@sha256:9827772c3fffde2b94ac6758eb146209973bb09bd86980e02cd0cafa66f4aa3e_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/rhua-tp-rhel9@sha256:1debabb74204bd06904737367b77cb42ab5d69e73da5c051e74e8dbc7e6719fa_amd64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in Vim. This vulnerability, a heap-buffer-overflow and a segmentation fault, exists in the swap file recovery logic. A local attacker could exploit this by providing a specially crafted swap file. This could lead to a denial of service (DoS) or potentially information disclosure.
5.3 (Medium)
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/cds-kubernetes-tp-rhel9@sha256:9c099abe9fe9f06816a9ddd95c8123bd2909e66aa31b05ce5a143495efedd274_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/installer-tp-rhel9@sha256:9827772c3fffde2b94ac6758eb146209973bb09bd86980e02cd0cafa66f4aa3e_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/rhua-tp-rhel9@sha256:1debabb74204bd06904737367b77cb42ab5d69e73da5c051e74e8dbc7e6719fa_amd64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in Vim. By including a newline character in a pattern passed to Vim's glob() function, an attacker may be able to execute arbitrary shell commands. This command injection vulnerability allows for arbitrary code execution, depending on the user's shell settings.
7.3 (High)
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/cds-kubernetes-tp-rhel9@sha256:9c099abe9fe9f06816a9ddd95c8123bd2909e66aa31b05ce5a143495efedd274_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/installer-tp-rhel9@sha256:9827772c3fffde2b94ac6758eb146209973bb09bd86980e02cd0cafa66f4aa3e_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/rhua-tp-rhel9@sha256:1debabb74204bd06904737367b77cb42ab5d69e73da5c051e74e8dbc7e6719fa_amd64 | — |
Vendor Fix
fix
|
Threats
Impact
Important
References
78 references
Acknowledgments
Elhanan Haenel
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "A new set of Red Hat Update Infrastructure container images is now available as a Technology Preview in the Red Hat container registry.",
"title": "Topic"
},
{
"category": "general",
"text": "Technology Preview features are not fully supported, may not be functionally complete, and are not suitable for deployment in production.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:11768",
"url": "https://access.redhat.com/errata/RHSA-2026:11768"
},
{
"category": "external",
"summary": "https://access.redhat.com/articles/7141172",
"url": "https://access.redhat.com/articles/7141172"
},
{
"category": "external",
"summary": "https://access.redhat.com/products/red-hat-update-infrastructure",
"url": "https://access.redhat.com/products/red-hat-update-infrastructure"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-25679",
"url": "https://access.redhat.com/security/cve/CVE-2026-25679"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-27135",
"url": "https://access.redhat.com/security/cve/CVE-2026-27135"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-28417",
"url": "https://access.redhat.com/security/cve/CVE-2026-28417"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-28421",
"url": "https://access.redhat.com/security/cve/CVE-2026-28421"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-33412",
"url": "https://access.redhat.com/security/cve/CVE-2026-33412"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-4424",
"url": "https://access.redhat.com/security/cve/CVE-2026-4424"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-4786",
"url": "https://access.redhat.com/security/cve/CVE-2026-4786"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-5121",
"url": "https://access.redhat.com/security/cve/CVE-2026-5121"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-6100",
"url": "https://access.redhat.com/security/cve/CVE-2026-6100"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "external",
"summary": "https://docs.redhat.com/en/documentation/red_hat_update_infrastructure/5",
"url": "https://docs.redhat.com/en/documentation/red_hat_update_infrastructure/5"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_11768.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Update Infrastructure 5.2 Technology Preview security update",
"tracking": {
"current_release_date": "2026-06-27T08:39:47+00:00",
"generator": {
"date": "2026-06-27T08:39:47+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.2.6"
}
},
"id": "RHSA-2026:11768",
"initial_release_date": "2026-04-29T14:26:51+00:00",
"revision_history": [
{
"date": "2026-04-29T14:26:51+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-04-29T14:27:04+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-27T08:39:47+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Update Infrastructure 5",
"product": {
"name": "Red Hat Update Infrastructure 5",
"product_id": "Red Hat Update Infrastructure 5",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhui:5::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat Update Infrastructure"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/rhui5/cds-kubernetes-tp-rhel9@sha256:9c099abe9fe9f06816a9ddd95c8123bd2909e66aa31b05ce5a143495efedd274_amd64",
"product": {
"name": "registry.redhat.io/rhui5/cds-kubernetes-tp-rhel9@sha256:9c099abe9fe9f06816a9ddd95c8123bd2909e66aa31b05ce5a143495efedd274_amd64",
"product_id": "registry.redhat.io/rhui5/cds-kubernetes-tp-rhel9@sha256:9c099abe9fe9f06816a9ddd95c8123bd2909e66aa31b05ce5a143495efedd274_amd64",
"product_identification_helper": {
"purl": "pkg:oci/cds-kubernetes-tp-rhel9@sha256%3A9c099abe9fe9f06816a9ddd95c8123bd2909e66aa31b05ce5a143495efedd274?arch=amd64\u0026repository_url=registry.redhat.io/rhui5\u0026tag=1777459441"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhui5/installer-tp-rhel9@sha256:9827772c3fffde2b94ac6758eb146209973bb09bd86980e02cd0cafa66f4aa3e_amd64",
"product": {
"name": "registry.redhat.io/rhui5/installer-tp-rhel9@sha256:9827772c3fffde2b94ac6758eb146209973bb09bd86980e02cd0cafa66f4aa3e_amd64",
"product_id": "registry.redhat.io/rhui5/installer-tp-rhel9@sha256:9827772c3fffde2b94ac6758eb146209973bb09bd86980e02cd0cafa66f4aa3e_amd64",
"product_identification_helper": {
"purl": "pkg:oci/installer-tp-rhel9@sha256%3A9827772c3fffde2b94ac6758eb146209973bb09bd86980e02cd0cafa66f4aa3e?arch=amd64\u0026repository_url=registry.redhat.io/rhui5\u0026tag=1777454300"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhui5/rhua-tp-rhel9@sha256:1debabb74204bd06904737367b77cb42ab5d69e73da5c051e74e8dbc7e6719fa_amd64",
"product": {
"name": "registry.redhat.io/rhui5/rhua-tp-rhel9@sha256:1debabb74204bd06904737367b77cb42ab5d69e73da5c051e74e8dbc7e6719fa_amd64",
"product_id": "registry.redhat.io/rhui5/rhua-tp-rhel9@sha256:1debabb74204bd06904737367b77cb42ab5d69e73da5c051e74e8dbc7e6719fa_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhua-tp-rhel9@sha256%3A1debabb74204bd06904737367b77cb42ab5d69e73da5c051e74e8dbc7e6719fa?arch=amd64\u0026repository_url=registry.redhat.io/rhui5\u0026tag=1777459504"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhui5/cds-kubernetes-tp-rhel9@sha256:9c099abe9fe9f06816a9ddd95c8123bd2909e66aa31b05ce5a143495efedd274_amd64 as a component of Red Hat Update Infrastructure 5",
"product_id": "Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/cds-kubernetes-tp-rhel9@sha256:9c099abe9fe9f06816a9ddd95c8123bd2909e66aa31b05ce5a143495efedd274_amd64"
},
"product_reference": "registry.redhat.io/rhui5/cds-kubernetes-tp-rhel9@sha256:9c099abe9fe9f06816a9ddd95c8123bd2909e66aa31b05ce5a143495efedd274_amd64",
"relates_to_product_reference": "Red Hat Update Infrastructure 5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhui5/installer-tp-rhel9@sha256:9827772c3fffde2b94ac6758eb146209973bb09bd86980e02cd0cafa66f4aa3e_amd64 as a component of Red Hat Update Infrastructure 5",
"product_id": "Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/installer-tp-rhel9@sha256:9827772c3fffde2b94ac6758eb146209973bb09bd86980e02cd0cafa66f4aa3e_amd64"
},
"product_reference": "registry.redhat.io/rhui5/installer-tp-rhel9@sha256:9827772c3fffde2b94ac6758eb146209973bb09bd86980e02cd0cafa66f4aa3e_amd64",
"relates_to_product_reference": "Red Hat Update Infrastructure 5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhui5/rhua-tp-rhel9@sha256:1debabb74204bd06904737367b77cb42ab5d69e73da5c051e74e8dbc7e6719fa_amd64 as a component of Red Hat Update Infrastructure 5",
"product_id": "Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/rhua-tp-rhel9@sha256:1debabb74204bd06904737367b77cb42ab5d69e73da5c051e74e8dbc7e6719fa_amd64"
},
"product_reference": "registry.redhat.io/rhui5/rhua-tp-rhel9@sha256:1debabb74204bd06904737367b77cb42ab5d69e73da5c051e74e8dbc7e6719fa_amd64",
"relates_to_product_reference": "Red Hat Update Infrastructure 5"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Elhanan Haenel"
]
}
],
"cve": "CVE-2026-4424",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2026-03-19T12:22:21.740000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2449006"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in libarchive. This heap out-of-bounds read vulnerability exists in the RAR archive processing logic due to improper validation of the LZSS sliding window size after transitions between compression methods. A remote attacker can exploit this by providing a specially crafted RAR archive, leading to the disclosure of sensitive heap memory information without requiring authentication or user interaction.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libarchive: libarchive: Information disclosure via heap out-of-bounds read in RAR archive processing",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "IMPORTANT: This heap out-of-bounds read vulnerability in libarchive\u0027s RAR archive processing logic can lead to information disclosure. A remote attacker can exploit this flaw by providing a specially crafted RAR archive, potentially revealing sensitive heap memory information without requiring authentication or user interaction on systems that process untrusted archives.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/cds-kubernetes-tp-rhel9@sha256:9c099abe9fe9f06816a9ddd95c8123bd2909e66aa31b05ce5a143495efedd274_amd64",
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/installer-tp-rhel9@sha256:9827772c3fffde2b94ac6758eb146209973bb09bd86980e02cd0cafa66f4aa3e_amd64",
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/rhua-tp-rhel9@sha256:1debabb74204bd06904737367b77cb42ab5d69e73da5c051e74e8dbc7e6719fa_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-4424"
},
{
"category": "external",
"summary": "RHBZ#2449006",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2449006"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-4424",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4424"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-4424",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4424"
},
{
"category": "external",
"summary": "https://github.com/libarchive/libarchive/pull/2898",
"url": "https://github.com/libarchive/libarchive/pull/2898"
}
],
"release_date": "2026-03-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-29T14:26:51+00:00",
"details": "Please consult the RHUI Technology Preview Release Notes at https://access.redhat.com/articles/7141172\nfor instructions on how to use this image set.",
"product_ids": [
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/cds-kubernetes-tp-rhel9@sha256:9c099abe9fe9f06816a9ddd95c8123bd2909e66aa31b05ce5a143495efedd274_amd64",
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/installer-tp-rhel9@sha256:9827772c3fffde2b94ac6758eb146209973bb09bd86980e02cd0cafa66f4aa3e_amd64",
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/rhua-tp-rhel9@sha256:1debabb74204bd06904737367b77cb42ab5d69e73da5c051e74e8dbc7e6719fa_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:11768"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/cds-kubernetes-tp-rhel9@sha256:9c099abe9fe9f06816a9ddd95c8123bd2909e66aa31b05ce5a143495efedd274_amd64",
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/installer-tp-rhel9@sha256:9827772c3fffde2b94ac6758eb146209973bb09bd86980e02cd0cafa66f4aa3e_amd64",
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/rhua-tp-rhel9@sha256:1debabb74204bd06904737367b77cb42ab5d69e73da5c051e74e8dbc7e6719fa_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/cds-kubernetes-tp-rhel9@sha256:9c099abe9fe9f06816a9ddd95c8123bd2909e66aa31b05ce5a143495efedd274_amd64",
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/installer-tp-rhel9@sha256:9827772c3fffde2b94ac6758eb146209973bb09bd86980e02cd0cafa66f4aa3e_amd64",
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/rhua-tp-rhel9@sha256:1debabb74204bd06904737367b77cb42ab5d69e73da5c051e74e8dbc7e6719fa_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libarchive: libarchive: Information disclosure via heap out-of-bounds read in RAR archive processing"
},
{
"cve": "CVE-2026-4786",
"cwe": {
"id": "CWE-88",
"name": "Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027)"
},
"discovery_date": "2026-04-13T22:01:38.006388+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2458049"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Python webbrowser.open() API. If a specially crafted URL containing \"%action\" is processed, an attacker could bypass a previous mitigation for CVE-2026-4519. This bypass allows for command injection into the underlying shell, potentially leading to arbitrary code execution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "python: cpython: Python: Arbitrary code execution via command injection in webbrowser.open() API",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw in the Python `webbrowser.open()` API allows for command injection and arbitrary code execution when processing specially crafted URLs containing \"%action\". This bypasses a previous mitigation for CVE-2026-4519.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/cds-kubernetes-tp-rhel9@sha256:9c099abe9fe9f06816a9ddd95c8123bd2909e66aa31b05ce5a143495efedd274_amd64",
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/installer-tp-rhel9@sha256:9827772c3fffde2b94ac6758eb146209973bb09bd86980e02cd0cafa66f4aa3e_amd64",
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/rhua-tp-rhel9@sha256:1debabb74204bd06904737367b77cb42ab5d69e73da5c051e74e8dbc7e6719fa_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-4786"
},
{
"category": "external",
"summary": "RHBZ#2458049",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2458049"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-4786",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4786"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-4786",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4786"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/issues/148169",
"url": "https://github.com/python/cpython/issues/148169"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/pull/148170",
"url": "https://github.com/python/cpython/pull/148170"
},
{
"category": "external",
"summary": "https://mail.python.org/archives/list/security-announce@python.org/thread/JQDUNJVB4AQNTJECSUKOBDU3XCJIPSE5/",
"url": "https://mail.python.org/archives/list/security-announce@python.org/thread/JQDUNJVB4AQNTJECSUKOBDU3XCJIPSE5/"
}
],
"release_date": "2026-04-13T21:52:19.036000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-29T14:26:51+00:00",
"details": "Please consult the RHUI Technology Preview Release Notes at https://access.redhat.com/articles/7141172\nfor instructions on how to use this image set.",
"product_ids": [
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/cds-kubernetes-tp-rhel9@sha256:9c099abe9fe9f06816a9ddd95c8123bd2909e66aa31b05ce5a143495efedd274_amd64",
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/installer-tp-rhel9@sha256:9827772c3fffde2b94ac6758eb146209973bb09bd86980e02cd0cafa66f4aa3e_amd64",
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/rhua-tp-rhel9@sha256:1debabb74204bd06904737367b77cb42ab5d69e73da5c051e74e8dbc7e6719fa_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:11768"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/cds-kubernetes-tp-rhel9@sha256:9c099abe9fe9f06816a9ddd95c8123bd2909e66aa31b05ce5a143495efedd274_amd64",
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/installer-tp-rhel9@sha256:9827772c3fffde2b94ac6758eb146209973bb09bd86980e02cd0cafa66f4aa3e_amd64",
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/rhua-tp-rhel9@sha256:1debabb74204bd06904737367b77cb42ab5d69e73da5c051e74e8dbc7e6719fa_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"products": [
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/cds-kubernetes-tp-rhel9@sha256:9c099abe9fe9f06816a9ddd95c8123bd2909e66aa31b05ce5a143495efedd274_amd64",
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/installer-tp-rhel9@sha256:9827772c3fffde2b94ac6758eb146209973bb09bd86980e02cd0cafa66f4aa3e_amd64",
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/rhua-tp-rhel9@sha256:1debabb74204bd06904737367b77cb42ab5d69e73da5c051e74e8dbc7e6719fa_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "python: cpython: Python: Arbitrary code execution via command injection in webbrowser.open() API"
},
{
"acknowledgments": [
{
"names": [
"Elhanan Haenel"
]
}
],
"cve": "CVE-2026-5121",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2026-03-30T07:40:25.358335+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2452945"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in libarchive. On 32-bit systems, an integer overflow vulnerability exists in the zisofs block pointer allocation logic. A remote attacker can exploit this by providing a specially crafted ISO9660 image, which can lead to a heap buffer overflow. This could potentially allow for arbitrary code execution on the affected system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libarchive: libarchive: Arbitrary code execution via integer overflow in ISO9660 image processing",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Important: An integer overflow flaw in `libarchive` on 32-bit systems can lead to a heap buffer overflow. This vulnerability occurs when processing a specially crafted ISO9660 image, allowing an attacker to potentially execute arbitrary code. Red Hat Enterprise Linux 64-bit systems are not affected by this flaw.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/cds-kubernetes-tp-rhel9@sha256:9c099abe9fe9f06816a9ddd95c8123bd2909e66aa31b05ce5a143495efedd274_amd64",
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/installer-tp-rhel9@sha256:9827772c3fffde2b94ac6758eb146209973bb09bd86980e02cd0cafa66f4aa3e_amd64",
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/rhua-tp-rhel9@sha256:1debabb74204bd06904737367b77cb42ab5d69e73da5c051e74e8dbc7e6719fa_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-5121"
},
{
"category": "external",
"summary": "RHBZ#2452945",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2452945"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-5121",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-5121"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-5121",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5121"
},
{
"category": "external",
"summary": "https://github.com/advisories/GHSA-2vwv-vqpv-v8vc",
"url": "https://github.com/advisories/GHSA-2vwv-vqpv-v8vc"
},
{
"category": "external",
"summary": "https://github.com/libarchive/libarchive/pull/2934",
"url": "https://github.com/libarchive/libarchive/pull/2934"
}
],
"release_date": "2026-03-30T07:44:15.222000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-29T14:26:51+00:00",
"details": "Please consult the RHUI Technology Preview Release Notes at https://access.redhat.com/articles/7141172\nfor instructions on how to use this image set.",
"product_ids": [
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/cds-kubernetes-tp-rhel9@sha256:9c099abe9fe9f06816a9ddd95c8123bd2909e66aa31b05ce5a143495efedd274_amd64",
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/installer-tp-rhel9@sha256:9827772c3fffde2b94ac6758eb146209973bb09bd86980e02cd0cafa66f4aa3e_amd64",
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/rhua-tp-rhel9@sha256:1debabb74204bd06904737367b77cb42ab5d69e73da5c051e74e8dbc7e6719fa_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:11768"
},
{
"category": "workaround",
"details": "To mitigate this issue, avoid processing untrusted ISO9660 images with applications that utilize `libarchive`. Users should only extract or read content from ISO images obtained from trusted sources.",
"product_ids": [
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/cds-kubernetes-tp-rhel9@sha256:9c099abe9fe9f06816a9ddd95c8123bd2909e66aa31b05ce5a143495efedd274_amd64",
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/installer-tp-rhel9@sha256:9827772c3fffde2b94ac6758eb146209973bb09bd86980e02cd0cafa66f4aa3e_amd64",
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/rhua-tp-rhel9@sha256:1debabb74204bd06904737367b77cb42ab5d69e73da5c051e74e8dbc7e6719fa_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/cds-kubernetes-tp-rhel9@sha256:9c099abe9fe9f06816a9ddd95c8123bd2909e66aa31b05ce5a143495efedd274_amd64",
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/installer-tp-rhel9@sha256:9827772c3fffde2b94ac6758eb146209973bb09bd86980e02cd0cafa66f4aa3e_amd64",
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/rhua-tp-rhel9@sha256:1debabb74204bd06904737367b77cb42ab5d69e73da5c051e74e8dbc7e6719fa_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libarchive: libarchive: Arbitrary code execution via integer overflow in ISO9660 image processing"
},
{
"cve": "CVE-2026-6100",
"cwe": {
"id": "CWE-825",
"name": "Expired Pointer Dereference"
},
"discovery_date": "2026-04-13T18:01:31.970255+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2457932"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Python\u0027s decompression modules, including `lzma.LZMADecompressor`, `bz2.BZ2Decompressor`, and `gzip.GzipFile`. This vulnerability, a use-after-free, can occur if a program attempts to re-use a decompression object after a memory allocation error, especially when the system is experiencing high memory usage. Exploitation of this flaw could potentially allow an attacker to execute arbitrary code or access sensitive data. The vulnerability is only present if the program re-uses decompressor instances across multiple decompression calls even after a `MemoryError` is raised during decompression. Using the helper functions to one-shot decompress data such as `lzma.decompress()`, `bz2.decompress()`, `gzip.decompress()`, and `zlib.decompress()` are not affected as a new decompressor instance is used per call. If the decompressor instance is not re-used after an error condition, this usage is similarly not vulnerable.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "python: Python: Arbitrary code execution or information disclosure via use-after-free in decompression modules",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The severity of this flaw is somewhat mitigated on Red Hat platforms. By default processes are not executed with root user privilege and are limited in their scope which in turn limits the impact of this flaw.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/cds-kubernetes-tp-rhel9@sha256:9c099abe9fe9f06816a9ddd95c8123bd2909e66aa31b05ce5a143495efedd274_amd64",
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/installer-tp-rhel9@sha256:9827772c3fffde2b94ac6758eb146209973bb09bd86980e02cd0cafa66f4aa3e_amd64",
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/rhua-tp-rhel9@sha256:1debabb74204bd06904737367b77cb42ab5d69e73da5c051e74e8dbc7e6719fa_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-6100"
},
{
"category": "external",
"summary": "RHBZ#2457932",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2457932"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-6100",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-6100"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-6100",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6100"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/commit/6a5f79c8d7bbf22b083b240910c7a8781a59437d",
"url": "https://github.com/python/cpython/commit/6a5f79c8d7bbf22b083b240910c7a8781a59437d"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/commit/8fc66aef6d7b3ae58f43f5c66f9366cc8cbbfcd2",
"url": "https://github.com/python/cpython/commit/8fc66aef6d7b3ae58f43f5c66f9366cc8cbbfcd2"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/commit/c3cf71c3366fe49acb776a639405c0eea6169c20",
"url": "https://github.com/python/cpython/commit/c3cf71c3366fe49acb776a639405c0eea6169c20"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/issues/148395",
"url": "https://github.com/python/cpython/issues/148395"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/pull/148396",
"url": "https://github.com/python/cpython/pull/148396"
},
{
"category": "external",
"summary": "https://mail.python.org/archives/list/security-announce@python.org/thread/HTWB2Z6KT5QQX4RYEZAFININDHNOSIF3/",
"url": "https://mail.python.org/archives/list/security-announce@python.org/thread/HTWB2Z6KT5QQX4RYEZAFININDHNOSIF3/"
}
],
"release_date": "2026-04-13T17:15:47.606000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-29T14:26:51+00:00",
"details": "Please consult the RHUI Technology Preview Release Notes at https://access.redhat.com/articles/7141172\nfor instructions on how to use this image set.",
"product_ids": [
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/cds-kubernetes-tp-rhel9@sha256:9c099abe9fe9f06816a9ddd95c8123bd2909e66aa31b05ce5a143495efedd274_amd64",
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/installer-tp-rhel9@sha256:9827772c3fffde2b94ac6758eb146209973bb09bd86980e02cd0cafa66f4aa3e_amd64",
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/rhua-tp-rhel9@sha256:1debabb74204bd06904737367b77cb42ab5d69e73da5c051e74e8dbc7e6719fa_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:11768"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/cds-kubernetes-tp-rhel9@sha256:9c099abe9fe9f06816a9ddd95c8123bd2909e66aa31b05ce5a143495efedd274_amd64",
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/installer-tp-rhel9@sha256:9827772c3fffde2b94ac6758eb146209973bb09bd86980e02cd0cafa66f4aa3e_amd64",
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/rhua-tp-rhel9@sha256:1debabb74204bd06904737367b77cb42ab5d69e73da5c051e74e8dbc7e6719fa_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/cds-kubernetes-tp-rhel9@sha256:9c099abe9fe9f06816a9ddd95c8123bd2909e66aa31b05ce5a143495efedd274_amd64",
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/installer-tp-rhel9@sha256:9827772c3fffde2b94ac6758eb146209973bb09bd86980e02cd0cafa66f4aa3e_amd64",
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/rhua-tp-rhel9@sha256:1debabb74204bd06904737367b77cb42ab5d69e73da5c051e74e8dbc7e6719fa_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "python: Python: Arbitrary code execution or information disclosure via use-after-free in decompression modules"
},
{
"cve": "CVE-2026-25679",
"cwe": {
"id": "CWE-1286",
"name": "Improper Validation of Syntactic Correctness of Input"
},
"discovery_date": "2026-03-06T22:02:11.567841+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/cds-kubernetes-tp-rhel9@sha256:9c099abe9fe9f06816a9ddd95c8123bd2909e66aa31b05ce5a143495efedd274_amd64",
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/installer-tp-rhel9@sha256:9827772c3fffde2b94ac6758eb146209973bb09bd86980e02cd0cafa66f4aa3e_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2445356"
}
],
"notes": [
{
"category": "description",
"text": "The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "net/url: Incorrect parsing of IPv6 host literals in net/url",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/rhua-tp-rhel9@sha256:1debabb74204bd06904737367b77cb42ab5d69e73da5c051e74e8dbc7e6719fa_amd64"
],
"known_not_affected": [
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/cds-kubernetes-tp-rhel9@sha256:9c099abe9fe9f06816a9ddd95c8123bd2909e66aa31b05ce5a143495efedd274_amd64",
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/installer-tp-rhel9@sha256:9827772c3fffde2b94ac6758eb146209973bb09bd86980e02cd0cafa66f4aa3e_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-25679"
},
{
"category": "external",
"summary": "RHBZ#2445356",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445356"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-25679",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25679"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-25679",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25679"
},
{
"category": "external",
"summary": "https://go.dev/cl/752180",
"url": "https://go.dev/cl/752180"
},
{
"category": "external",
"summary": "https://go.dev/issue/77578",
"url": "https://go.dev/issue/77578"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk",
"url": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4601",
"url": "https://pkg.go.dev/vuln/GO-2026-4601"
}
],
"release_date": "2026-03-06T21:28:14.211000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-29T14:26:51+00:00",
"details": "Please consult the RHUI Technology Preview Release Notes at https://access.redhat.com/articles/7141172\nfor instructions on how to use this image set.",
"product_ids": [
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/rhua-tp-rhel9@sha256:1debabb74204bd06904737367b77cb42ab5d69e73da5c051e74e8dbc7e6719fa_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:11768"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/cds-kubernetes-tp-rhel9@sha256:9c099abe9fe9f06816a9ddd95c8123bd2909e66aa31b05ce5a143495efedd274_amd64",
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/installer-tp-rhel9@sha256:9827772c3fffde2b94ac6758eb146209973bb09bd86980e02cd0cafa66f4aa3e_amd64",
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/rhua-tp-rhel9@sha256:1debabb74204bd06904737367b77cb42ab5d69e73da5c051e74e8dbc7e6719fa_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/cds-kubernetes-tp-rhel9@sha256:9c099abe9fe9f06816a9ddd95c8123bd2909e66aa31b05ce5a143495efedd274_amd64",
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/installer-tp-rhel9@sha256:9827772c3fffde2b94ac6758eb146209973bb09bd86980e02cd0cafa66f4aa3e_amd64",
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/rhua-tp-rhel9@sha256:1debabb74204bd06904737367b77cb42ab5d69e73da5c051e74e8dbc7e6719fa_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "net/url: Incorrect parsing of IPv6 host literals in net/url"
},
{
"cve": "CVE-2026-27135",
"cwe": {
"id": "CWE-617",
"name": "Reachable Assertion"
},
"discovery_date": "2026-03-18T19:02:13.823002+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2448754"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in nghttp2. Due to missing internal state validation, the library continues to process incoming data even after a session has been terminated. A remote attacker could exploit this by sending a specially crafted HTTP/2 frame, leading to an assertion failure and a denial of service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nghttp2: nghttp2: Denial of Service via malformed HTTP/2 frames after session termination",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/cds-kubernetes-tp-rhel9@sha256:9c099abe9fe9f06816a9ddd95c8123bd2909e66aa31b05ce5a143495efedd274_amd64",
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/installer-tp-rhel9@sha256:9827772c3fffde2b94ac6758eb146209973bb09bd86980e02cd0cafa66f4aa3e_amd64",
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/rhua-tp-rhel9@sha256:1debabb74204bd06904737367b77cb42ab5d69e73da5c051e74e8dbc7e6719fa_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-27135"
},
{
"category": "external",
"summary": "RHBZ#2448754",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448754"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-27135",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27135"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-27135",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27135"
},
{
"category": "external",
"summary": "https://github.com/nghttp2/nghttp2/commit/5c7df8fa815ac1004d9ecb9d1f7595c4d37f46e1",
"url": "https://github.com/nghttp2/nghttp2/commit/5c7df8fa815ac1004d9ecb9d1f7595c4d37f46e1"
},
{
"category": "external",
"summary": "https://github.com/nghttp2/nghttp2/security/advisories/GHSA-6933-cjhr-5qg6",
"url": "https://github.com/nghttp2/nghttp2/security/advisories/GHSA-6933-cjhr-5qg6"
}
],
"release_date": "2026-03-18T17:59:02.045000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-29T14:26:51+00:00",
"details": "Please consult the RHUI Technology Preview Release Notes at https://access.redhat.com/articles/7141172\nfor instructions on how to use this image set.",
"product_ids": [
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/cds-kubernetes-tp-rhel9@sha256:9c099abe9fe9f06816a9ddd95c8123bd2909e66aa31b05ce5a143495efedd274_amd64",
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/installer-tp-rhel9@sha256:9827772c3fffde2b94ac6758eb146209973bb09bd86980e02cd0cafa66f4aa3e_amd64",
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/rhua-tp-rhel9@sha256:1debabb74204bd06904737367b77cb42ab5d69e73da5c051e74e8dbc7e6719fa_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:11768"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/cds-kubernetes-tp-rhel9@sha256:9c099abe9fe9f06816a9ddd95c8123bd2909e66aa31b05ce5a143495efedd274_amd64",
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/installer-tp-rhel9@sha256:9827772c3fffde2b94ac6758eb146209973bb09bd86980e02cd0cafa66f4aa3e_amd64",
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/rhua-tp-rhel9@sha256:1debabb74204bd06904737367b77cb42ab5d69e73da5c051e74e8dbc7e6719fa_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "nghttp2: nghttp2: Denial of Service via malformed HTTP/2 frames after session termination"
},
{
"cve": "CVE-2026-28417",
"cwe": {
"id": "CWE-78",
"name": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
},
"discovery_date": "2026-02-27T22:01:53.728412+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2443455"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Vim, an open-source command-line text editor. Specifically, an operating system (OS) command injection vulnerability exists in the `netrw` standard plugin. A remote attacker could exploit this by tricking a user into opening a specially crafted URL, such as one using the `scp://` protocol handler. Successful exploitation allows the attacker to execute arbitrary shell commands with the same privileges as the Vim process, leading to potential system compromise.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "vim: Vim: Arbitrary code execution via OS command injection in the netrw plugin",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The risk posed by this vulnerability is limited on Red Hat products due to user and system isolation features which are enabled by default. The impacts of this flaw will be limited by the active user\u0027s permissions and access control limits. Host systems are not at risk when following Red Hat guidelines and the root user account is not actively executing Vim.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/cds-kubernetes-tp-rhel9@sha256:9c099abe9fe9f06816a9ddd95c8123bd2909e66aa31b05ce5a143495efedd274_amd64",
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/installer-tp-rhel9@sha256:9827772c3fffde2b94ac6758eb146209973bb09bd86980e02cd0cafa66f4aa3e_amd64",
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/rhua-tp-rhel9@sha256:1debabb74204bd06904737367b77cb42ab5d69e73da5c051e74e8dbc7e6719fa_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-28417"
},
{
"category": "external",
"summary": "RHBZ#2443455",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2443455"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-28417",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28417"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-28417",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28417"
},
{
"category": "external",
"summary": "https://github.com/vim/vim/commit/79348dbbc09332130f4c860",
"url": "https://github.com/vim/vim/commit/79348dbbc09332130f4c860"
},
{
"category": "external",
"summary": "https://github.com/vim/vim/releases/tag/v9.2.0073",
"url": "https://github.com/vim/vim/releases/tag/v9.2.0073"
},
{
"category": "external",
"summary": "https://github.com/vim/vim/security/advisories/GHSA-m3xh-9434-g336",
"url": "https://github.com/vim/vim/security/advisories/GHSA-m3xh-9434-g336"
}
],
"release_date": "2026-02-27T21:54:35.196000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-29T14:26:51+00:00",
"details": "Please consult the RHUI Technology Preview Release Notes at https://access.redhat.com/articles/7141172\nfor instructions on how to use this image set.",
"product_ids": [
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/cds-kubernetes-tp-rhel9@sha256:9c099abe9fe9f06816a9ddd95c8123bd2909e66aa31b05ce5a143495efedd274_amd64",
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/installer-tp-rhel9@sha256:9827772c3fffde2b94ac6758eb146209973bb09bd86980e02cd0cafa66f4aa3e_amd64",
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/rhua-tp-rhel9@sha256:1debabb74204bd06904737367b77cb42ab5d69e73da5c051e74e8dbc7e6719fa_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:11768"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/cds-kubernetes-tp-rhel9@sha256:9c099abe9fe9f06816a9ddd95c8123bd2909e66aa31b05ce5a143495efedd274_amd64",
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/installer-tp-rhel9@sha256:9827772c3fffde2b94ac6758eb146209973bb09bd86980e02cd0cafa66f4aa3e_amd64",
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/rhua-tp-rhel9@sha256:1debabb74204bd06904737367b77cb42ab5d69e73da5c051e74e8dbc7e6719fa_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/cds-kubernetes-tp-rhel9@sha256:9c099abe9fe9f06816a9ddd95c8123bd2909e66aa31b05ce5a143495efedd274_amd64",
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/installer-tp-rhel9@sha256:9827772c3fffde2b94ac6758eb146209973bb09bd86980e02cd0cafa66f4aa3e_amd64",
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/rhua-tp-rhel9@sha256:1debabb74204bd06904737367b77cb42ab5d69e73da5c051e74e8dbc7e6719fa_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "vim: Vim: Arbitrary code execution via OS command injection in the netrw plugin"
},
{
"cve": "CVE-2026-28421",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"discovery_date": "2026-02-27T23:01:44.673504+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2443474"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Vim. This vulnerability, a heap-buffer-overflow and a segmentation fault, exists in the swap file recovery logic. A local attacker could exploit this by providing a specially crafted swap file. This could lead to a denial of service (DoS) or potentially information disclosure.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "vim: Vim: Denial of service and information disclosure via crafted swap file",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The risk posed by this vulnerability is limited on Red Hat products due to user and system isolation features which are enabled by default. The impacts of this flaw will be limited by the active user\u0027s permissions and access control limits. Host systems are not at risk when following Red Hat guidelines and the root user account is not actively executing Vim.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/cds-kubernetes-tp-rhel9@sha256:9c099abe9fe9f06816a9ddd95c8123bd2909e66aa31b05ce5a143495efedd274_amd64",
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/installer-tp-rhel9@sha256:9827772c3fffde2b94ac6758eb146209973bb09bd86980e02cd0cafa66f4aa3e_amd64",
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/rhua-tp-rhel9@sha256:1debabb74204bd06904737367b77cb42ab5d69e73da5c051e74e8dbc7e6719fa_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-28421"
},
{
"category": "external",
"summary": "RHBZ#2443474",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2443474"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-28421",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28421"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-28421",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28421"
},
{
"category": "external",
"summary": "https://github.com/vim/vim/commit/65c1a143c331c886dc28",
"url": "https://github.com/vim/vim/commit/65c1a143c331c886dc28"
},
{
"category": "external",
"summary": "https://github.com/vim/vim/releases/tag/v9.2.0077",
"url": "https://github.com/vim/vim/releases/tag/v9.2.0077"
},
{
"category": "external",
"summary": "https://github.com/vim/vim/security/advisories/GHSA-r2gw-2x48-jj5p",
"url": "https://github.com/vim/vim/security/advisories/GHSA-r2gw-2x48-jj5p"
}
],
"release_date": "2026-02-27T22:06:34.312000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-29T14:26:51+00:00",
"details": "Please consult the RHUI Technology Preview Release Notes at https://access.redhat.com/articles/7141172\nfor instructions on how to use this image set.",
"product_ids": [
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/cds-kubernetes-tp-rhel9@sha256:9c099abe9fe9f06816a9ddd95c8123bd2909e66aa31b05ce5a143495efedd274_amd64",
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/installer-tp-rhel9@sha256:9827772c3fffde2b94ac6758eb146209973bb09bd86980e02cd0cafa66f4aa3e_amd64",
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/rhua-tp-rhel9@sha256:1debabb74204bd06904737367b77cb42ab5d69e73da5c051e74e8dbc7e6719fa_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:11768"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/cds-kubernetes-tp-rhel9@sha256:9c099abe9fe9f06816a9ddd95c8123bd2909e66aa31b05ce5a143495efedd274_amd64",
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/installer-tp-rhel9@sha256:9827772c3fffde2b94ac6758eb146209973bb09bd86980e02cd0cafa66f4aa3e_amd64",
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/rhua-tp-rhel9@sha256:1debabb74204bd06904737367b77cb42ab5d69e73da5c051e74e8dbc7e6719fa_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/cds-kubernetes-tp-rhel9@sha256:9c099abe9fe9f06816a9ddd95c8123bd2909e66aa31b05ce5a143495efedd274_amd64",
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/installer-tp-rhel9@sha256:9827772c3fffde2b94ac6758eb146209973bb09bd86980e02cd0cafa66f4aa3e_amd64",
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/rhua-tp-rhel9@sha256:1debabb74204bd06904737367b77cb42ab5d69e73da5c051e74e8dbc7e6719fa_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "vim: Vim: Denial of service and information disclosure via crafted swap file"
},
{
"cve": "CVE-2026-33412",
"cwe": {
"id": "CWE-78",
"name": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
},
"discovery_date": "2026-03-24T20:02:21.511965+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2450907"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Vim. By including a newline character in a pattern passed to Vim\u0027s glob() function, an attacker may be able to execute arbitrary shell commands. This command injection vulnerability allows for arbitrary code execution, depending on the user\u0027s shell settings.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "vim: Vim: Arbitrary code execution via command injection in glob() function",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/cds-kubernetes-tp-rhel9@sha256:9c099abe9fe9f06816a9ddd95c8123bd2909e66aa31b05ce5a143495efedd274_amd64",
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/installer-tp-rhel9@sha256:9827772c3fffde2b94ac6758eb146209973bb09bd86980e02cd0cafa66f4aa3e_amd64",
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/rhua-tp-rhel9@sha256:1debabb74204bd06904737367b77cb42ab5d69e73da5c051e74e8dbc7e6719fa_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-33412"
},
{
"category": "external",
"summary": "RHBZ#2450907",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450907"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-33412",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33412"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-33412",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33412"
},
{
"category": "external",
"summary": "https://github.com/vim/vim/commit/645ed6597d1ea896c712cd7ddbb6edee79577e9a",
"url": "https://github.com/vim/vim/commit/645ed6597d1ea896c712cd7ddbb6edee79577e9a"
},
{
"category": "external",
"summary": "https://github.com/vim/vim/releases/tag/v9.2.0202",
"url": "https://github.com/vim/vim/releases/tag/v9.2.0202"
},
{
"category": "external",
"summary": "https://github.com/vim/vim/security/advisories/GHSA-w5jw-f54h-x46c",
"url": "https://github.com/vim/vim/security/advisories/GHSA-w5jw-f54h-x46c"
}
],
"release_date": "2026-03-24T19:43:07.219000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-29T14:26:51+00:00",
"details": "Please consult the RHUI Technology Preview Release Notes at https://access.redhat.com/articles/7141172\nfor instructions on how to use this image set.",
"product_ids": [
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/cds-kubernetes-tp-rhel9@sha256:9c099abe9fe9f06816a9ddd95c8123bd2909e66aa31b05ce5a143495efedd274_amd64",
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/installer-tp-rhel9@sha256:9827772c3fffde2b94ac6758eb146209973bb09bd86980e02cd0cafa66f4aa3e_amd64",
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/rhua-tp-rhel9@sha256:1debabb74204bd06904737367b77cb42ab5d69e73da5c051e74e8dbc7e6719fa_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:11768"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/cds-kubernetes-tp-rhel9@sha256:9c099abe9fe9f06816a9ddd95c8123bd2909e66aa31b05ce5a143495efedd274_amd64",
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/installer-tp-rhel9@sha256:9827772c3fffde2b94ac6758eb146209973bb09bd86980e02cd0cafa66f4aa3e_amd64",
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/rhua-tp-rhel9@sha256:1debabb74204bd06904737367b77cb42ab5d69e73da5c051e74e8dbc7e6719fa_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "vim: Vim: Arbitrary code execution via command injection in glob() function"
}
]
}
RHSA-2026:11800
Vulnerability from csaf_redhat - Published: 2026-04-29 15:26 - Updated: 2026-06-27 08:41Summary
Red Hat Security Advisory: Logging for Red Hat OpenShift - 6.2.10
Severity
Important
Notes
Topic: Logging for Red Hat OpenShift - 6.2.10
Details: Red Hat OpenShift Logging 6.2.10 is a cluster-wide logging solution for OpenShift that collects and manages applications, infrastructure, and audit logs.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:328340d4d482b06ab444f435aeb9c2a43ac7177ecd1ab8eec297c56aa6467203_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:450a1302db3b38b2f63645dccd1d992a4b61e42fb375f49cd62d2af292fb54ac_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:ca54850f60fc615b3ff7f04399173853722a42845e9a7ebae5c50e9659eab90e_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:fe6e806f9e3dcfdf75897f769bd0ddca5d6f2333bf8d7109a8883c55f1473273_ppc64le | — |
Vendor Fix
fix
Workaround
|
Known not affected
30 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/cluster-logging-operator-bundle@sha256:17353255c31e79c2ec45de5367019e0fb30570a1cc3cff6be170199eeb18e4dc_amd64 | — |
Workaround
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:7fd22572f12bbc2029f24eb623eb814747500b436c1c9d303fe7c6e875006000_amd64 | — |
Workaround
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:8f625e3b3961e05ded9032076f88bfa4bdbb6dc5d64bb4a9a03284cc64ade3da_s390x | — |
Workaround
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:9a0ebc5fb636a3eb613eba828db0a52f95582533a15c121b01346fb55d335b49_ppc64le | — |
Workaround
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:cf63b1d43e799bf2fccf11c2f5ff1e8dabd407a4ed3174ebceb91a7b15ea33d8_arm64 | — |
Workaround
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:54e5b1a076008e32574ddff8fc3a3ea9aa8cfb3c2ba2d2736c39906f15b1350d_s390x | — |
Workaround
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:760d23df05d5ed4a370401c5bc0485ba9479312ef6628445995bfa4710b0b18b_amd64 | — |
Workaround
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:932962c0efa367e1b09b66deda20d58093321e376efb4fc8a99cae97854cf71b_ppc64le | — |
Workaround
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:b45be7ff7e4e9dd659de7573c01d22db97341e7b12a2306e35b0ed0db5c1b966_arm64 | — |
Workaround
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:303dbc8494a46ed4eb24a4e6ee503a5f3e791bbcd45af2576e111855514c17a9_arm64 | — |
Workaround
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:aff23731ba90a17219df3a56a571904ac9267c43f6def4d049236d152b704254_s390x | — |
Workaround
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:bec80cde1b5262108ffa3c684a81d090de850114a68d049c651a6d05542b7468_ppc64le | — |
Workaround
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:fc0dee9a5f93e89a7225149766f1976cb67be1459456c9367dba48c3df3dad36_amd64 | — |
Workaround
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/loki-operator-bundle@sha256:da1df9b6504750ba6c7b2187c3f4cfe9e8da8bdd32daa3fd1f7b84cc285c6394_amd64 | — |
Workaround
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:454bdee681a24666732fc98764d799f54446031730e408648397713f58d73c7a_ppc64le | — |
Workaround
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:80679c65e340cced2aca6458ecfbe04f85171e0c066a39e93d44e38e444daeb1_amd64 | — |
Workaround
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:83f22ad20ad1e6c123a4f26de43095274fa4fd55d396b3bb5f74f8e2b73b01ee_arm64 | — |
Workaround
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:892c5dcdf43882b275d59c7997cddff4a319394327ea7b5d16a074c70d7fe059_s390x | — |
Workaround
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:35b016e136391b2377744cfaffdf5ea5a0bfb5cd83a24003d1f4468859520693_amd64 | — |
Workaround
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:5eea261a9be54be482073d8f58ac09e599d7bb0a01255e0966a1a34b9b306788_arm64 | — |
Workaround
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:a7c2417f3fd6e2e421a9551b061d90badbe0b7971282ab002d71cccd8c3bc739_s390x | — |
Workaround
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:e0ae5996726af5675dc84217f220fd12c5c7a3af069ae0a5e0c985aa1efc40b9_ppc64le | — |
Workaround
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:0301de23e37b680cfb4f7c7b737303f1564b5a947282590ad32c521834b0453f_arm64 | — |
Workaround
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:04b6062eedba3c57e099187cb627186f34f48a09df81576bbea7ac2a3e57936e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:7d3c287d9ac66d905624f5aefc5fe9eeadbff7868c1c31832aff74a8a0673216_s390x | — |
Workaround
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:b33fa7578442868a978b18d9219b9deef2d30978b3788051dc7c86989f260a85_amd64 | — |
Workaround
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/vector-rhel9@sha256:0f703f41cee495656dcadaa90199357d748c39d56fd3d6399593337f4912dbe6_amd64 | — |
Workaround
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/vector-rhel9@sha256:4898ca8913283a0f681bbadb88b6e568c2e94a11b2087301b4ad9075f6a1ac59_s390x | — |
Workaround
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/vector-rhel9@sha256:662a7b86e69fd80fb0af5acb48ced5d889a8892548a995c7c2d6dfbf70495589_arm64 | — |
Workaround
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/vector-rhel9@sha256:cc059bf2fb6382711eb55bae8cd61e5b69304f97758ce073bc0de915a531f6cd_ppc64le | — |
Workaround
|
Threats
Impact
Important
A certificate validation flaw has been discovered in the golang crypto/x509 module. When verifying a certificate chain which contains a certificate containing multiple email address constraints which share common local portions but different domain portions, these constraints will not be properly applied, and only the last constraint will be considered.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:328340d4d482b06ab444f435aeb9c2a43ac7177ecd1ab8eec297c56aa6467203_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:450a1302db3b38b2f63645dccd1d992a4b61e42fb375f49cd62d2af292fb54ac_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:ca54850f60fc615b3ff7f04399173853722a42845e9a7ebae5c50e9659eab90e_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:fe6e806f9e3dcfdf75897f769bd0ddca5d6f2333bf8d7109a8883c55f1473273_ppc64le | — |
Vendor Fix
fix
Workaround
|
Known not affected
30 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/cluster-logging-operator-bundle@sha256:17353255c31e79c2ec45de5367019e0fb30570a1cc3cff6be170199eeb18e4dc_amd64 | — |
Workaround
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:7fd22572f12bbc2029f24eb623eb814747500b436c1c9d303fe7c6e875006000_amd64 | — |
Workaround
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:8f625e3b3961e05ded9032076f88bfa4bdbb6dc5d64bb4a9a03284cc64ade3da_s390x | — |
Workaround
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:9a0ebc5fb636a3eb613eba828db0a52f95582533a15c121b01346fb55d335b49_ppc64le | — |
Workaround
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:cf63b1d43e799bf2fccf11c2f5ff1e8dabd407a4ed3174ebceb91a7b15ea33d8_arm64 | — |
Workaround
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:54e5b1a076008e32574ddff8fc3a3ea9aa8cfb3c2ba2d2736c39906f15b1350d_s390x | — |
Workaround
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:760d23df05d5ed4a370401c5bc0485ba9479312ef6628445995bfa4710b0b18b_amd64 | — |
Workaround
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:932962c0efa367e1b09b66deda20d58093321e376efb4fc8a99cae97854cf71b_ppc64le | — |
Workaround
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:b45be7ff7e4e9dd659de7573c01d22db97341e7b12a2306e35b0ed0db5c1b966_arm64 | — |
Workaround
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:303dbc8494a46ed4eb24a4e6ee503a5f3e791bbcd45af2576e111855514c17a9_arm64 | — |
Workaround
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:aff23731ba90a17219df3a56a571904ac9267c43f6def4d049236d152b704254_s390x | — |
Workaround
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:bec80cde1b5262108ffa3c684a81d090de850114a68d049c651a6d05542b7468_ppc64le | — |
Workaround
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:fc0dee9a5f93e89a7225149766f1976cb67be1459456c9367dba48c3df3dad36_amd64 | — |
Workaround
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/loki-operator-bundle@sha256:da1df9b6504750ba6c7b2187c3f4cfe9e8da8bdd32daa3fd1f7b84cc285c6394_amd64 | — |
Workaround
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:454bdee681a24666732fc98764d799f54446031730e408648397713f58d73c7a_ppc64le | — |
Workaround
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:80679c65e340cced2aca6458ecfbe04f85171e0c066a39e93d44e38e444daeb1_amd64 | — |
Workaround
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:83f22ad20ad1e6c123a4f26de43095274fa4fd55d396b3bb5f74f8e2b73b01ee_arm64 | — |
Workaround
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:892c5dcdf43882b275d59c7997cddff4a319394327ea7b5d16a074c70d7fe059_s390x | — |
Workaround
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:35b016e136391b2377744cfaffdf5ea5a0bfb5cd83a24003d1f4468859520693_amd64 | — |
Workaround
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:5eea261a9be54be482073d8f58ac09e599d7bb0a01255e0966a1a34b9b306788_arm64 | — |
Workaround
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:a7c2417f3fd6e2e421a9551b061d90badbe0b7971282ab002d71cccd8c3bc739_s390x | — |
Workaround
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:e0ae5996726af5675dc84217f220fd12c5c7a3af069ae0a5e0c985aa1efc40b9_ppc64le | — |
Workaround
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:0301de23e37b680cfb4f7c7b737303f1564b5a947282590ad32c521834b0453f_arm64 | — |
Workaround
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:04b6062eedba3c57e099187cb627186f34f48a09df81576bbea7ac2a3e57936e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:7d3c287d9ac66d905624f5aefc5fe9eeadbff7868c1c31832aff74a8a0673216_s390x | — |
Workaround
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:b33fa7578442868a978b18d9219b9deef2d30978b3788051dc7c86989f260a85_amd64 | — |
Workaround
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/vector-rhel9@sha256:0f703f41cee495656dcadaa90199357d748c39d56fd3d6399593337f4912dbe6_amd64 | — |
Workaround
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/vector-rhel9@sha256:4898ca8913283a0f681bbadb88b6e568c2e94a11b2087301b4ad9075f6a1ac59_s390x | — |
Workaround
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/vector-rhel9@sha256:662a7b86e69fd80fb0af5acb48ced5d889a8892548a995c7c2d6dfbf70495589_arm64 | — |
Workaround
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/vector-rhel9@sha256:cc059bf2fb6382711eb55bae8cd61e5b69304f97758ce073bc0de915a531f6cd_ppc64le | — |
Workaround
|
Threats
Impact
Important
lz4_flex is a pure Rust implementation of LZ4 compression/decompression. In versions 0.11.5 and below, and 0.12.0, decompressing invalid LZ4 data can leak sensitive information from uninitialized memory or from previous decompression operations. The library fails to properly validate offset values during LZ4 "match copy operations," allowing out-of-bounds reads from the output buffer. The block-based API functions (`decompress_into`, `decompress_into_with_dict`, and others when `safe-decode` is disabled) are affected, while all frame APIs are unaffected. The impact is potential exposure of sensitive data and secrets through crafted or malformed LZ4 input. This issue has been fixed in versions 0.11.6 and 0.12.1.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/vector-rhel9@sha256:0f703f41cee495656dcadaa90199357d748c39d56fd3d6399593337f4912dbe6_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/vector-rhel9@sha256:4898ca8913283a0f681bbadb88b6e568c2e94a11b2087301b4ad9075f6a1ac59_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/vector-rhel9@sha256:662a7b86e69fd80fb0af5acb48ced5d889a8892548a995c7c2d6dfbf70495589_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/vector-rhel9@sha256:cc059bf2fb6382711eb55bae8cd61e5b69304f97758ce073bc0de915a531f6cd_ppc64le | — |
Vendor Fix
fix
|
Known not affected
30 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/cluster-logging-operator-bundle@sha256:17353255c31e79c2ec45de5367019e0fb30570a1cc3cff6be170199eeb18e4dc_amd64 | — | ||
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:7fd22572f12bbc2029f24eb623eb814747500b436c1c9d303fe7c6e875006000_amd64 | — | ||
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:8f625e3b3961e05ded9032076f88bfa4bdbb6dc5d64bb4a9a03284cc64ade3da_s390x | — | ||
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:9a0ebc5fb636a3eb613eba828db0a52f95582533a15c121b01346fb55d335b49_ppc64le | — | ||
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:cf63b1d43e799bf2fccf11c2f5ff1e8dabd407a4ed3174ebceb91a7b15ea33d8_arm64 | — | ||
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:328340d4d482b06ab444f435aeb9c2a43ac7177ecd1ab8eec297c56aa6467203_arm64 | — | ||
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:450a1302db3b38b2f63645dccd1d992a4b61e42fb375f49cd62d2af292fb54ac_s390x | — | ||
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:ca54850f60fc615b3ff7f04399173853722a42845e9a7ebae5c50e9659eab90e_amd64 | — | ||
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:fe6e806f9e3dcfdf75897f769bd0ddca5d6f2333bf8d7109a8883c55f1473273_ppc64le | — | ||
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:54e5b1a076008e32574ddff8fc3a3ea9aa8cfb3c2ba2d2736c39906f15b1350d_s390x | — | ||
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:760d23df05d5ed4a370401c5bc0485ba9479312ef6628445995bfa4710b0b18b_amd64 | — | ||
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:932962c0efa367e1b09b66deda20d58093321e376efb4fc8a99cae97854cf71b_ppc64le | — | ||
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:b45be7ff7e4e9dd659de7573c01d22db97341e7b12a2306e35b0ed0db5c1b966_arm64 | — | ||
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:303dbc8494a46ed4eb24a4e6ee503a5f3e791bbcd45af2576e111855514c17a9_arm64 | — | ||
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:aff23731ba90a17219df3a56a571904ac9267c43f6def4d049236d152b704254_s390x | — | ||
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:bec80cde1b5262108ffa3c684a81d090de850114a68d049c651a6d05542b7468_ppc64le | — | ||
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:fc0dee9a5f93e89a7225149766f1976cb67be1459456c9367dba48c3df3dad36_amd64 | — | ||
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/loki-operator-bundle@sha256:da1df9b6504750ba6c7b2187c3f4cfe9e8da8bdd32daa3fd1f7b84cc285c6394_amd64 | — | ||
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:454bdee681a24666732fc98764d799f54446031730e408648397713f58d73c7a_ppc64le | — | ||
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:80679c65e340cced2aca6458ecfbe04f85171e0c066a39e93d44e38e444daeb1_amd64 | — | ||
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:83f22ad20ad1e6c123a4f26de43095274fa4fd55d396b3bb5f74f8e2b73b01ee_arm64 | — | ||
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:892c5dcdf43882b275d59c7997cddff4a319394327ea7b5d16a074c70d7fe059_s390x | — | ||
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:35b016e136391b2377744cfaffdf5ea5a0bfb5cd83a24003d1f4468859520693_amd64 | — | ||
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:5eea261a9be54be482073d8f58ac09e599d7bb0a01255e0966a1a34b9b306788_arm64 | — | ||
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:a7c2417f3fd6e2e421a9551b061d90badbe0b7971282ab002d71cccd8c3bc739_s390x | — | ||
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:e0ae5996726af5675dc84217f220fd12c5c7a3af069ae0a5e0c985aa1efc40b9_ppc64le | — | ||
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:0301de23e37b680cfb4f7c7b737303f1564b5a947282590ad32c521834b0453f_arm64 | — | ||
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:04b6062eedba3c57e099187cb627186f34f48a09df81576bbea7ac2a3e57936e_ppc64le | — | ||
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:7d3c287d9ac66d905624f5aefc5fe9eeadbff7868c1c31832aff74a8a0673216_s390x | — | ||
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:b33fa7578442868a978b18d9219b9deef2d30978b3788051dc7c86989f260a85_amd64 | — |
Threats
Impact
Important
References
28 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Logging for Red Hat OpenShift - 6.2.10",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat OpenShift Logging 6.2.10 is a cluster-wide logging solution for OpenShift that collects and manages applications, infrastructure, and audit logs.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:11800",
"url": "https://access.redhat.com/errata/RHSA-2026:11800"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-25679",
"url": "https://access.redhat.com/security/cve/CVE-2026-25679"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-27137",
"url": "https://access.redhat.com/security/cve/CVE-2026-27137"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-32829",
"url": "https://access.redhat.com/security/cve/CVE-2026-32829"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_11800.json"
}
],
"title": "Red Hat Security Advisory: Logging for Red Hat OpenShift - 6.2.10",
"tracking": {
"current_release_date": "2026-06-27T08:41:14+00:00",
"generator": {
"date": "2026-06-27T08:41:14+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.2.6"
}
},
"id": "RHSA-2026:11800",
"initial_release_date": "2026-04-29T15:26:45+00:00",
"revision_history": [
{
"date": "2026-04-29T15:26:45+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-04-29T15:26:49+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-27T08:41:14+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Logging Subsystem for Red Hat OpenShift 6.2",
"product": {
"name": "Logging Subsystem for Red Hat OpenShift 6.2",
"product_id": "Logging Subsystem for Red Hat OpenShift 6.2",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:logging:6.2::el9"
}
}
}
],
"category": "product_family",
"name": "Logging Subsystem for Red Hat OpenShift"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:7fd22572f12bbc2029f24eb623eb814747500b436c1c9d303fe7c6e875006000_amd64",
"product": {
"name": "registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:7fd22572f12bbc2029f24eb623eb814747500b436c1c9d303fe7c6e875006000_amd64",
"product_id": "registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:7fd22572f12bbc2029f24eb623eb814747500b436c1c9d303fe7c6e875006000_amd64",
"product_identification_helper": {
"purl": "pkg:oci/cluster-logging-rhel9-operator@sha256%3A7fd22572f12bbc2029f24eb623eb814747500b436c1c9d303fe7c6e875006000?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging\u0026tag=1776894039"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-logging/cluster-logging-operator-bundle@sha256:17353255c31e79c2ec45de5367019e0fb30570a1cc3cff6be170199eeb18e4dc_amd64",
"product": {
"name": "registry.redhat.io/openshift-logging/cluster-logging-operator-bundle@sha256:17353255c31e79c2ec45de5367019e0fb30570a1cc3cff6be170199eeb18e4dc_amd64",
"product_id": "registry.redhat.io/openshift-logging/cluster-logging-operator-bundle@sha256:17353255c31e79c2ec45de5367019e0fb30570a1cc3cff6be170199eeb18e4dc_amd64",
"product_identification_helper": {
"purl": "pkg:oci/cluster-logging-operator-bundle@sha256%3A17353255c31e79c2ec45de5367019e0fb30570a1cc3cff6be170199eeb18e4dc?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging\u0026tag=1776897517"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:ca54850f60fc615b3ff7f04399173853722a42845e9a7ebae5c50e9659eab90e_amd64",
"product": {
"name": "registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:ca54850f60fc615b3ff7f04399173853722a42845e9a7ebae5c50e9659eab90e_amd64",
"product_id": "registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:ca54850f60fc615b3ff7f04399173853722a42845e9a7ebae5c50e9659eab90e_amd64",
"product_identification_helper": {
"purl": "pkg:oci/eventrouter-rhel9@sha256%3Aca54850f60fc615b3ff7f04399173853722a42845e9a7ebae5c50e9659eab90e?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging\u0026tag=1776800087"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:760d23df05d5ed4a370401c5bc0485ba9479312ef6628445995bfa4710b0b18b_amd64",
"product": {
"name": "registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:760d23df05d5ed4a370401c5bc0485ba9479312ef6628445995bfa4710b0b18b_amd64",
"product_id": "registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:760d23df05d5ed4a370401c5bc0485ba9479312ef6628445995bfa4710b0b18b_amd64",
"product_identification_helper": {
"purl": "pkg:oci/log-file-metric-exporter-rhel9@sha256%3A760d23df05d5ed4a370401c5bc0485ba9479312ef6628445995bfa4710b0b18b?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging\u0026tag=1776800079"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:fc0dee9a5f93e89a7225149766f1976cb67be1459456c9367dba48c3df3dad36_amd64",
"product": {
"name": "registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:fc0dee9a5f93e89a7225149766f1976cb67be1459456c9367dba48c3df3dad36_amd64",
"product_id": "registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:fc0dee9a5f93e89a7225149766f1976cb67be1459456c9367dba48c3df3dad36_amd64",
"product_identification_helper": {
"purl": "pkg:oci/logging-loki-rhel9@sha256%3Afc0dee9a5f93e89a7225149766f1976cb67be1459456c9367dba48c3df3dad36?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging\u0026tag=1776800323"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:80679c65e340cced2aca6458ecfbe04f85171e0c066a39e93d44e38e444daeb1_amd64",
"product": {
"name": "registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:80679c65e340cced2aca6458ecfbe04f85171e0c066a39e93d44e38e444daeb1_amd64",
"product_id": "registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:80679c65e340cced2aca6458ecfbe04f85171e0c066a39e93d44e38e444daeb1_amd64",
"product_identification_helper": {
"purl": "pkg:oci/loki-rhel9-operator@sha256%3A80679c65e340cced2aca6458ecfbe04f85171e0c066a39e93d44e38e444daeb1?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging\u0026tag=1777046400"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-logging/loki-operator-bundle@sha256:da1df9b6504750ba6c7b2187c3f4cfe9e8da8bdd32daa3fd1f7b84cc285c6394_amd64",
"product": {
"name": "registry.redhat.io/openshift-logging/loki-operator-bundle@sha256:da1df9b6504750ba6c7b2187c3f4cfe9e8da8bdd32daa3fd1f7b84cc285c6394_amd64",
"product_id": "registry.redhat.io/openshift-logging/loki-operator-bundle@sha256:da1df9b6504750ba6c7b2187c3f4cfe9e8da8bdd32daa3fd1f7b84cc285c6394_amd64",
"product_identification_helper": {
"purl": "pkg:oci/loki-operator-bundle@sha256%3Ada1df9b6504750ba6c7b2187c3f4cfe9e8da8bdd32daa3fd1f7b84cc285c6394?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging\u0026tag=1777047122"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:35b016e136391b2377744cfaffdf5ea5a0bfb5cd83a24003d1f4468859520693_amd64",
"product": {
"name": "registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:35b016e136391b2377744cfaffdf5ea5a0bfb5cd83a24003d1f4468859520693_amd64",
"product_id": "registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:35b016e136391b2377744cfaffdf5ea5a0bfb5cd83a24003d1f4468859520693_amd64",
"product_identification_helper": {
"purl": "pkg:oci/lokistack-gateway-rhel9@sha256%3A35b016e136391b2377744cfaffdf5ea5a0bfb5cd83a24003d1f4468859520693?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging\u0026tag=1776800125"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:b33fa7578442868a978b18d9219b9deef2d30978b3788051dc7c86989f260a85_amd64",
"product": {
"name": "registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:b33fa7578442868a978b18d9219b9deef2d30978b3788051dc7c86989f260a85_amd64",
"product_id": "registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:b33fa7578442868a978b18d9219b9deef2d30978b3788051dc7c86989f260a85_amd64",
"product_identification_helper": {
"purl": "pkg:oci/opa-openshift-rhel9@sha256%3Ab33fa7578442868a978b18d9219b9deef2d30978b3788051dc7c86989f260a85?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging\u0026tag=1776800128"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-logging/vector-rhel9@sha256:0f703f41cee495656dcadaa90199357d748c39d56fd3d6399593337f4912dbe6_amd64",
"product": {
"name": "registry.redhat.io/openshift-logging/vector-rhel9@sha256:0f703f41cee495656dcadaa90199357d748c39d56fd3d6399593337f4912dbe6_amd64",
"product_id": "registry.redhat.io/openshift-logging/vector-rhel9@sha256:0f703f41cee495656dcadaa90199357d748c39d56fd3d6399593337f4912dbe6_amd64",
"product_identification_helper": {
"purl": "pkg:oci/vector-rhel9@sha256%3A0f703f41cee495656dcadaa90199357d748c39d56fd3d6399593337f4912dbe6?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging\u0026tag=1776894389"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:cf63b1d43e799bf2fccf11c2f5ff1e8dabd407a4ed3174ebceb91a7b15ea33d8_arm64",
"product": {
"name": "registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:cf63b1d43e799bf2fccf11c2f5ff1e8dabd407a4ed3174ebceb91a7b15ea33d8_arm64",
"product_id": "registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:cf63b1d43e799bf2fccf11c2f5ff1e8dabd407a4ed3174ebceb91a7b15ea33d8_arm64",
"product_identification_helper": {
"purl": "pkg:oci/cluster-logging-rhel9-operator@sha256%3Acf63b1d43e799bf2fccf11c2f5ff1e8dabd407a4ed3174ebceb91a7b15ea33d8?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging\u0026tag=1776894039"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:328340d4d482b06ab444f435aeb9c2a43ac7177ecd1ab8eec297c56aa6467203_arm64",
"product": {
"name": "registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:328340d4d482b06ab444f435aeb9c2a43ac7177ecd1ab8eec297c56aa6467203_arm64",
"product_id": "registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:328340d4d482b06ab444f435aeb9c2a43ac7177ecd1ab8eec297c56aa6467203_arm64",
"product_identification_helper": {
"purl": "pkg:oci/eventrouter-rhel9@sha256%3A328340d4d482b06ab444f435aeb9c2a43ac7177ecd1ab8eec297c56aa6467203?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging\u0026tag=1776800087"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:b45be7ff7e4e9dd659de7573c01d22db97341e7b12a2306e35b0ed0db5c1b966_arm64",
"product": {
"name": "registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:b45be7ff7e4e9dd659de7573c01d22db97341e7b12a2306e35b0ed0db5c1b966_arm64",
"product_id": "registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:b45be7ff7e4e9dd659de7573c01d22db97341e7b12a2306e35b0ed0db5c1b966_arm64",
"product_identification_helper": {
"purl": "pkg:oci/log-file-metric-exporter-rhel9@sha256%3Ab45be7ff7e4e9dd659de7573c01d22db97341e7b12a2306e35b0ed0db5c1b966?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging\u0026tag=1776800079"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:303dbc8494a46ed4eb24a4e6ee503a5f3e791bbcd45af2576e111855514c17a9_arm64",
"product": {
"name": "registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:303dbc8494a46ed4eb24a4e6ee503a5f3e791bbcd45af2576e111855514c17a9_arm64",
"product_id": "registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:303dbc8494a46ed4eb24a4e6ee503a5f3e791bbcd45af2576e111855514c17a9_arm64",
"product_identification_helper": {
"purl": "pkg:oci/logging-loki-rhel9@sha256%3A303dbc8494a46ed4eb24a4e6ee503a5f3e791bbcd45af2576e111855514c17a9?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging\u0026tag=1776800323"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:83f22ad20ad1e6c123a4f26de43095274fa4fd55d396b3bb5f74f8e2b73b01ee_arm64",
"product": {
"name": "registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:83f22ad20ad1e6c123a4f26de43095274fa4fd55d396b3bb5f74f8e2b73b01ee_arm64",
"product_id": "registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:83f22ad20ad1e6c123a4f26de43095274fa4fd55d396b3bb5f74f8e2b73b01ee_arm64",
"product_identification_helper": {
"purl": "pkg:oci/loki-rhel9-operator@sha256%3A83f22ad20ad1e6c123a4f26de43095274fa4fd55d396b3bb5f74f8e2b73b01ee?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging\u0026tag=1777046400"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:5eea261a9be54be482073d8f58ac09e599d7bb0a01255e0966a1a34b9b306788_arm64",
"product": {
"name": "registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:5eea261a9be54be482073d8f58ac09e599d7bb0a01255e0966a1a34b9b306788_arm64",
"product_id": "registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:5eea261a9be54be482073d8f58ac09e599d7bb0a01255e0966a1a34b9b306788_arm64",
"product_identification_helper": {
"purl": "pkg:oci/lokistack-gateway-rhel9@sha256%3A5eea261a9be54be482073d8f58ac09e599d7bb0a01255e0966a1a34b9b306788?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging\u0026tag=1776800125"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:0301de23e37b680cfb4f7c7b737303f1564b5a947282590ad32c521834b0453f_arm64",
"product": {
"name": "registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:0301de23e37b680cfb4f7c7b737303f1564b5a947282590ad32c521834b0453f_arm64",
"product_id": "registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:0301de23e37b680cfb4f7c7b737303f1564b5a947282590ad32c521834b0453f_arm64",
"product_identification_helper": {
"purl": "pkg:oci/opa-openshift-rhel9@sha256%3A0301de23e37b680cfb4f7c7b737303f1564b5a947282590ad32c521834b0453f?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging\u0026tag=1776800128"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-logging/vector-rhel9@sha256:662a7b86e69fd80fb0af5acb48ced5d889a8892548a995c7c2d6dfbf70495589_arm64",
"product": {
"name": "registry.redhat.io/openshift-logging/vector-rhel9@sha256:662a7b86e69fd80fb0af5acb48ced5d889a8892548a995c7c2d6dfbf70495589_arm64",
"product_id": "registry.redhat.io/openshift-logging/vector-rhel9@sha256:662a7b86e69fd80fb0af5acb48ced5d889a8892548a995c7c2d6dfbf70495589_arm64",
"product_identification_helper": {
"purl": "pkg:oci/vector-rhel9@sha256%3A662a7b86e69fd80fb0af5acb48ced5d889a8892548a995c7c2d6dfbf70495589?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging\u0026tag=1776894389"
}
}
}
],
"category": "architecture",
"name": "arm64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:8f625e3b3961e05ded9032076f88bfa4bdbb6dc5d64bb4a9a03284cc64ade3da_s390x",
"product": {
"name": "registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:8f625e3b3961e05ded9032076f88bfa4bdbb6dc5d64bb4a9a03284cc64ade3da_s390x",
"product_id": "registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:8f625e3b3961e05ded9032076f88bfa4bdbb6dc5d64bb4a9a03284cc64ade3da_s390x",
"product_identification_helper": {
"purl": "pkg:oci/cluster-logging-rhel9-operator@sha256%3A8f625e3b3961e05ded9032076f88bfa4bdbb6dc5d64bb4a9a03284cc64ade3da?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging\u0026tag=1776894039"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:450a1302db3b38b2f63645dccd1d992a4b61e42fb375f49cd62d2af292fb54ac_s390x",
"product": {
"name": "registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:450a1302db3b38b2f63645dccd1d992a4b61e42fb375f49cd62d2af292fb54ac_s390x",
"product_id": "registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:450a1302db3b38b2f63645dccd1d992a4b61e42fb375f49cd62d2af292fb54ac_s390x",
"product_identification_helper": {
"purl": "pkg:oci/eventrouter-rhel9@sha256%3A450a1302db3b38b2f63645dccd1d992a4b61e42fb375f49cd62d2af292fb54ac?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging\u0026tag=1776800087"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:54e5b1a076008e32574ddff8fc3a3ea9aa8cfb3c2ba2d2736c39906f15b1350d_s390x",
"product": {
"name": "registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:54e5b1a076008e32574ddff8fc3a3ea9aa8cfb3c2ba2d2736c39906f15b1350d_s390x",
"product_id": "registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:54e5b1a076008e32574ddff8fc3a3ea9aa8cfb3c2ba2d2736c39906f15b1350d_s390x",
"product_identification_helper": {
"purl": "pkg:oci/log-file-metric-exporter-rhel9@sha256%3A54e5b1a076008e32574ddff8fc3a3ea9aa8cfb3c2ba2d2736c39906f15b1350d?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging\u0026tag=1776800079"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:aff23731ba90a17219df3a56a571904ac9267c43f6def4d049236d152b704254_s390x",
"product": {
"name": "registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:aff23731ba90a17219df3a56a571904ac9267c43f6def4d049236d152b704254_s390x",
"product_id": "registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:aff23731ba90a17219df3a56a571904ac9267c43f6def4d049236d152b704254_s390x",
"product_identification_helper": {
"purl": "pkg:oci/logging-loki-rhel9@sha256%3Aaff23731ba90a17219df3a56a571904ac9267c43f6def4d049236d152b704254?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging\u0026tag=1776800323"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:892c5dcdf43882b275d59c7997cddff4a319394327ea7b5d16a074c70d7fe059_s390x",
"product": {
"name": "registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:892c5dcdf43882b275d59c7997cddff4a319394327ea7b5d16a074c70d7fe059_s390x",
"product_id": "registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:892c5dcdf43882b275d59c7997cddff4a319394327ea7b5d16a074c70d7fe059_s390x",
"product_identification_helper": {
"purl": "pkg:oci/loki-rhel9-operator@sha256%3A892c5dcdf43882b275d59c7997cddff4a319394327ea7b5d16a074c70d7fe059?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging\u0026tag=1777046400"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:a7c2417f3fd6e2e421a9551b061d90badbe0b7971282ab002d71cccd8c3bc739_s390x",
"product": {
"name": "registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:a7c2417f3fd6e2e421a9551b061d90badbe0b7971282ab002d71cccd8c3bc739_s390x",
"product_id": "registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:a7c2417f3fd6e2e421a9551b061d90badbe0b7971282ab002d71cccd8c3bc739_s390x",
"product_identification_helper": {
"purl": "pkg:oci/lokistack-gateway-rhel9@sha256%3Aa7c2417f3fd6e2e421a9551b061d90badbe0b7971282ab002d71cccd8c3bc739?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging\u0026tag=1776800125"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:7d3c287d9ac66d905624f5aefc5fe9eeadbff7868c1c31832aff74a8a0673216_s390x",
"product": {
"name": "registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:7d3c287d9ac66d905624f5aefc5fe9eeadbff7868c1c31832aff74a8a0673216_s390x",
"product_id": "registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:7d3c287d9ac66d905624f5aefc5fe9eeadbff7868c1c31832aff74a8a0673216_s390x",
"product_identification_helper": {
"purl": "pkg:oci/opa-openshift-rhel9@sha256%3A7d3c287d9ac66d905624f5aefc5fe9eeadbff7868c1c31832aff74a8a0673216?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging\u0026tag=1776800128"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-logging/vector-rhel9@sha256:4898ca8913283a0f681bbadb88b6e568c2e94a11b2087301b4ad9075f6a1ac59_s390x",
"product": {
"name": "registry.redhat.io/openshift-logging/vector-rhel9@sha256:4898ca8913283a0f681bbadb88b6e568c2e94a11b2087301b4ad9075f6a1ac59_s390x",
"product_id": "registry.redhat.io/openshift-logging/vector-rhel9@sha256:4898ca8913283a0f681bbadb88b6e568c2e94a11b2087301b4ad9075f6a1ac59_s390x",
"product_identification_helper": {
"purl": "pkg:oci/vector-rhel9@sha256%3A4898ca8913283a0f681bbadb88b6e568c2e94a11b2087301b4ad9075f6a1ac59?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging\u0026tag=1776894389"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:9a0ebc5fb636a3eb613eba828db0a52f95582533a15c121b01346fb55d335b49_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:9a0ebc5fb636a3eb613eba828db0a52f95582533a15c121b01346fb55d335b49_ppc64le",
"product_id": "registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:9a0ebc5fb636a3eb613eba828db0a52f95582533a15c121b01346fb55d335b49_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/cluster-logging-rhel9-operator@sha256%3A9a0ebc5fb636a3eb613eba828db0a52f95582533a15c121b01346fb55d335b49?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging\u0026tag=1776894039"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:fe6e806f9e3dcfdf75897f769bd0ddca5d6f2333bf8d7109a8883c55f1473273_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:fe6e806f9e3dcfdf75897f769bd0ddca5d6f2333bf8d7109a8883c55f1473273_ppc64le",
"product_id": "registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:fe6e806f9e3dcfdf75897f769bd0ddca5d6f2333bf8d7109a8883c55f1473273_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/eventrouter-rhel9@sha256%3Afe6e806f9e3dcfdf75897f769bd0ddca5d6f2333bf8d7109a8883c55f1473273?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging\u0026tag=1776800087"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:932962c0efa367e1b09b66deda20d58093321e376efb4fc8a99cae97854cf71b_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:932962c0efa367e1b09b66deda20d58093321e376efb4fc8a99cae97854cf71b_ppc64le",
"product_id": "registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:932962c0efa367e1b09b66deda20d58093321e376efb4fc8a99cae97854cf71b_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/log-file-metric-exporter-rhel9@sha256%3A932962c0efa367e1b09b66deda20d58093321e376efb4fc8a99cae97854cf71b?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging\u0026tag=1776800079"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:bec80cde1b5262108ffa3c684a81d090de850114a68d049c651a6d05542b7468_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:bec80cde1b5262108ffa3c684a81d090de850114a68d049c651a6d05542b7468_ppc64le",
"product_id": "registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:bec80cde1b5262108ffa3c684a81d090de850114a68d049c651a6d05542b7468_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/logging-loki-rhel9@sha256%3Abec80cde1b5262108ffa3c684a81d090de850114a68d049c651a6d05542b7468?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging\u0026tag=1776800323"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:454bdee681a24666732fc98764d799f54446031730e408648397713f58d73c7a_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:454bdee681a24666732fc98764d799f54446031730e408648397713f58d73c7a_ppc64le",
"product_id": "registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:454bdee681a24666732fc98764d799f54446031730e408648397713f58d73c7a_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/loki-rhel9-operator@sha256%3A454bdee681a24666732fc98764d799f54446031730e408648397713f58d73c7a?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging\u0026tag=1777046400"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:e0ae5996726af5675dc84217f220fd12c5c7a3af069ae0a5e0c985aa1efc40b9_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:e0ae5996726af5675dc84217f220fd12c5c7a3af069ae0a5e0c985aa1efc40b9_ppc64le",
"product_id": "registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:e0ae5996726af5675dc84217f220fd12c5c7a3af069ae0a5e0c985aa1efc40b9_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/lokistack-gateway-rhel9@sha256%3Ae0ae5996726af5675dc84217f220fd12c5c7a3af069ae0a5e0c985aa1efc40b9?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging\u0026tag=1776800125"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:04b6062eedba3c57e099187cb627186f34f48a09df81576bbea7ac2a3e57936e_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:04b6062eedba3c57e099187cb627186f34f48a09df81576bbea7ac2a3e57936e_ppc64le",
"product_id": "registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:04b6062eedba3c57e099187cb627186f34f48a09df81576bbea7ac2a3e57936e_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/opa-openshift-rhel9@sha256%3A04b6062eedba3c57e099187cb627186f34f48a09df81576bbea7ac2a3e57936e?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging\u0026tag=1776800128"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-logging/vector-rhel9@sha256:cc059bf2fb6382711eb55bae8cd61e5b69304f97758ce073bc0de915a531f6cd_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-logging/vector-rhel9@sha256:cc059bf2fb6382711eb55bae8cd61e5b69304f97758ce073bc0de915a531f6cd_ppc64le",
"product_id": "registry.redhat.io/openshift-logging/vector-rhel9@sha256:cc059bf2fb6382711eb55bae8cd61e5b69304f97758ce073bc0de915a531f6cd_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/vector-rhel9@sha256%3Acc059bf2fb6382711eb55bae8cd61e5b69304f97758ce073bc0de915a531f6cd?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging\u0026tag=1776894389"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-logging/cluster-logging-operator-bundle@sha256:17353255c31e79c2ec45de5367019e0fb30570a1cc3cff6be170199eeb18e4dc_amd64 as a component of Logging Subsystem for Red Hat OpenShift 6.2",
"product_id": "Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/cluster-logging-operator-bundle@sha256:17353255c31e79c2ec45de5367019e0fb30570a1cc3cff6be170199eeb18e4dc_amd64"
},
"product_reference": "registry.redhat.io/openshift-logging/cluster-logging-operator-bundle@sha256:17353255c31e79c2ec45de5367019e0fb30570a1cc3cff6be170199eeb18e4dc_amd64",
"relates_to_product_reference": "Logging Subsystem for Red Hat OpenShift 6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:7fd22572f12bbc2029f24eb623eb814747500b436c1c9d303fe7c6e875006000_amd64 as a component of Logging Subsystem for Red Hat OpenShift 6.2",
"product_id": "Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:7fd22572f12bbc2029f24eb623eb814747500b436c1c9d303fe7c6e875006000_amd64"
},
"product_reference": "registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:7fd22572f12bbc2029f24eb623eb814747500b436c1c9d303fe7c6e875006000_amd64",
"relates_to_product_reference": "Logging Subsystem for Red Hat OpenShift 6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:8f625e3b3961e05ded9032076f88bfa4bdbb6dc5d64bb4a9a03284cc64ade3da_s390x as a component of Logging Subsystem for Red Hat OpenShift 6.2",
"product_id": "Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:8f625e3b3961e05ded9032076f88bfa4bdbb6dc5d64bb4a9a03284cc64ade3da_s390x"
},
"product_reference": "registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:8f625e3b3961e05ded9032076f88bfa4bdbb6dc5d64bb4a9a03284cc64ade3da_s390x",
"relates_to_product_reference": "Logging Subsystem for Red Hat OpenShift 6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:9a0ebc5fb636a3eb613eba828db0a52f95582533a15c121b01346fb55d335b49_ppc64le as a component of Logging Subsystem for Red Hat OpenShift 6.2",
"product_id": "Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:9a0ebc5fb636a3eb613eba828db0a52f95582533a15c121b01346fb55d335b49_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:9a0ebc5fb636a3eb613eba828db0a52f95582533a15c121b01346fb55d335b49_ppc64le",
"relates_to_product_reference": "Logging Subsystem for Red Hat OpenShift 6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:cf63b1d43e799bf2fccf11c2f5ff1e8dabd407a4ed3174ebceb91a7b15ea33d8_arm64 as a component of Logging Subsystem for Red Hat OpenShift 6.2",
"product_id": "Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:cf63b1d43e799bf2fccf11c2f5ff1e8dabd407a4ed3174ebceb91a7b15ea33d8_arm64"
},
"product_reference": "registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:cf63b1d43e799bf2fccf11c2f5ff1e8dabd407a4ed3174ebceb91a7b15ea33d8_arm64",
"relates_to_product_reference": "Logging Subsystem for Red Hat OpenShift 6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:328340d4d482b06ab444f435aeb9c2a43ac7177ecd1ab8eec297c56aa6467203_arm64 as a component of Logging Subsystem for Red Hat OpenShift 6.2",
"product_id": "Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:328340d4d482b06ab444f435aeb9c2a43ac7177ecd1ab8eec297c56aa6467203_arm64"
},
"product_reference": "registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:328340d4d482b06ab444f435aeb9c2a43ac7177ecd1ab8eec297c56aa6467203_arm64",
"relates_to_product_reference": "Logging Subsystem for Red Hat OpenShift 6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:450a1302db3b38b2f63645dccd1d992a4b61e42fb375f49cd62d2af292fb54ac_s390x as a component of Logging Subsystem for Red Hat OpenShift 6.2",
"product_id": "Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:450a1302db3b38b2f63645dccd1d992a4b61e42fb375f49cd62d2af292fb54ac_s390x"
},
"product_reference": "registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:450a1302db3b38b2f63645dccd1d992a4b61e42fb375f49cd62d2af292fb54ac_s390x",
"relates_to_product_reference": "Logging Subsystem for Red Hat OpenShift 6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:ca54850f60fc615b3ff7f04399173853722a42845e9a7ebae5c50e9659eab90e_amd64 as a component of Logging Subsystem for Red Hat OpenShift 6.2",
"product_id": "Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:ca54850f60fc615b3ff7f04399173853722a42845e9a7ebae5c50e9659eab90e_amd64"
},
"product_reference": "registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:ca54850f60fc615b3ff7f04399173853722a42845e9a7ebae5c50e9659eab90e_amd64",
"relates_to_product_reference": "Logging Subsystem for Red Hat OpenShift 6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:fe6e806f9e3dcfdf75897f769bd0ddca5d6f2333bf8d7109a8883c55f1473273_ppc64le as a component of Logging Subsystem for Red Hat OpenShift 6.2",
"product_id": "Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:fe6e806f9e3dcfdf75897f769bd0ddca5d6f2333bf8d7109a8883c55f1473273_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:fe6e806f9e3dcfdf75897f769bd0ddca5d6f2333bf8d7109a8883c55f1473273_ppc64le",
"relates_to_product_reference": "Logging Subsystem for Red Hat OpenShift 6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:54e5b1a076008e32574ddff8fc3a3ea9aa8cfb3c2ba2d2736c39906f15b1350d_s390x as a component of Logging Subsystem for Red Hat OpenShift 6.2",
"product_id": "Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:54e5b1a076008e32574ddff8fc3a3ea9aa8cfb3c2ba2d2736c39906f15b1350d_s390x"
},
"product_reference": "registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:54e5b1a076008e32574ddff8fc3a3ea9aa8cfb3c2ba2d2736c39906f15b1350d_s390x",
"relates_to_product_reference": "Logging Subsystem for Red Hat OpenShift 6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:760d23df05d5ed4a370401c5bc0485ba9479312ef6628445995bfa4710b0b18b_amd64 as a component of Logging Subsystem for Red Hat OpenShift 6.2",
"product_id": "Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:760d23df05d5ed4a370401c5bc0485ba9479312ef6628445995bfa4710b0b18b_amd64"
},
"product_reference": "registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:760d23df05d5ed4a370401c5bc0485ba9479312ef6628445995bfa4710b0b18b_amd64",
"relates_to_product_reference": "Logging Subsystem for Red Hat OpenShift 6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:932962c0efa367e1b09b66deda20d58093321e376efb4fc8a99cae97854cf71b_ppc64le as a component of Logging Subsystem for Red Hat OpenShift 6.2",
"product_id": "Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:932962c0efa367e1b09b66deda20d58093321e376efb4fc8a99cae97854cf71b_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:932962c0efa367e1b09b66deda20d58093321e376efb4fc8a99cae97854cf71b_ppc64le",
"relates_to_product_reference": "Logging Subsystem for Red Hat OpenShift 6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:b45be7ff7e4e9dd659de7573c01d22db97341e7b12a2306e35b0ed0db5c1b966_arm64 as a component of Logging Subsystem for Red Hat OpenShift 6.2",
"product_id": "Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:b45be7ff7e4e9dd659de7573c01d22db97341e7b12a2306e35b0ed0db5c1b966_arm64"
},
"product_reference": "registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:b45be7ff7e4e9dd659de7573c01d22db97341e7b12a2306e35b0ed0db5c1b966_arm64",
"relates_to_product_reference": "Logging Subsystem for Red Hat OpenShift 6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:303dbc8494a46ed4eb24a4e6ee503a5f3e791bbcd45af2576e111855514c17a9_arm64 as a component of Logging Subsystem for Red Hat OpenShift 6.2",
"product_id": "Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:303dbc8494a46ed4eb24a4e6ee503a5f3e791bbcd45af2576e111855514c17a9_arm64"
},
"product_reference": "registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:303dbc8494a46ed4eb24a4e6ee503a5f3e791bbcd45af2576e111855514c17a9_arm64",
"relates_to_product_reference": "Logging Subsystem for Red Hat OpenShift 6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:aff23731ba90a17219df3a56a571904ac9267c43f6def4d049236d152b704254_s390x as a component of Logging Subsystem for Red Hat OpenShift 6.2",
"product_id": "Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:aff23731ba90a17219df3a56a571904ac9267c43f6def4d049236d152b704254_s390x"
},
"product_reference": "registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:aff23731ba90a17219df3a56a571904ac9267c43f6def4d049236d152b704254_s390x",
"relates_to_product_reference": "Logging Subsystem for Red Hat OpenShift 6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:bec80cde1b5262108ffa3c684a81d090de850114a68d049c651a6d05542b7468_ppc64le as a component of Logging Subsystem for Red Hat OpenShift 6.2",
"product_id": "Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:bec80cde1b5262108ffa3c684a81d090de850114a68d049c651a6d05542b7468_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:bec80cde1b5262108ffa3c684a81d090de850114a68d049c651a6d05542b7468_ppc64le",
"relates_to_product_reference": "Logging Subsystem for Red Hat OpenShift 6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:fc0dee9a5f93e89a7225149766f1976cb67be1459456c9367dba48c3df3dad36_amd64 as a component of Logging Subsystem for Red Hat OpenShift 6.2",
"product_id": "Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:fc0dee9a5f93e89a7225149766f1976cb67be1459456c9367dba48c3df3dad36_amd64"
},
"product_reference": "registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:fc0dee9a5f93e89a7225149766f1976cb67be1459456c9367dba48c3df3dad36_amd64",
"relates_to_product_reference": "Logging Subsystem for Red Hat OpenShift 6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-logging/loki-operator-bundle@sha256:da1df9b6504750ba6c7b2187c3f4cfe9e8da8bdd32daa3fd1f7b84cc285c6394_amd64 as a component of Logging Subsystem for Red Hat OpenShift 6.2",
"product_id": "Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/loki-operator-bundle@sha256:da1df9b6504750ba6c7b2187c3f4cfe9e8da8bdd32daa3fd1f7b84cc285c6394_amd64"
},
"product_reference": "registry.redhat.io/openshift-logging/loki-operator-bundle@sha256:da1df9b6504750ba6c7b2187c3f4cfe9e8da8bdd32daa3fd1f7b84cc285c6394_amd64",
"relates_to_product_reference": "Logging Subsystem for Red Hat OpenShift 6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:454bdee681a24666732fc98764d799f54446031730e408648397713f58d73c7a_ppc64le as a component of Logging Subsystem for Red Hat OpenShift 6.2",
"product_id": "Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:454bdee681a24666732fc98764d799f54446031730e408648397713f58d73c7a_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:454bdee681a24666732fc98764d799f54446031730e408648397713f58d73c7a_ppc64le",
"relates_to_product_reference": "Logging Subsystem for Red Hat OpenShift 6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:80679c65e340cced2aca6458ecfbe04f85171e0c066a39e93d44e38e444daeb1_amd64 as a component of Logging Subsystem for Red Hat OpenShift 6.2",
"product_id": "Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:80679c65e340cced2aca6458ecfbe04f85171e0c066a39e93d44e38e444daeb1_amd64"
},
"product_reference": "registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:80679c65e340cced2aca6458ecfbe04f85171e0c066a39e93d44e38e444daeb1_amd64",
"relates_to_product_reference": "Logging Subsystem for Red Hat OpenShift 6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:83f22ad20ad1e6c123a4f26de43095274fa4fd55d396b3bb5f74f8e2b73b01ee_arm64 as a component of Logging Subsystem for Red Hat OpenShift 6.2",
"product_id": "Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:83f22ad20ad1e6c123a4f26de43095274fa4fd55d396b3bb5f74f8e2b73b01ee_arm64"
},
"product_reference": "registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:83f22ad20ad1e6c123a4f26de43095274fa4fd55d396b3bb5f74f8e2b73b01ee_arm64",
"relates_to_product_reference": "Logging Subsystem for Red Hat OpenShift 6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:892c5dcdf43882b275d59c7997cddff4a319394327ea7b5d16a074c70d7fe059_s390x as a component of Logging Subsystem for Red Hat OpenShift 6.2",
"product_id": "Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:892c5dcdf43882b275d59c7997cddff4a319394327ea7b5d16a074c70d7fe059_s390x"
},
"product_reference": "registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:892c5dcdf43882b275d59c7997cddff4a319394327ea7b5d16a074c70d7fe059_s390x",
"relates_to_product_reference": "Logging Subsystem for Red Hat OpenShift 6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:35b016e136391b2377744cfaffdf5ea5a0bfb5cd83a24003d1f4468859520693_amd64 as a component of Logging Subsystem for Red Hat OpenShift 6.2",
"product_id": "Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:35b016e136391b2377744cfaffdf5ea5a0bfb5cd83a24003d1f4468859520693_amd64"
},
"product_reference": "registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:35b016e136391b2377744cfaffdf5ea5a0bfb5cd83a24003d1f4468859520693_amd64",
"relates_to_product_reference": "Logging Subsystem for Red Hat OpenShift 6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:5eea261a9be54be482073d8f58ac09e599d7bb0a01255e0966a1a34b9b306788_arm64 as a component of Logging Subsystem for Red Hat OpenShift 6.2",
"product_id": "Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:5eea261a9be54be482073d8f58ac09e599d7bb0a01255e0966a1a34b9b306788_arm64"
},
"product_reference": "registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:5eea261a9be54be482073d8f58ac09e599d7bb0a01255e0966a1a34b9b306788_arm64",
"relates_to_product_reference": "Logging Subsystem for Red Hat OpenShift 6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:a7c2417f3fd6e2e421a9551b061d90badbe0b7971282ab002d71cccd8c3bc739_s390x as a component of Logging Subsystem for Red Hat OpenShift 6.2",
"product_id": "Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:a7c2417f3fd6e2e421a9551b061d90badbe0b7971282ab002d71cccd8c3bc739_s390x"
},
"product_reference": "registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:a7c2417f3fd6e2e421a9551b061d90badbe0b7971282ab002d71cccd8c3bc739_s390x",
"relates_to_product_reference": "Logging Subsystem for Red Hat OpenShift 6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:e0ae5996726af5675dc84217f220fd12c5c7a3af069ae0a5e0c985aa1efc40b9_ppc64le as a component of Logging Subsystem for Red Hat OpenShift 6.2",
"product_id": "Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:e0ae5996726af5675dc84217f220fd12c5c7a3af069ae0a5e0c985aa1efc40b9_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:e0ae5996726af5675dc84217f220fd12c5c7a3af069ae0a5e0c985aa1efc40b9_ppc64le",
"relates_to_product_reference": "Logging Subsystem for Red Hat OpenShift 6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:0301de23e37b680cfb4f7c7b737303f1564b5a947282590ad32c521834b0453f_arm64 as a component of Logging Subsystem for Red Hat OpenShift 6.2",
"product_id": "Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:0301de23e37b680cfb4f7c7b737303f1564b5a947282590ad32c521834b0453f_arm64"
},
"product_reference": "registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:0301de23e37b680cfb4f7c7b737303f1564b5a947282590ad32c521834b0453f_arm64",
"relates_to_product_reference": "Logging Subsystem for Red Hat OpenShift 6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:04b6062eedba3c57e099187cb627186f34f48a09df81576bbea7ac2a3e57936e_ppc64le as a component of Logging Subsystem for Red Hat OpenShift 6.2",
"product_id": "Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:04b6062eedba3c57e099187cb627186f34f48a09df81576bbea7ac2a3e57936e_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:04b6062eedba3c57e099187cb627186f34f48a09df81576bbea7ac2a3e57936e_ppc64le",
"relates_to_product_reference": "Logging Subsystem for Red Hat OpenShift 6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:7d3c287d9ac66d905624f5aefc5fe9eeadbff7868c1c31832aff74a8a0673216_s390x as a component of Logging Subsystem for Red Hat OpenShift 6.2",
"product_id": "Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:7d3c287d9ac66d905624f5aefc5fe9eeadbff7868c1c31832aff74a8a0673216_s390x"
},
"product_reference": "registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:7d3c287d9ac66d905624f5aefc5fe9eeadbff7868c1c31832aff74a8a0673216_s390x",
"relates_to_product_reference": "Logging Subsystem for Red Hat OpenShift 6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:b33fa7578442868a978b18d9219b9deef2d30978b3788051dc7c86989f260a85_amd64 as a component of Logging Subsystem for Red Hat OpenShift 6.2",
"product_id": "Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:b33fa7578442868a978b18d9219b9deef2d30978b3788051dc7c86989f260a85_amd64"
},
"product_reference": "registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:b33fa7578442868a978b18d9219b9deef2d30978b3788051dc7c86989f260a85_amd64",
"relates_to_product_reference": "Logging Subsystem for Red Hat OpenShift 6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-logging/vector-rhel9@sha256:0f703f41cee495656dcadaa90199357d748c39d56fd3d6399593337f4912dbe6_amd64 as a component of Logging Subsystem for Red Hat OpenShift 6.2",
"product_id": "Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/vector-rhel9@sha256:0f703f41cee495656dcadaa90199357d748c39d56fd3d6399593337f4912dbe6_amd64"
},
"product_reference": "registry.redhat.io/openshift-logging/vector-rhel9@sha256:0f703f41cee495656dcadaa90199357d748c39d56fd3d6399593337f4912dbe6_amd64",
"relates_to_product_reference": "Logging Subsystem for Red Hat OpenShift 6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-logging/vector-rhel9@sha256:4898ca8913283a0f681bbadb88b6e568c2e94a11b2087301b4ad9075f6a1ac59_s390x as a component of Logging Subsystem for Red Hat OpenShift 6.2",
"product_id": "Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/vector-rhel9@sha256:4898ca8913283a0f681bbadb88b6e568c2e94a11b2087301b4ad9075f6a1ac59_s390x"
},
"product_reference": "registry.redhat.io/openshift-logging/vector-rhel9@sha256:4898ca8913283a0f681bbadb88b6e568c2e94a11b2087301b4ad9075f6a1ac59_s390x",
"relates_to_product_reference": "Logging Subsystem for Red Hat OpenShift 6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-logging/vector-rhel9@sha256:662a7b86e69fd80fb0af5acb48ced5d889a8892548a995c7c2d6dfbf70495589_arm64 as a component of Logging Subsystem for Red Hat OpenShift 6.2",
"product_id": "Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/vector-rhel9@sha256:662a7b86e69fd80fb0af5acb48ced5d889a8892548a995c7c2d6dfbf70495589_arm64"
},
"product_reference": "registry.redhat.io/openshift-logging/vector-rhel9@sha256:662a7b86e69fd80fb0af5acb48ced5d889a8892548a995c7c2d6dfbf70495589_arm64",
"relates_to_product_reference": "Logging Subsystem for Red Hat OpenShift 6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-logging/vector-rhel9@sha256:cc059bf2fb6382711eb55bae8cd61e5b69304f97758ce073bc0de915a531f6cd_ppc64le as a component of Logging Subsystem for Red Hat OpenShift 6.2",
"product_id": "Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/vector-rhel9@sha256:cc059bf2fb6382711eb55bae8cd61e5b69304f97758ce073bc0de915a531f6cd_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-logging/vector-rhel9@sha256:cc059bf2fb6382711eb55bae8cd61e5b69304f97758ce073bc0de915a531f6cd_ppc64le",
"relates_to_product_reference": "Logging Subsystem for Red Hat OpenShift 6.2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-25679",
"cwe": {
"id": "CWE-1286",
"name": "Improper Validation of Syntactic Correctness of Input"
},
"discovery_date": "2026-03-06T22:02:11.567841+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/cluster-logging-operator-bundle@sha256:17353255c31e79c2ec45de5367019e0fb30570a1cc3cff6be170199eeb18e4dc_amd64",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:7fd22572f12bbc2029f24eb623eb814747500b436c1c9d303fe7c6e875006000_amd64",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:8f625e3b3961e05ded9032076f88bfa4bdbb6dc5d64bb4a9a03284cc64ade3da_s390x",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:9a0ebc5fb636a3eb613eba828db0a52f95582533a15c121b01346fb55d335b49_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:cf63b1d43e799bf2fccf11c2f5ff1e8dabd407a4ed3174ebceb91a7b15ea33d8_arm64",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:54e5b1a076008e32574ddff8fc3a3ea9aa8cfb3c2ba2d2736c39906f15b1350d_s390x",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:760d23df05d5ed4a370401c5bc0485ba9479312ef6628445995bfa4710b0b18b_amd64",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:932962c0efa367e1b09b66deda20d58093321e376efb4fc8a99cae97854cf71b_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:b45be7ff7e4e9dd659de7573c01d22db97341e7b12a2306e35b0ed0db5c1b966_arm64",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:303dbc8494a46ed4eb24a4e6ee503a5f3e791bbcd45af2576e111855514c17a9_arm64",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:aff23731ba90a17219df3a56a571904ac9267c43f6def4d049236d152b704254_s390x",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:bec80cde1b5262108ffa3c684a81d090de850114a68d049c651a6d05542b7468_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:fc0dee9a5f93e89a7225149766f1976cb67be1459456c9367dba48c3df3dad36_amd64",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/loki-operator-bundle@sha256:da1df9b6504750ba6c7b2187c3f4cfe9e8da8bdd32daa3fd1f7b84cc285c6394_amd64",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:454bdee681a24666732fc98764d799f54446031730e408648397713f58d73c7a_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:80679c65e340cced2aca6458ecfbe04f85171e0c066a39e93d44e38e444daeb1_amd64",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:83f22ad20ad1e6c123a4f26de43095274fa4fd55d396b3bb5f74f8e2b73b01ee_arm64",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:892c5dcdf43882b275d59c7997cddff4a319394327ea7b5d16a074c70d7fe059_s390x",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:35b016e136391b2377744cfaffdf5ea5a0bfb5cd83a24003d1f4468859520693_amd64",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:5eea261a9be54be482073d8f58ac09e599d7bb0a01255e0966a1a34b9b306788_arm64",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:a7c2417f3fd6e2e421a9551b061d90badbe0b7971282ab002d71cccd8c3bc739_s390x",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:e0ae5996726af5675dc84217f220fd12c5c7a3af069ae0a5e0c985aa1efc40b9_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:0301de23e37b680cfb4f7c7b737303f1564b5a947282590ad32c521834b0453f_arm64",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:04b6062eedba3c57e099187cb627186f34f48a09df81576bbea7ac2a3e57936e_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:7d3c287d9ac66d905624f5aefc5fe9eeadbff7868c1c31832aff74a8a0673216_s390x",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:b33fa7578442868a978b18d9219b9deef2d30978b3788051dc7c86989f260a85_amd64",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/vector-rhel9@sha256:0f703f41cee495656dcadaa90199357d748c39d56fd3d6399593337f4912dbe6_amd64",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/vector-rhel9@sha256:4898ca8913283a0f681bbadb88b6e568c2e94a11b2087301b4ad9075f6a1ac59_s390x",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/vector-rhel9@sha256:662a7b86e69fd80fb0af5acb48ced5d889a8892548a995c7c2d6dfbf70495589_arm64",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/vector-rhel9@sha256:cc059bf2fb6382711eb55bae8cd61e5b69304f97758ce073bc0de915a531f6cd_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2445356"
}
],
"notes": [
{
"category": "description",
"text": "The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "net/url: Incorrect parsing of IPv6 host literals in net/url",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:328340d4d482b06ab444f435aeb9c2a43ac7177ecd1ab8eec297c56aa6467203_arm64",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:450a1302db3b38b2f63645dccd1d992a4b61e42fb375f49cd62d2af292fb54ac_s390x",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:ca54850f60fc615b3ff7f04399173853722a42845e9a7ebae5c50e9659eab90e_amd64",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:fe6e806f9e3dcfdf75897f769bd0ddca5d6f2333bf8d7109a8883c55f1473273_ppc64le"
],
"known_not_affected": [
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/cluster-logging-operator-bundle@sha256:17353255c31e79c2ec45de5367019e0fb30570a1cc3cff6be170199eeb18e4dc_amd64",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:7fd22572f12bbc2029f24eb623eb814747500b436c1c9d303fe7c6e875006000_amd64",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:8f625e3b3961e05ded9032076f88bfa4bdbb6dc5d64bb4a9a03284cc64ade3da_s390x",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:9a0ebc5fb636a3eb613eba828db0a52f95582533a15c121b01346fb55d335b49_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:cf63b1d43e799bf2fccf11c2f5ff1e8dabd407a4ed3174ebceb91a7b15ea33d8_arm64",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:54e5b1a076008e32574ddff8fc3a3ea9aa8cfb3c2ba2d2736c39906f15b1350d_s390x",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:760d23df05d5ed4a370401c5bc0485ba9479312ef6628445995bfa4710b0b18b_amd64",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:932962c0efa367e1b09b66deda20d58093321e376efb4fc8a99cae97854cf71b_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:b45be7ff7e4e9dd659de7573c01d22db97341e7b12a2306e35b0ed0db5c1b966_arm64",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:303dbc8494a46ed4eb24a4e6ee503a5f3e791bbcd45af2576e111855514c17a9_arm64",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:aff23731ba90a17219df3a56a571904ac9267c43f6def4d049236d152b704254_s390x",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:bec80cde1b5262108ffa3c684a81d090de850114a68d049c651a6d05542b7468_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:fc0dee9a5f93e89a7225149766f1976cb67be1459456c9367dba48c3df3dad36_amd64",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/loki-operator-bundle@sha256:da1df9b6504750ba6c7b2187c3f4cfe9e8da8bdd32daa3fd1f7b84cc285c6394_amd64",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:454bdee681a24666732fc98764d799f54446031730e408648397713f58d73c7a_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:80679c65e340cced2aca6458ecfbe04f85171e0c066a39e93d44e38e444daeb1_amd64",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:83f22ad20ad1e6c123a4f26de43095274fa4fd55d396b3bb5f74f8e2b73b01ee_arm64",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:892c5dcdf43882b275d59c7997cddff4a319394327ea7b5d16a074c70d7fe059_s390x",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:35b016e136391b2377744cfaffdf5ea5a0bfb5cd83a24003d1f4468859520693_amd64",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:5eea261a9be54be482073d8f58ac09e599d7bb0a01255e0966a1a34b9b306788_arm64",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:a7c2417f3fd6e2e421a9551b061d90badbe0b7971282ab002d71cccd8c3bc739_s390x",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:e0ae5996726af5675dc84217f220fd12c5c7a3af069ae0a5e0c985aa1efc40b9_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:0301de23e37b680cfb4f7c7b737303f1564b5a947282590ad32c521834b0453f_arm64",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:04b6062eedba3c57e099187cb627186f34f48a09df81576bbea7ac2a3e57936e_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:7d3c287d9ac66d905624f5aefc5fe9eeadbff7868c1c31832aff74a8a0673216_s390x",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:b33fa7578442868a978b18d9219b9deef2d30978b3788051dc7c86989f260a85_amd64",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/vector-rhel9@sha256:0f703f41cee495656dcadaa90199357d748c39d56fd3d6399593337f4912dbe6_amd64",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/vector-rhel9@sha256:4898ca8913283a0f681bbadb88b6e568c2e94a11b2087301b4ad9075f6a1ac59_s390x",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/vector-rhel9@sha256:662a7b86e69fd80fb0af5acb48ced5d889a8892548a995c7c2d6dfbf70495589_arm64",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/vector-rhel9@sha256:cc059bf2fb6382711eb55bae8cd61e5b69304f97758ce073bc0de915a531f6cd_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-25679"
},
{
"category": "external",
"summary": "RHBZ#2445356",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445356"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-25679",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25679"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-25679",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25679"
},
{
"category": "external",
"summary": "https://go.dev/cl/752180",
"url": "https://go.dev/cl/752180"
},
{
"category": "external",
"summary": "https://go.dev/issue/77578",
"url": "https://go.dev/issue/77578"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk",
"url": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4601",
"url": "https://pkg.go.dev/vuln/GO-2026-4601"
}
],
"release_date": "2026-03-06T21:28:14.211000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-29T15:26:45+00:00",
"details": "For OpenShift Container Platform 4.18 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\n\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.18/html/release_notes/ocp-4-18-release-notes\n\nFor Red Hat OpenShift Logging 6.2.10, see the following instructions to apply this update:\n\nhttps://docs.redhat.com/en/documentation/red_hat_openshift_logging/6.2",
"product_ids": [
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:328340d4d482b06ab444f435aeb9c2a43ac7177ecd1ab8eec297c56aa6467203_arm64",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:450a1302db3b38b2f63645dccd1d992a4b61e42fb375f49cd62d2af292fb54ac_s390x",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:ca54850f60fc615b3ff7f04399173853722a42845e9a7ebae5c50e9659eab90e_amd64",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:fe6e806f9e3dcfdf75897f769bd0ddca5d6f2333bf8d7109a8883c55f1473273_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:11800"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/cluster-logging-operator-bundle@sha256:17353255c31e79c2ec45de5367019e0fb30570a1cc3cff6be170199eeb18e4dc_amd64",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:7fd22572f12bbc2029f24eb623eb814747500b436c1c9d303fe7c6e875006000_amd64",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:8f625e3b3961e05ded9032076f88bfa4bdbb6dc5d64bb4a9a03284cc64ade3da_s390x",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:9a0ebc5fb636a3eb613eba828db0a52f95582533a15c121b01346fb55d335b49_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:cf63b1d43e799bf2fccf11c2f5ff1e8dabd407a4ed3174ebceb91a7b15ea33d8_arm64",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:328340d4d482b06ab444f435aeb9c2a43ac7177ecd1ab8eec297c56aa6467203_arm64",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:450a1302db3b38b2f63645dccd1d992a4b61e42fb375f49cd62d2af292fb54ac_s390x",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:ca54850f60fc615b3ff7f04399173853722a42845e9a7ebae5c50e9659eab90e_amd64",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:fe6e806f9e3dcfdf75897f769bd0ddca5d6f2333bf8d7109a8883c55f1473273_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:54e5b1a076008e32574ddff8fc3a3ea9aa8cfb3c2ba2d2736c39906f15b1350d_s390x",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:760d23df05d5ed4a370401c5bc0485ba9479312ef6628445995bfa4710b0b18b_amd64",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:932962c0efa367e1b09b66deda20d58093321e376efb4fc8a99cae97854cf71b_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:b45be7ff7e4e9dd659de7573c01d22db97341e7b12a2306e35b0ed0db5c1b966_arm64",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:303dbc8494a46ed4eb24a4e6ee503a5f3e791bbcd45af2576e111855514c17a9_arm64",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:aff23731ba90a17219df3a56a571904ac9267c43f6def4d049236d152b704254_s390x",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:bec80cde1b5262108ffa3c684a81d090de850114a68d049c651a6d05542b7468_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:fc0dee9a5f93e89a7225149766f1976cb67be1459456c9367dba48c3df3dad36_amd64",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/loki-operator-bundle@sha256:da1df9b6504750ba6c7b2187c3f4cfe9e8da8bdd32daa3fd1f7b84cc285c6394_amd64",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:454bdee681a24666732fc98764d799f54446031730e408648397713f58d73c7a_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:80679c65e340cced2aca6458ecfbe04f85171e0c066a39e93d44e38e444daeb1_amd64",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:83f22ad20ad1e6c123a4f26de43095274fa4fd55d396b3bb5f74f8e2b73b01ee_arm64",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:892c5dcdf43882b275d59c7997cddff4a319394327ea7b5d16a074c70d7fe059_s390x",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:35b016e136391b2377744cfaffdf5ea5a0bfb5cd83a24003d1f4468859520693_amd64",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:5eea261a9be54be482073d8f58ac09e599d7bb0a01255e0966a1a34b9b306788_arm64",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:a7c2417f3fd6e2e421a9551b061d90badbe0b7971282ab002d71cccd8c3bc739_s390x",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:e0ae5996726af5675dc84217f220fd12c5c7a3af069ae0a5e0c985aa1efc40b9_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:0301de23e37b680cfb4f7c7b737303f1564b5a947282590ad32c521834b0453f_arm64",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:04b6062eedba3c57e099187cb627186f34f48a09df81576bbea7ac2a3e57936e_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:7d3c287d9ac66d905624f5aefc5fe9eeadbff7868c1c31832aff74a8a0673216_s390x",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:b33fa7578442868a978b18d9219b9deef2d30978b3788051dc7c86989f260a85_amd64",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/vector-rhel9@sha256:0f703f41cee495656dcadaa90199357d748c39d56fd3d6399593337f4912dbe6_amd64",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/vector-rhel9@sha256:4898ca8913283a0f681bbadb88b6e568c2e94a11b2087301b4ad9075f6a1ac59_s390x",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/vector-rhel9@sha256:662a7b86e69fd80fb0af5acb48ced5d889a8892548a995c7c2d6dfbf70495589_arm64",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/vector-rhel9@sha256:cc059bf2fb6382711eb55bae8cd61e5b69304f97758ce073bc0de915a531f6cd_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/cluster-logging-operator-bundle@sha256:17353255c31e79c2ec45de5367019e0fb30570a1cc3cff6be170199eeb18e4dc_amd64",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:7fd22572f12bbc2029f24eb623eb814747500b436c1c9d303fe7c6e875006000_amd64",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:8f625e3b3961e05ded9032076f88bfa4bdbb6dc5d64bb4a9a03284cc64ade3da_s390x",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:9a0ebc5fb636a3eb613eba828db0a52f95582533a15c121b01346fb55d335b49_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:cf63b1d43e799bf2fccf11c2f5ff1e8dabd407a4ed3174ebceb91a7b15ea33d8_arm64",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:328340d4d482b06ab444f435aeb9c2a43ac7177ecd1ab8eec297c56aa6467203_arm64",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:450a1302db3b38b2f63645dccd1d992a4b61e42fb375f49cd62d2af292fb54ac_s390x",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:ca54850f60fc615b3ff7f04399173853722a42845e9a7ebae5c50e9659eab90e_amd64",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:fe6e806f9e3dcfdf75897f769bd0ddca5d6f2333bf8d7109a8883c55f1473273_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:54e5b1a076008e32574ddff8fc3a3ea9aa8cfb3c2ba2d2736c39906f15b1350d_s390x",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:760d23df05d5ed4a370401c5bc0485ba9479312ef6628445995bfa4710b0b18b_amd64",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:932962c0efa367e1b09b66deda20d58093321e376efb4fc8a99cae97854cf71b_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:b45be7ff7e4e9dd659de7573c01d22db97341e7b12a2306e35b0ed0db5c1b966_arm64",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:303dbc8494a46ed4eb24a4e6ee503a5f3e791bbcd45af2576e111855514c17a9_arm64",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:aff23731ba90a17219df3a56a571904ac9267c43f6def4d049236d152b704254_s390x",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:bec80cde1b5262108ffa3c684a81d090de850114a68d049c651a6d05542b7468_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:fc0dee9a5f93e89a7225149766f1976cb67be1459456c9367dba48c3df3dad36_amd64",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/loki-operator-bundle@sha256:da1df9b6504750ba6c7b2187c3f4cfe9e8da8bdd32daa3fd1f7b84cc285c6394_amd64",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:454bdee681a24666732fc98764d799f54446031730e408648397713f58d73c7a_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:80679c65e340cced2aca6458ecfbe04f85171e0c066a39e93d44e38e444daeb1_amd64",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:83f22ad20ad1e6c123a4f26de43095274fa4fd55d396b3bb5f74f8e2b73b01ee_arm64",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:892c5dcdf43882b275d59c7997cddff4a319394327ea7b5d16a074c70d7fe059_s390x",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:35b016e136391b2377744cfaffdf5ea5a0bfb5cd83a24003d1f4468859520693_amd64",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:5eea261a9be54be482073d8f58ac09e599d7bb0a01255e0966a1a34b9b306788_arm64",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:a7c2417f3fd6e2e421a9551b061d90badbe0b7971282ab002d71cccd8c3bc739_s390x",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:e0ae5996726af5675dc84217f220fd12c5c7a3af069ae0a5e0c985aa1efc40b9_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:0301de23e37b680cfb4f7c7b737303f1564b5a947282590ad32c521834b0453f_arm64",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:04b6062eedba3c57e099187cb627186f34f48a09df81576bbea7ac2a3e57936e_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:7d3c287d9ac66d905624f5aefc5fe9eeadbff7868c1c31832aff74a8a0673216_s390x",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:b33fa7578442868a978b18d9219b9deef2d30978b3788051dc7c86989f260a85_amd64",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/vector-rhel9@sha256:0f703f41cee495656dcadaa90199357d748c39d56fd3d6399593337f4912dbe6_amd64",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/vector-rhel9@sha256:4898ca8913283a0f681bbadb88b6e568c2e94a11b2087301b4ad9075f6a1ac59_s390x",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/vector-rhel9@sha256:662a7b86e69fd80fb0af5acb48ced5d889a8892548a995c7c2d6dfbf70495589_arm64",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/vector-rhel9@sha256:cc059bf2fb6382711eb55bae8cd61e5b69304f97758ce073bc0de915a531f6cd_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "net/url: Incorrect parsing of IPv6 host literals in net/url"
},
{
"cve": "CVE-2026-27137",
"cwe": {
"id": "CWE-295",
"name": "Improper Certificate Validation"
},
"discovery_date": "2026-03-06T22:01:38.859733+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/cluster-logging-operator-bundle@sha256:17353255c31e79c2ec45de5367019e0fb30570a1cc3cff6be170199eeb18e4dc_amd64",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:7fd22572f12bbc2029f24eb623eb814747500b436c1c9d303fe7c6e875006000_amd64",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:8f625e3b3961e05ded9032076f88bfa4bdbb6dc5d64bb4a9a03284cc64ade3da_s390x",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:9a0ebc5fb636a3eb613eba828db0a52f95582533a15c121b01346fb55d335b49_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:cf63b1d43e799bf2fccf11c2f5ff1e8dabd407a4ed3174ebceb91a7b15ea33d8_arm64",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:54e5b1a076008e32574ddff8fc3a3ea9aa8cfb3c2ba2d2736c39906f15b1350d_s390x",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:760d23df05d5ed4a370401c5bc0485ba9479312ef6628445995bfa4710b0b18b_amd64",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:932962c0efa367e1b09b66deda20d58093321e376efb4fc8a99cae97854cf71b_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:b45be7ff7e4e9dd659de7573c01d22db97341e7b12a2306e35b0ed0db5c1b966_arm64",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:303dbc8494a46ed4eb24a4e6ee503a5f3e791bbcd45af2576e111855514c17a9_arm64",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:aff23731ba90a17219df3a56a571904ac9267c43f6def4d049236d152b704254_s390x",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:bec80cde1b5262108ffa3c684a81d090de850114a68d049c651a6d05542b7468_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:fc0dee9a5f93e89a7225149766f1976cb67be1459456c9367dba48c3df3dad36_amd64",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/loki-operator-bundle@sha256:da1df9b6504750ba6c7b2187c3f4cfe9e8da8bdd32daa3fd1f7b84cc285c6394_amd64",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:454bdee681a24666732fc98764d799f54446031730e408648397713f58d73c7a_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:80679c65e340cced2aca6458ecfbe04f85171e0c066a39e93d44e38e444daeb1_amd64",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:83f22ad20ad1e6c123a4f26de43095274fa4fd55d396b3bb5f74f8e2b73b01ee_arm64",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:892c5dcdf43882b275d59c7997cddff4a319394327ea7b5d16a074c70d7fe059_s390x",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:35b016e136391b2377744cfaffdf5ea5a0bfb5cd83a24003d1f4468859520693_amd64",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:5eea261a9be54be482073d8f58ac09e599d7bb0a01255e0966a1a34b9b306788_arm64",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:a7c2417f3fd6e2e421a9551b061d90badbe0b7971282ab002d71cccd8c3bc739_s390x",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:e0ae5996726af5675dc84217f220fd12c5c7a3af069ae0a5e0c985aa1efc40b9_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:0301de23e37b680cfb4f7c7b737303f1564b5a947282590ad32c521834b0453f_arm64",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:04b6062eedba3c57e099187cb627186f34f48a09df81576bbea7ac2a3e57936e_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:7d3c287d9ac66d905624f5aefc5fe9eeadbff7868c1c31832aff74a8a0673216_s390x",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:b33fa7578442868a978b18d9219b9deef2d30978b3788051dc7c86989f260a85_amd64",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/vector-rhel9@sha256:0f703f41cee495656dcadaa90199357d748c39d56fd3d6399593337f4912dbe6_amd64",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/vector-rhel9@sha256:4898ca8913283a0f681bbadb88b6e568c2e94a11b2087301b4ad9075f6a1ac59_s390x",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/vector-rhel9@sha256:662a7b86e69fd80fb0af5acb48ced5d889a8892548a995c7c2d6dfbf70495589_arm64",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/vector-rhel9@sha256:cc059bf2fb6382711eb55bae8cd61e5b69304f97758ce073bc0de915a531f6cd_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2445345"
}
],
"notes": [
{
"category": "description",
"text": "A certificate validation flaw has been discovered in the golang crypto/x509 module. When verifying a certificate chain which contains a certificate containing multiple email address constraints which share common local portions but different domain portions, these constraints will not be properly applied, and only the last constraint will be considered.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: Incorrect enforcement of email constraints in crypto/x509",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:328340d4d482b06ab444f435aeb9c2a43ac7177ecd1ab8eec297c56aa6467203_arm64",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:450a1302db3b38b2f63645dccd1d992a4b61e42fb375f49cd62d2af292fb54ac_s390x",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:ca54850f60fc615b3ff7f04399173853722a42845e9a7ebae5c50e9659eab90e_amd64",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:fe6e806f9e3dcfdf75897f769bd0ddca5d6f2333bf8d7109a8883c55f1473273_ppc64le"
],
"known_not_affected": [
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/cluster-logging-operator-bundle@sha256:17353255c31e79c2ec45de5367019e0fb30570a1cc3cff6be170199eeb18e4dc_amd64",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:7fd22572f12bbc2029f24eb623eb814747500b436c1c9d303fe7c6e875006000_amd64",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:8f625e3b3961e05ded9032076f88bfa4bdbb6dc5d64bb4a9a03284cc64ade3da_s390x",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:9a0ebc5fb636a3eb613eba828db0a52f95582533a15c121b01346fb55d335b49_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:cf63b1d43e799bf2fccf11c2f5ff1e8dabd407a4ed3174ebceb91a7b15ea33d8_arm64",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:54e5b1a076008e32574ddff8fc3a3ea9aa8cfb3c2ba2d2736c39906f15b1350d_s390x",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:760d23df05d5ed4a370401c5bc0485ba9479312ef6628445995bfa4710b0b18b_amd64",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:932962c0efa367e1b09b66deda20d58093321e376efb4fc8a99cae97854cf71b_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:b45be7ff7e4e9dd659de7573c01d22db97341e7b12a2306e35b0ed0db5c1b966_arm64",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:303dbc8494a46ed4eb24a4e6ee503a5f3e791bbcd45af2576e111855514c17a9_arm64",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:aff23731ba90a17219df3a56a571904ac9267c43f6def4d049236d152b704254_s390x",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:bec80cde1b5262108ffa3c684a81d090de850114a68d049c651a6d05542b7468_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:fc0dee9a5f93e89a7225149766f1976cb67be1459456c9367dba48c3df3dad36_amd64",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/loki-operator-bundle@sha256:da1df9b6504750ba6c7b2187c3f4cfe9e8da8bdd32daa3fd1f7b84cc285c6394_amd64",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:454bdee681a24666732fc98764d799f54446031730e408648397713f58d73c7a_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:80679c65e340cced2aca6458ecfbe04f85171e0c066a39e93d44e38e444daeb1_amd64",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:83f22ad20ad1e6c123a4f26de43095274fa4fd55d396b3bb5f74f8e2b73b01ee_arm64",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:892c5dcdf43882b275d59c7997cddff4a319394327ea7b5d16a074c70d7fe059_s390x",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:35b016e136391b2377744cfaffdf5ea5a0bfb5cd83a24003d1f4468859520693_amd64",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:5eea261a9be54be482073d8f58ac09e599d7bb0a01255e0966a1a34b9b306788_arm64",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:a7c2417f3fd6e2e421a9551b061d90badbe0b7971282ab002d71cccd8c3bc739_s390x",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:e0ae5996726af5675dc84217f220fd12c5c7a3af069ae0a5e0c985aa1efc40b9_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:0301de23e37b680cfb4f7c7b737303f1564b5a947282590ad32c521834b0453f_arm64",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:04b6062eedba3c57e099187cb627186f34f48a09df81576bbea7ac2a3e57936e_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:7d3c287d9ac66d905624f5aefc5fe9eeadbff7868c1c31832aff74a8a0673216_s390x",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:b33fa7578442868a978b18d9219b9deef2d30978b3788051dc7c86989f260a85_amd64",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/vector-rhel9@sha256:0f703f41cee495656dcadaa90199357d748c39d56fd3d6399593337f4912dbe6_amd64",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/vector-rhel9@sha256:4898ca8913283a0f681bbadb88b6e568c2e94a11b2087301b4ad9075f6a1ac59_s390x",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/vector-rhel9@sha256:662a7b86e69fd80fb0af5acb48ced5d889a8892548a995c7c2d6dfbf70495589_arm64",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/vector-rhel9@sha256:cc059bf2fb6382711eb55bae8cd61e5b69304f97758ce073bc0de915a531f6cd_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-27137"
},
{
"category": "external",
"summary": "RHBZ#2445345",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445345"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-27137",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27137"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-27137",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27137"
},
{
"category": "external",
"summary": "https://go.dev/cl/752182",
"url": "https://go.dev/cl/752182"
},
{
"category": "external",
"summary": "https://go.dev/issue/77952",
"url": "https://go.dev/issue/77952"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk",
"url": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4599",
"url": "https://pkg.go.dev/vuln/GO-2026-4599"
}
],
"release_date": "2026-03-06T21:28:13.748000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-29T15:26:45+00:00",
"details": "For OpenShift Container Platform 4.18 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\n\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.18/html/release_notes/ocp-4-18-release-notes\n\nFor Red Hat OpenShift Logging 6.2.10, see the following instructions to apply this update:\n\nhttps://docs.redhat.com/en/documentation/red_hat_openshift_logging/6.2",
"product_ids": [
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:328340d4d482b06ab444f435aeb9c2a43ac7177ecd1ab8eec297c56aa6467203_arm64",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:450a1302db3b38b2f63645dccd1d992a4b61e42fb375f49cd62d2af292fb54ac_s390x",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:ca54850f60fc615b3ff7f04399173853722a42845e9a7ebae5c50e9659eab90e_amd64",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:fe6e806f9e3dcfdf75897f769bd0ddca5d6f2333bf8d7109a8883c55f1473273_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:11800"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/cluster-logging-operator-bundle@sha256:17353255c31e79c2ec45de5367019e0fb30570a1cc3cff6be170199eeb18e4dc_amd64",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:7fd22572f12bbc2029f24eb623eb814747500b436c1c9d303fe7c6e875006000_amd64",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:8f625e3b3961e05ded9032076f88bfa4bdbb6dc5d64bb4a9a03284cc64ade3da_s390x",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:9a0ebc5fb636a3eb613eba828db0a52f95582533a15c121b01346fb55d335b49_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:cf63b1d43e799bf2fccf11c2f5ff1e8dabd407a4ed3174ebceb91a7b15ea33d8_arm64",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:328340d4d482b06ab444f435aeb9c2a43ac7177ecd1ab8eec297c56aa6467203_arm64",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:450a1302db3b38b2f63645dccd1d992a4b61e42fb375f49cd62d2af292fb54ac_s390x",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:ca54850f60fc615b3ff7f04399173853722a42845e9a7ebae5c50e9659eab90e_amd64",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:fe6e806f9e3dcfdf75897f769bd0ddca5d6f2333bf8d7109a8883c55f1473273_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:54e5b1a076008e32574ddff8fc3a3ea9aa8cfb3c2ba2d2736c39906f15b1350d_s390x",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:760d23df05d5ed4a370401c5bc0485ba9479312ef6628445995bfa4710b0b18b_amd64",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:932962c0efa367e1b09b66deda20d58093321e376efb4fc8a99cae97854cf71b_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:b45be7ff7e4e9dd659de7573c01d22db97341e7b12a2306e35b0ed0db5c1b966_arm64",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:303dbc8494a46ed4eb24a4e6ee503a5f3e791bbcd45af2576e111855514c17a9_arm64",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:aff23731ba90a17219df3a56a571904ac9267c43f6def4d049236d152b704254_s390x",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:bec80cde1b5262108ffa3c684a81d090de850114a68d049c651a6d05542b7468_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:fc0dee9a5f93e89a7225149766f1976cb67be1459456c9367dba48c3df3dad36_amd64",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/loki-operator-bundle@sha256:da1df9b6504750ba6c7b2187c3f4cfe9e8da8bdd32daa3fd1f7b84cc285c6394_amd64",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:454bdee681a24666732fc98764d799f54446031730e408648397713f58d73c7a_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:80679c65e340cced2aca6458ecfbe04f85171e0c066a39e93d44e38e444daeb1_amd64",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:83f22ad20ad1e6c123a4f26de43095274fa4fd55d396b3bb5f74f8e2b73b01ee_arm64",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:892c5dcdf43882b275d59c7997cddff4a319394327ea7b5d16a074c70d7fe059_s390x",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:35b016e136391b2377744cfaffdf5ea5a0bfb5cd83a24003d1f4468859520693_amd64",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:5eea261a9be54be482073d8f58ac09e599d7bb0a01255e0966a1a34b9b306788_arm64",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:a7c2417f3fd6e2e421a9551b061d90badbe0b7971282ab002d71cccd8c3bc739_s390x",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:e0ae5996726af5675dc84217f220fd12c5c7a3af069ae0a5e0c985aa1efc40b9_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:0301de23e37b680cfb4f7c7b737303f1564b5a947282590ad32c521834b0453f_arm64",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:04b6062eedba3c57e099187cb627186f34f48a09df81576bbea7ac2a3e57936e_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:7d3c287d9ac66d905624f5aefc5fe9eeadbff7868c1c31832aff74a8a0673216_s390x",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:b33fa7578442868a978b18d9219b9deef2d30978b3788051dc7c86989f260a85_amd64",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/vector-rhel9@sha256:0f703f41cee495656dcadaa90199357d748c39d56fd3d6399593337f4912dbe6_amd64",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/vector-rhel9@sha256:4898ca8913283a0f681bbadb88b6e568c2e94a11b2087301b4ad9075f6a1ac59_s390x",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/vector-rhel9@sha256:662a7b86e69fd80fb0af5acb48ced5d889a8892548a995c7c2d6dfbf70495589_arm64",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/vector-rhel9@sha256:cc059bf2fb6382711eb55bae8cd61e5b69304f97758ce073bc0de915a531f6cd_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/cluster-logging-operator-bundle@sha256:17353255c31e79c2ec45de5367019e0fb30570a1cc3cff6be170199eeb18e4dc_amd64",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:7fd22572f12bbc2029f24eb623eb814747500b436c1c9d303fe7c6e875006000_amd64",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:8f625e3b3961e05ded9032076f88bfa4bdbb6dc5d64bb4a9a03284cc64ade3da_s390x",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:9a0ebc5fb636a3eb613eba828db0a52f95582533a15c121b01346fb55d335b49_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:cf63b1d43e799bf2fccf11c2f5ff1e8dabd407a4ed3174ebceb91a7b15ea33d8_arm64",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:328340d4d482b06ab444f435aeb9c2a43ac7177ecd1ab8eec297c56aa6467203_arm64",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:450a1302db3b38b2f63645dccd1d992a4b61e42fb375f49cd62d2af292fb54ac_s390x",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:ca54850f60fc615b3ff7f04399173853722a42845e9a7ebae5c50e9659eab90e_amd64",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:fe6e806f9e3dcfdf75897f769bd0ddca5d6f2333bf8d7109a8883c55f1473273_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:54e5b1a076008e32574ddff8fc3a3ea9aa8cfb3c2ba2d2736c39906f15b1350d_s390x",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:760d23df05d5ed4a370401c5bc0485ba9479312ef6628445995bfa4710b0b18b_amd64",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:932962c0efa367e1b09b66deda20d58093321e376efb4fc8a99cae97854cf71b_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:b45be7ff7e4e9dd659de7573c01d22db97341e7b12a2306e35b0ed0db5c1b966_arm64",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:303dbc8494a46ed4eb24a4e6ee503a5f3e791bbcd45af2576e111855514c17a9_arm64",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:aff23731ba90a17219df3a56a571904ac9267c43f6def4d049236d152b704254_s390x",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:bec80cde1b5262108ffa3c684a81d090de850114a68d049c651a6d05542b7468_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:fc0dee9a5f93e89a7225149766f1976cb67be1459456c9367dba48c3df3dad36_amd64",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/loki-operator-bundle@sha256:da1df9b6504750ba6c7b2187c3f4cfe9e8da8bdd32daa3fd1f7b84cc285c6394_amd64",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:454bdee681a24666732fc98764d799f54446031730e408648397713f58d73c7a_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:80679c65e340cced2aca6458ecfbe04f85171e0c066a39e93d44e38e444daeb1_amd64",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:83f22ad20ad1e6c123a4f26de43095274fa4fd55d396b3bb5f74f8e2b73b01ee_arm64",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:892c5dcdf43882b275d59c7997cddff4a319394327ea7b5d16a074c70d7fe059_s390x",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:35b016e136391b2377744cfaffdf5ea5a0bfb5cd83a24003d1f4468859520693_amd64",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:5eea261a9be54be482073d8f58ac09e599d7bb0a01255e0966a1a34b9b306788_arm64",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:a7c2417f3fd6e2e421a9551b061d90badbe0b7971282ab002d71cccd8c3bc739_s390x",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:e0ae5996726af5675dc84217f220fd12c5c7a3af069ae0a5e0c985aa1efc40b9_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:0301de23e37b680cfb4f7c7b737303f1564b5a947282590ad32c521834b0453f_arm64",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:04b6062eedba3c57e099187cb627186f34f48a09df81576bbea7ac2a3e57936e_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:7d3c287d9ac66d905624f5aefc5fe9eeadbff7868c1c31832aff74a8a0673216_s390x",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:b33fa7578442868a978b18d9219b9deef2d30978b3788051dc7c86989f260a85_amd64",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/vector-rhel9@sha256:0f703f41cee495656dcadaa90199357d748c39d56fd3d6399593337f4912dbe6_amd64",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/vector-rhel9@sha256:4898ca8913283a0f681bbadb88b6e568c2e94a11b2087301b4ad9075f6a1ac59_s390x",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/vector-rhel9@sha256:662a7b86e69fd80fb0af5acb48ced5d889a8892548a995c7c2d6dfbf70495589_arm64",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/vector-rhel9@sha256:cc059bf2fb6382711eb55bae8cd61e5b69304f97758ce073bc0de915a531f6cd_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crypto/x509: Incorrect enforcement of email constraints in crypto/x509"
},
{
"cve": "CVE-2026-32829",
"cwe": {
"id": "CWE-823",
"name": "Use of Out-of-range Pointer Offset"
},
"discovery_date": "2026-03-16T22:05:38.553414+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/cluster-logging-operator-bundle@sha256:17353255c31e79c2ec45de5367019e0fb30570a1cc3cff6be170199eeb18e4dc_amd64",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:7fd22572f12bbc2029f24eb623eb814747500b436c1c9d303fe7c6e875006000_amd64",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:8f625e3b3961e05ded9032076f88bfa4bdbb6dc5d64bb4a9a03284cc64ade3da_s390x",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:9a0ebc5fb636a3eb613eba828db0a52f95582533a15c121b01346fb55d335b49_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:cf63b1d43e799bf2fccf11c2f5ff1e8dabd407a4ed3174ebceb91a7b15ea33d8_arm64",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:328340d4d482b06ab444f435aeb9c2a43ac7177ecd1ab8eec297c56aa6467203_arm64",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:450a1302db3b38b2f63645dccd1d992a4b61e42fb375f49cd62d2af292fb54ac_s390x",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:ca54850f60fc615b3ff7f04399173853722a42845e9a7ebae5c50e9659eab90e_amd64",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:fe6e806f9e3dcfdf75897f769bd0ddca5d6f2333bf8d7109a8883c55f1473273_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:54e5b1a076008e32574ddff8fc3a3ea9aa8cfb3c2ba2d2736c39906f15b1350d_s390x",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:760d23df05d5ed4a370401c5bc0485ba9479312ef6628445995bfa4710b0b18b_amd64",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:932962c0efa367e1b09b66deda20d58093321e376efb4fc8a99cae97854cf71b_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:b45be7ff7e4e9dd659de7573c01d22db97341e7b12a2306e35b0ed0db5c1b966_arm64",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:303dbc8494a46ed4eb24a4e6ee503a5f3e791bbcd45af2576e111855514c17a9_arm64",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:aff23731ba90a17219df3a56a571904ac9267c43f6def4d049236d152b704254_s390x",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:bec80cde1b5262108ffa3c684a81d090de850114a68d049c651a6d05542b7468_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:fc0dee9a5f93e89a7225149766f1976cb67be1459456c9367dba48c3df3dad36_amd64",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/loki-operator-bundle@sha256:da1df9b6504750ba6c7b2187c3f4cfe9e8da8bdd32daa3fd1f7b84cc285c6394_amd64",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:454bdee681a24666732fc98764d799f54446031730e408648397713f58d73c7a_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:80679c65e340cced2aca6458ecfbe04f85171e0c066a39e93d44e38e444daeb1_amd64",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:83f22ad20ad1e6c123a4f26de43095274fa4fd55d396b3bb5f74f8e2b73b01ee_arm64",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:892c5dcdf43882b275d59c7997cddff4a319394327ea7b5d16a074c70d7fe059_s390x",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:35b016e136391b2377744cfaffdf5ea5a0bfb5cd83a24003d1f4468859520693_amd64",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:5eea261a9be54be482073d8f58ac09e599d7bb0a01255e0966a1a34b9b306788_arm64",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:a7c2417f3fd6e2e421a9551b061d90badbe0b7971282ab002d71cccd8c3bc739_s390x",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:e0ae5996726af5675dc84217f220fd12c5c7a3af069ae0a5e0c985aa1efc40b9_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:0301de23e37b680cfb4f7c7b737303f1564b5a947282590ad32c521834b0453f_arm64",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:04b6062eedba3c57e099187cb627186f34f48a09df81576bbea7ac2a3e57936e_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:7d3c287d9ac66d905624f5aefc5fe9eeadbff7868c1c31832aff74a8a0673216_s390x",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:b33fa7578442868a978b18d9219b9deef2d30978b3788051dc7c86989f260a85_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2448271"
}
],
"notes": [
{
"category": "description",
"text": "lz4_flex is a pure Rust implementation of LZ4 compression/decompression. In versions 0.11.5 and below, and 0.12.0, decompressing invalid LZ4 data can leak sensitive information from uninitialized memory or from previous decompression operations. The library fails to properly validate offset values during LZ4 \"match copy operations,\" allowing out-of-bounds reads from the output buffer. The block-based API functions (`decompress_into`, `decompress_into_with_dict`, and others when `safe-decode` is disabled) are affected, while all frame APIs are unaffected. The impact is potential exposure of sensitive data and secrets through crafted or malformed LZ4 input. This issue has been fixed in versions 0.11.6 and 0.12.1.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "lz4_flex: lz4_flex\u0027s decompression can leak information from uninitialized memory or reused output buffer",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "In RHEL 9 and RHEL 10, this vulnerability presents minimal risk as the rust-analyzer component operates in a \"closed loop,\" strictly decompressing its own internal database. Because it does not process external or untrusted data, exploitation requires an attacker to already possess local access and sufficient privileges to tamper with the internal cache files on disk.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/vector-rhel9@sha256:0f703f41cee495656dcadaa90199357d748c39d56fd3d6399593337f4912dbe6_amd64",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/vector-rhel9@sha256:4898ca8913283a0f681bbadb88b6e568c2e94a11b2087301b4ad9075f6a1ac59_s390x",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/vector-rhel9@sha256:662a7b86e69fd80fb0af5acb48ced5d889a8892548a995c7c2d6dfbf70495589_arm64",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/vector-rhel9@sha256:cc059bf2fb6382711eb55bae8cd61e5b69304f97758ce073bc0de915a531f6cd_ppc64le"
],
"known_not_affected": [
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/cluster-logging-operator-bundle@sha256:17353255c31e79c2ec45de5367019e0fb30570a1cc3cff6be170199eeb18e4dc_amd64",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:7fd22572f12bbc2029f24eb623eb814747500b436c1c9d303fe7c6e875006000_amd64",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:8f625e3b3961e05ded9032076f88bfa4bdbb6dc5d64bb4a9a03284cc64ade3da_s390x",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:9a0ebc5fb636a3eb613eba828db0a52f95582533a15c121b01346fb55d335b49_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:cf63b1d43e799bf2fccf11c2f5ff1e8dabd407a4ed3174ebceb91a7b15ea33d8_arm64",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:328340d4d482b06ab444f435aeb9c2a43ac7177ecd1ab8eec297c56aa6467203_arm64",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:450a1302db3b38b2f63645dccd1d992a4b61e42fb375f49cd62d2af292fb54ac_s390x",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:ca54850f60fc615b3ff7f04399173853722a42845e9a7ebae5c50e9659eab90e_amd64",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:fe6e806f9e3dcfdf75897f769bd0ddca5d6f2333bf8d7109a8883c55f1473273_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:54e5b1a076008e32574ddff8fc3a3ea9aa8cfb3c2ba2d2736c39906f15b1350d_s390x",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:760d23df05d5ed4a370401c5bc0485ba9479312ef6628445995bfa4710b0b18b_amd64",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:932962c0efa367e1b09b66deda20d58093321e376efb4fc8a99cae97854cf71b_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:b45be7ff7e4e9dd659de7573c01d22db97341e7b12a2306e35b0ed0db5c1b966_arm64",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:303dbc8494a46ed4eb24a4e6ee503a5f3e791bbcd45af2576e111855514c17a9_arm64",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:aff23731ba90a17219df3a56a571904ac9267c43f6def4d049236d152b704254_s390x",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:bec80cde1b5262108ffa3c684a81d090de850114a68d049c651a6d05542b7468_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:fc0dee9a5f93e89a7225149766f1976cb67be1459456c9367dba48c3df3dad36_amd64",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/loki-operator-bundle@sha256:da1df9b6504750ba6c7b2187c3f4cfe9e8da8bdd32daa3fd1f7b84cc285c6394_amd64",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:454bdee681a24666732fc98764d799f54446031730e408648397713f58d73c7a_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:80679c65e340cced2aca6458ecfbe04f85171e0c066a39e93d44e38e444daeb1_amd64",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:83f22ad20ad1e6c123a4f26de43095274fa4fd55d396b3bb5f74f8e2b73b01ee_arm64",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:892c5dcdf43882b275d59c7997cddff4a319394327ea7b5d16a074c70d7fe059_s390x",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:35b016e136391b2377744cfaffdf5ea5a0bfb5cd83a24003d1f4468859520693_amd64",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:5eea261a9be54be482073d8f58ac09e599d7bb0a01255e0966a1a34b9b306788_arm64",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:a7c2417f3fd6e2e421a9551b061d90badbe0b7971282ab002d71cccd8c3bc739_s390x",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:e0ae5996726af5675dc84217f220fd12c5c7a3af069ae0a5e0c985aa1efc40b9_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:0301de23e37b680cfb4f7c7b737303f1564b5a947282590ad32c521834b0453f_arm64",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:04b6062eedba3c57e099187cb627186f34f48a09df81576bbea7ac2a3e57936e_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:7d3c287d9ac66d905624f5aefc5fe9eeadbff7868c1c31832aff74a8a0673216_s390x",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:b33fa7578442868a978b18d9219b9deef2d30978b3788051dc7c86989f260a85_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-32829"
},
{
"category": "external",
"summary": "RHBZ#2448271",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448271"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-32829",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32829"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32829",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32829"
},
{
"category": "external",
"summary": "https://github.com/PSeitz/lz4_flex",
"url": "https://github.com/PSeitz/lz4_flex"
},
{
"category": "external",
"summary": "https://github.com/PSeitz/lz4_flex/commit/055502ee5d297ecd6bf448ac91c055c7f6df9b6d",
"url": "https://github.com/PSeitz/lz4_flex/commit/055502ee5d297ecd6bf448ac91c055c7f6df9b6d"
},
{
"category": "external",
"summary": "https://github.com/PSeitz/lz4_flex/security/advisories/GHSA-vvp9-7p8x-rfvv",
"url": "https://github.com/PSeitz/lz4_flex/security/advisories/GHSA-vvp9-7p8x-rfvv"
}
],
"release_date": "2026-03-16T20:48:08+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-29T15:26:45+00:00",
"details": "For OpenShift Container Platform 4.18 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\n\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.18/html/release_notes/ocp-4-18-release-notes\n\nFor Red Hat OpenShift Logging 6.2.10, see the following instructions to apply this update:\n\nhttps://docs.redhat.com/en/documentation/red_hat_openshift_logging/6.2",
"product_ids": [
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/vector-rhel9@sha256:0f703f41cee495656dcadaa90199357d748c39d56fd3d6399593337f4912dbe6_amd64",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/vector-rhel9@sha256:4898ca8913283a0f681bbadb88b6e568c2e94a11b2087301b4ad9075f6a1ac59_s390x",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/vector-rhel9@sha256:662a7b86e69fd80fb0af5acb48ced5d889a8892548a995c7c2d6dfbf70495589_arm64",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/vector-rhel9@sha256:cc059bf2fb6382711eb55bae8cd61e5b69304f97758ce073bc0de915a531f6cd_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:11800"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/cluster-logging-operator-bundle@sha256:17353255c31e79c2ec45de5367019e0fb30570a1cc3cff6be170199eeb18e4dc_amd64",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:7fd22572f12bbc2029f24eb623eb814747500b436c1c9d303fe7c6e875006000_amd64",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:8f625e3b3961e05ded9032076f88bfa4bdbb6dc5d64bb4a9a03284cc64ade3da_s390x",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:9a0ebc5fb636a3eb613eba828db0a52f95582533a15c121b01346fb55d335b49_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:cf63b1d43e799bf2fccf11c2f5ff1e8dabd407a4ed3174ebceb91a7b15ea33d8_arm64",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:328340d4d482b06ab444f435aeb9c2a43ac7177ecd1ab8eec297c56aa6467203_arm64",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:450a1302db3b38b2f63645dccd1d992a4b61e42fb375f49cd62d2af292fb54ac_s390x",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:ca54850f60fc615b3ff7f04399173853722a42845e9a7ebae5c50e9659eab90e_amd64",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:fe6e806f9e3dcfdf75897f769bd0ddca5d6f2333bf8d7109a8883c55f1473273_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:54e5b1a076008e32574ddff8fc3a3ea9aa8cfb3c2ba2d2736c39906f15b1350d_s390x",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:760d23df05d5ed4a370401c5bc0485ba9479312ef6628445995bfa4710b0b18b_amd64",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:932962c0efa367e1b09b66deda20d58093321e376efb4fc8a99cae97854cf71b_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:b45be7ff7e4e9dd659de7573c01d22db97341e7b12a2306e35b0ed0db5c1b966_arm64",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:303dbc8494a46ed4eb24a4e6ee503a5f3e791bbcd45af2576e111855514c17a9_arm64",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:aff23731ba90a17219df3a56a571904ac9267c43f6def4d049236d152b704254_s390x",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:bec80cde1b5262108ffa3c684a81d090de850114a68d049c651a6d05542b7468_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:fc0dee9a5f93e89a7225149766f1976cb67be1459456c9367dba48c3df3dad36_amd64",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/loki-operator-bundle@sha256:da1df9b6504750ba6c7b2187c3f4cfe9e8da8bdd32daa3fd1f7b84cc285c6394_amd64",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:454bdee681a24666732fc98764d799f54446031730e408648397713f58d73c7a_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:80679c65e340cced2aca6458ecfbe04f85171e0c066a39e93d44e38e444daeb1_amd64",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:83f22ad20ad1e6c123a4f26de43095274fa4fd55d396b3bb5f74f8e2b73b01ee_arm64",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:892c5dcdf43882b275d59c7997cddff4a319394327ea7b5d16a074c70d7fe059_s390x",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:35b016e136391b2377744cfaffdf5ea5a0bfb5cd83a24003d1f4468859520693_amd64",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:5eea261a9be54be482073d8f58ac09e599d7bb0a01255e0966a1a34b9b306788_arm64",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:a7c2417f3fd6e2e421a9551b061d90badbe0b7971282ab002d71cccd8c3bc739_s390x",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:e0ae5996726af5675dc84217f220fd12c5c7a3af069ae0a5e0c985aa1efc40b9_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:0301de23e37b680cfb4f7c7b737303f1564b5a947282590ad32c521834b0453f_arm64",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:04b6062eedba3c57e099187cb627186f34f48a09df81576bbea7ac2a3e57936e_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:7d3c287d9ac66d905624f5aefc5fe9eeadbff7868c1c31832aff74a8a0673216_s390x",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:b33fa7578442868a978b18d9219b9deef2d30978b3788051dc7c86989f260a85_amd64",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/vector-rhel9@sha256:0f703f41cee495656dcadaa90199357d748c39d56fd3d6399593337f4912dbe6_amd64",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/vector-rhel9@sha256:4898ca8913283a0f681bbadb88b6e568c2e94a11b2087301b4ad9075f6a1ac59_s390x",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/vector-rhel9@sha256:662a7b86e69fd80fb0af5acb48ced5d889a8892548a995c7c2d6dfbf70495589_arm64",
"Logging Subsystem for Red Hat OpenShift 6.2:registry.redhat.io/openshift-logging/vector-rhel9@sha256:cc059bf2fb6382711eb55bae8cd61e5b69304f97758ce073bc0de915a531f6cd_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "lz4_flex: lz4_flex\u0027s decompression can leak information from uninitialized memory or reused output buffer"
}
]
}
RHSA-2026:11856
Vulnerability from csaf_redhat - Published: 2026-04-29 17:11 - Updated: 2026-06-27 14:37Summary
Red Hat Security Advisory: Red Hat Quay 3.12.17
Severity
Important
Notes
Topic: Red Hat Quay 3.12.17 is now available with bug fixes.
Details: Quay 3.12.17
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
No description is available for this CVE.
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:3c87ef209deb488a3c37626273123280364972c155ae53d986fbc784bf219892_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:6af0be7e815a0c1db832025550381df8869a824393be8025d4cceb7e610619e9_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:b64f0e80cebf4fe945fa945a9df2796c463cb3026a7cfd32e9ab2fc98528b7d3_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e7316f47c02a052e731b15ee00e9bb0ed4a9a1dd19f5b2423150e83ebcb010dd_s390x | — |
Vendor Fix
fix
|
Known not affected
24 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:53d2838548e77931e94f9bcd85e941fb694b28a3585d280ddcb761344d2845e6_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:65503333e10391dca7854bd07dc161288cc00b1a722533e42af1e2c4c3c0afeb_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:8185411ec370b562124ed94598c1dc5128f7b4eba2612d59a0b0b5c767a2a697_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d682a5dd2a55034acfd3fe24b70526d1f514cf7e058aa51505d72537045cf3be_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:cba47e962ec1b6b6f68cea1b231e4a69f8e8ec25067b6e603ebeb268c9fc1ee0_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2195b3586d18555507672ce46cbe7ca44fc89271217f4d10c4a0f709d63a2ad9_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:4454746edc32128a37ab4be8b97c99b87fd8d85fc2199a2d80834ff72f9790d5_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:b615e4d4f9d80660cd340c20df280f0387049f5940f7bb2812d2e3bf325a12f9_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ff9ba83cb0a4505d9bfbd5b0826400b0d3685572e8f599a2813f1462c8a2c310_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:dbdd7ba0477474b50810b0950c8e50171b2327f81ad14ff02ba34cb69885cd45_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:523a51c7c519af386cdaebb7e67971f0a05a7b31fb6683be852a291aada8201a_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:7ce1aebe1c0916ab52b66902127625b13c19231ffd67b24c8606a0131f19d4f9_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:8e02861c489702fb5b0ecb60c8b4e9bb6a14a5f026ceee9fee482891cf7dd61e_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:c5fdf182c5b34b44e21971af93272ac07a2521c3d496b6d92c0a3a7afe3bd362_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:7551505ec9af37fd96ad9a226a475d3d7169eb7d861c4f45cd490ff1f0fae1d3_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:64b287be516147f19f83fe4ac93471de19a8bcc1e3489d7298b734ec26d45aab_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:943fe18122c39717e8874df366a9d8cb2e98572e62af6773445b6328b38b9b0e_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:af6903e508dc41730b05d855d363f53c0e8efcb327429b59cbca959a9cc6aaf1_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee5eec8ed546799aa60d3181f45810632ce280a310a0f75fa847d8cfa0a7690d_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:e2e10580ca1783ac80ea08851c21f4accaa284951d7a909a59d3484ec3077163_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:0578be0cbc9bbbdd5bf86e5bbc15d1741f654af7149efdf184d300f6a3c0b86a_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:18da4574e93bb4cdf09757ad095257912cfdf8506546d83b2f705fbb9d067282_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:2a5eb683e47b2f8e1d02546ff6a640c984e71a9e657112243da082aea47d7af8_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:a696f5af8140d39bf5528d1efc1affab93050fb764c0e6d09c61f819375be139_amd64 | — |
The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:3c87ef209deb488a3c37626273123280364972c155ae53d986fbc784bf219892_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:6af0be7e815a0c1db832025550381df8869a824393be8025d4cceb7e610619e9_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:b64f0e80cebf4fe945fa945a9df2796c463cb3026a7cfd32e9ab2fc98528b7d3_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e7316f47c02a052e731b15ee00e9bb0ed4a9a1dd19f5b2423150e83ebcb010dd_s390x | — |
Vendor Fix
fix
Workaround
|
Known not affected
24 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:53d2838548e77931e94f9bcd85e941fb694b28a3585d280ddcb761344d2845e6_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:65503333e10391dca7854bd07dc161288cc00b1a722533e42af1e2c4c3c0afeb_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:8185411ec370b562124ed94598c1dc5128f7b4eba2612d59a0b0b5c767a2a697_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d682a5dd2a55034acfd3fe24b70526d1f514cf7e058aa51505d72537045cf3be_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:cba47e962ec1b6b6f68cea1b231e4a69f8e8ec25067b6e603ebeb268c9fc1ee0_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2195b3586d18555507672ce46cbe7ca44fc89271217f4d10c4a0f709d63a2ad9_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:4454746edc32128a37ab4be8b97c99b87fd8d85fc2199a2d80834ff72f9790d5_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:b615e4d4f9d80660cd340c20df280f0387049f5940f7bb2812d2e3bf325a12f9_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ff9ba83cb0a4505d9bfbd5b0826400b0d3685572e8f599a2813f1462c8a2c310_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:dbdd7ba0477474b50810b0950c8e50171b2327f81ad14ff02ba34cb69885cd45_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:523a51c7c519af386cdaebb7e67971f0a05a7b31fb6683be852a291aada8201a_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:7ce1aebe1c0916ab52b66902127625b13c19231ffd67b24c8606a0131f19d4f9_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:8e02861c489702fb5b0ecb60c8b4e9bb6a14a5f026ceee9fee482891cf7dd61e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:c5fdf182c5b34b44e21971af93272ac07a2521c3d496b6d92c0a3a7afe3bd362_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:7551505ec9af37fd96ad9a226a475d3d7169eb7d861c4f45cd490ff1f0fae1d3_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:64b287be516147f19f83fe4ac93471de19a8bcc1e3489d7298b734ec26d45aab_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:943fe18122c39717e8874df366a9d8cb2e98572e62af6773445b6328b38b9b0e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:af6903e508dc41730b05d855d363f53c0e8efcb327429b59cbca959a9cc6aaf1_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee5eec8ed546799aa60d3181f45810632ce280a310a0f75fa847d8cfa0a7690d_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:e2e10580ca1783ac80ea08851c21f4accaa284951d7a909a59d3484ec3077163_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:0578be0cbc9bbbdd5bf86e5bbc15d1741f654af7149efdf184d300f6a3c0b86a_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:18da4574e93bb4cdf09757ad095257912cfdf8506546d83b2f705fbb9d067282_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:2a5eb683e47b2f8e1d02546ff6a640c984e71a9e657112243da082aea47d7af8_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:a696f5af8140d39bf5528d1efc1affab93050fb764c0e6d09c61f819375be139_amd64 | — |
Workaround
|
Threats
Impact
Important
A flaw was found in pyOpenSSL. The set_cookie_generate_callback callback function can be used to generate DTLS cookies. When the callback returns a cookie string or byte sequence longer than 256 bytes, a buffer overflow can be triggered due to a missing bounds checking before copying the data to a fixed-size buffer provided by the underlying OpenSSL library.
8.1 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:3c87ef209deb488a3c37626273123280364972c155ae53d986fbc784bf219892_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:6af0be7e815a0c1db832025550381df8869a824393be8025d4cceb7e610619e9_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:b64f0e80cebf4fe945fa945a9df2796c463cb3026a7cfd32e9ab2fc98528b7d3_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e7316f47c02a052e731b15ee00e9bb0ed4a9a1dd19f5b2423150e83ebcb010dd_s390x | — |
Vendor Fix
fix
Workaround
|
Known not affected
24 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:53d2838548e77931e94f9bcd85e941fb694b28a3585d280ddcb761344d2845e6_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:65503333e10391dca7854bd07dc161288cc00b1a722533e42af1e2c4c3c0afeb_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:8185411ec370b562124ed94598c1dc5128f7b4eba2612d59a0b0b5c767a2a697_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d682a5dd2a55034acfd3fe24b70526d1f514cf7e058aa51505d72537045cf3be_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:cba47e962ec1b6b6f68cea1b231e4a69f8e8ec25067b6e603ebeb268c9fc1ee0_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2195b3586d18555507672ce46cbe7ca44fc89271217f4d10c4a0f709d63a2ad9_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:4454746edc32128a37ab4be8b97c99b87fd8d85fc2199a2d80834ff72f9790d5_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:b615e4d4f9d80660cd340c20df280f0387049f5940f7bb2812d2e3bf325a12f9_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ff9ba83cb0a4505d9bfbd5b0826400b0d3685572e8f599a2813f1462c8a2c310_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:dbdd7ba0477474b50810b0950c8e50171b2327f81ad14ff02ba34cb69885cd45_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:523a51c7c519af386cdaebb7e67971f0a05a7b31fb6683be852a291aada8201a_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:7ce1aebe1c0916ab52b66902127625b13c19231ffd67b24c8606a0131f19d4f9_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:8e02861c489702fb5b0ecb60c8b4e9bb6a14a5f026ceee9fee482891cf7dd61e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:c5fdf182c5b34b44e21971af93272ac07a2521c3d496b6d92c0a3a7afe3bd362_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:7551505ec9af37fd96ad9a226a475d3d7169eb7d861c4f45cd490ff1f0fae1d3_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:64b287be516147f19f83fe4ac93471de19a8bcc1e3489d7298b734ec26d45aab_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:943fe18122c39717e8874df366a9d8cb2e98572e62af6773445b6328b38b9b0e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:af6903e508dc41730b05d855d363f53c0e8efcb327429b59cbca959a9cc6aaf1_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee5eec8ed546799aa60d3181f45810632ce280a310a0f75fa847d8cfa0a7690d_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:e2e10580ca1783ac80ea08851c21f4accaa284951d7a909a59d3484ec3077163_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:0578be0cbc9bbbdd5bf86e5bbc15d1741f654af7149efdf184d300f6a3c0b86a_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:18da4574e93bb4cdf09757ad095257912cfdf8506546d83b2f705fbb9d067282_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:2a5eb683e47b2f8e1d02546ff6a640c984e71a9e657112243da082aea47d7af8_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:a696f5af8140d39bf5528d1efc1affab93050fb764c0e6d09c61f819375be139_amd64 | — |
Workaround
|
Threats
Impact
Important
A flaw was found in SVGO, an SVG (Scalable Vector Graphics) Optimizer. This vulnerability allows a remote attacker to cause a Denial of Service (DoS) by submitting a specially crafted XML file. The application's failure to properly guard against XML entity expansion or recursion can lead to the Node.js process consuming excessive memory and crashing.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:3c87ef209deb488a3c37626273123280364972c155ae53d986fbc784bf219892_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:6af0be7e815a0c1db832025550381df8869a824393be8025d4cceb7e610619e9_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:b64f0e80cebf4fe945fa945a9df2796c463cb3026a7cfd32e9ab2fc98528b7d3_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e7316f47c02a052e731b15ee00e9bb0ed4a9a1dd19f5b2423150e83ebcb010dd_s390x | — |
Vendor Fix
fix
Workaround
|
Known not affected
24 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:53d2838548e77931e94f9bcd85e941fb694b28a3585d280ddcb761344d2845e6_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:65503333e10391dca7854bd07dc161288cc00b1a722533e42af1e2c4c3c0afeb_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:8185411ec370b562124ed94598c1dc5128f7b4eba2612d59a0b0b5c767a2a697_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d682a5dd2a55034acfd3fe24b70526d1f514cf7e058aa51505d72537045cf3be_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:cba47e962ec1b6b6f68cea1b231e4a69f8e8ec25067b6e603ebeb268c9fc1ee0_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2195b3586d18555507672ce46cbe7ca44fc89271217f4d10c4a0f709d63a2ad9_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:4454746edc32128a37ab4be8b97c99b87fd8d85fc2199a2d80834ff72f9790d5_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:b615e4d4f9d80660cd340c20df280f0387049f5940f7bb2812d2e3bf325a12f9_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ff9ba83cb0a4505d9bfbd5b0826400b0d3685572e8f599a2813f1462c8a2c310_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:dbdd7ba0477474b50810b0950c8e50171b2327f81ad14ff02ba34cb69885cd45_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:523a51c7c519af386cdaebb7e67971f0a05a7b31fb6683be852a291aada8201a_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:7ce1aebe1c0916ab52b66902127625b13c19231ffd67b24c8606a0131f19d4f9_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:8e02861c489702fb5b0ecb60c8b4e9bb6a14a5f026ceee9fee482891cf7dd61e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:c5fdf182c5b34b44e21971af93272ac07a2521c3d496b6d92c0a3a7afe3bd362_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:7551505ec9af37fd96ad9a226a475d3d7169eb7d861c4f45cd490ff1f0fae1d3_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:64b287be516147f19f83fe4ac93471de19a8bcc1e3489d7298b734ec26d45aab_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:943fe18122c39717e8874df366a9d8cb2e98572e62af6773445b6328b38b9b0e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:af6903e508dc41730b05d855d363f53c0e8efcb327429b59cbca959a9cc6aaf1_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee5eec8ed546799aa60d3181f45810632ce280a310a0f75fa847d8cfa0a7690d_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:e2e10580ca1783ac80ea08851c21f4accaa284951d7a909a59d3484ec3077163_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:0578be0cbc9bbbdd5bf86e5bbc15d1741f654af7149efdf184d300f6a3c0b86a_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:18da4574e93bb4cdf09757ad095257912cfdf8506546d83b2f705fbb9d067282_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:2a5eb683e47b2f8e1d02546ff6a640c984e71a9e657112243da082aea47d7af8_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:a696f5af8140d39bf5528d1efc1affab93050fb764c0e6d09c61f819375be139_amd64 | — |
Workaround
|
Threats
Impact
Important
A flaw was found in the DataRow.Decode function within the github.com/jackc/pgproto3/v2 component. A malicious or compromised PostgreSQL server can exploit this by sending a DataRow message containing a negative field length. This improper validation of field lengths leads to a "slice bounds out of range panic", resulting in a Denial of Service (DoS) for the affected application.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:3c87ef209deb488a3c37626273123280364972c155ae53d986fbc784bf219892_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:6af0be7e815a0c1db832025550381df8869a824393be8025d4cceb7e610619e9_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:b64f0e80cebf4fe945fa945a9df2796c463cb3026a7cfd32e9ab2fc98528b7d3_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e7316f47c02a052e731b15ee00e9bb0ed4a9a1dd19f5b2423150e83ebcb010dd_s390x | — |
Vendor Fix
fix
Workaround
|
Known not affected
24 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:53d2838548e77931e94f9bcd85e941fb694b28a3585d280ddcb761344d2845e6_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:65503333e10391dca7854bd07dc161288cc00b1a722533e42af1e2c4c3c0afeb_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:8185411ec370b562124ed94598c1dc5128f7b4eba2612d59a0b0b5c767a2a697_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d682a5dd2a55034acfd3fe24b70526d1f514cf7e058aa51505d72537045cf3be_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:cba47e962ec1b6b6f68cea1b231e4a69f8e8ec25067b6e603ebeb268c9fc1ee0_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2195b3586d18555507672ce46cbe7ca44fc89271217f4d10c4a0f709d63a2ad9_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:4454746edc32128a37ab4be8b97c99b87fd8d85fc2199a2d80834ff72f9790d5_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:b615e4d4f9d80660cd340c20df280f0387049f5940f7bb2812d2e3bf325a12f9_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ff9ba83cb0a4505d9bfbd5b0826400b0d3685572e8f599a2813f1462c8a2c310_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:dbdd7ba0477474b50810b0950c8e50171b2327f81ad14ff02ba34cb69885cd45_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:523a51c7c519af386cdaebb7e67971f0a05a7b31fb6683be852a291aada8201a_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:7ce1aebe1c0916ab52b66902127625b13c19231ffd67b24c8606a0131f19d4f9_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:8e02861c489702fb5b0ecb60c8b4e9bb6a14a5f026ceee9fee482891cf7dd61e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:c5fdf182c5b34b44e21971af93272ac07a2521c3d496b6d92c0a3a7afe3bd362_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:7551505ec9af37fd96ad9a226a475d3d7169eb7d861c4f45cd490ff1f0fae1d3_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:64b287be516147f19f83fe4ac93471de19a8bcc1e3489d7298b734ec26d45aab_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:943fe18122c39717e8874df366a9d8cb2e98572e62af6773445b6328b38b9b0e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:af6903e508dc41730b05d855d363f53c0e8efcb327429b59cbca959a9cc6aaf1_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee5eec8ed546799aa60d3181f45810632ce280a310a0f75fa847d8cfa0a7690d_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:e2e10580ca1783ac80ea08851c21f4accaa284951d7a909a59d3484ec3077163_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:0578be0cbc9bbbdd5bf86e5bbc15d1741f654af7149efdf184d300f6a3c0b86a_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:18da4574e93bb4cdf09757ad095257912cfdf8506546d83b2f705fbb9d067282_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:2a5eb683e47b2f8e1d02546ff6a640c984e71a9e657112243da082aea47d7af8_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:a696f5af8140d39bf5528d1efc1affab93050fb764c0e6d09c61f819375be139_amd64 | — |
Workaround
|
Threats
Impact
Important
A flaw was found in gRPC-Go, the Go language implementation of gRPC. This vulnerability, an authorization bypass, is caused by improper input validation of the HTTP/2 `:path` pseudo-header. A remote attacker can exploit this by sending raw HTTP/2 frames with a malformed `:path` that omits the mandatory leading slash. This allows the attacker to bypass defined security policies, potentially leading to unauthorized access to services or information disclosure.
9.1 (Critical)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:3c87ef209deb488a3c37626273123280364972c155ae53d986fbc784bf219892_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:6af0be7e815a0c1db832025550381df8869a824393be8025d4cceb7e610619e9_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:b64f0e80cebf4fe945fa945a9df2796c463cb3026a7cfd32e9ab2fc98528b7d3_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e7316f47c02a052e731b15ee00e9bb0ed4a9a1dd19f5b2423150e83ebcb010dd_s390x | — |
Vendor Fix
fix
Workaround
|
Known not affected
24 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:53d2838548e77931e94f9bcd85e941fb694b28a3585d280ddcb761344d2845e6_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:65503333e10391dca7854bd07dc161288cc00b1a722533e42af1e2c4c3c0afeb_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:8185411ec370b562124ed94598c1dc5128f7b4eba2612d59a0b0b5c767a2a697_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d682a5dd2a55034acfd3fe24b70526d1f514cf7e058aa51505d72537045cf3be_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:cba47e962ec1b6b6f68cea1b231e4a69f8e8ec25067b6e603ebeb268c9fc1ee0_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2195b3586d18555507672ce46cbe7ca44fc89271217f4d10c4a0f709d63a2ad9_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:4454746edc32128a37ab4be8b97c99b87fd8d85fc2199a2d80834ff72f9790d5_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:b615e4d4f9d80660cd340c20df280f0387049f5940f7bb2812d2e3bf325a12f9_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ff9ba83cb0a4505d9bfbd5b0826400b0d3685572e8f599a2813f1462c8a2c310_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:dbdd7ba0477474b50810b0950c8e50171b2327f81ad14ff02ba34cb69885cd45_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:523a51c7c519af386cdaebb7e67971f0a05a7b31fb6683be852a291aada8201a_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:7ce1aebe1c0916ab52b66902127625b13c19231ffd67b24c8606a0131f19d4f9_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:8e02861c489702fb5b0ecb60c8b4e9bb6a14a5f026ceee9fee482891cf7dd61e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:c5fdf182c5b34b44e21971af93272ac07a2521c3d496b6d92c0a3a7afe3bd362_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:7551505ec9af37fd96ad9a226a475d3d7169eb7d861c4f45cd490ff1f0fae1d3_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:64b287be516147f19f83fe4ac93471de19a8bcc1e3489d7298b734ec26d45aab_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:943fe18122c39717e8874df366a9d8cb2e98572e62af6773445b6328b38b9b0e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:af6903e508dc41730b05d855d363f53c0e8efcb327429b59cbca959a9cc6aaf1_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee5eec8ed546799aa60d3181f45810632ce280a310a0f75fa847d8cfa0a7690d_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:e2e10580ca1783ac80ea08851c21f4accaa284951d7a909a59d3484ec3077163_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:0578be0cbc9bbbdd5bf86e5bbc15d1741f654af7149efdf184d300f6a3c0b86a_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:18da4574e93bb4cdf09757ad095257912cfdf8506546d83b2f705fbb9d067282_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:2a5eb683e47b2f8e1d02546ff6a640c984e71a9e657112243da082aea47d7af8_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:a696f5af8140d39bf5528d1efc1affab93050fb764c0e6d09c61f819375be139_amd64 | — |
Workaround
|
Threats
Impact
Important
A flaw was found in Go JOSE, a library for handling JSON Web Encryption (JWE) objects. A remote attacker could exploit this vulnerability by providing a specially crafted JWE object. When decrypting such an object, if a key wrapping algorithm is specified but the encrypted key field is empty, the application can crash. This leads to a denial of service (DoS), making the affected service unavailable to legitimate users.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:3c87ef209deb488a3c37626273123280364972c155ae53d986fbc784bf219892_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:6af0be7e815a0c1db832025550381df8869a824393be8025d4cceb7e610619e9_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:b64f0e80cebf4fe945fa945a9df2796c463cb3026a7cfd32e9ab2fc98528b7d3_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e7316f47c02a052e731b15ee00e9bb0ed4a9a1dd19f5b2423150e83ebcb010dd_s390x | — |
Vendor Fix
fix
Workaround
|
Known not affected
24 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:53d2838548e77931e94f9bcd85e941fb694b28a3585d280ddcb761344d2845e6_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:65503333e10391dca7854bd07dc161288cc00b1a722533e42af1e2c4c3c0afeb_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:8185411ec370b562124ed94598c1dc5128f7b4eba2612d59a0b0b5c767a2a697_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d682a5dd2a55034acfd3fe24b70526d1f514cf7e058aa51505d72537045cf3be_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:cba47e962ec1b6b6f68cea1b231e4a69f8e8ec25067b6e603ebeb268c9fc1ee0_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2195b3586d18555507672ce46cbe7ca44fc89271217f4d10c4a0f709d63a2ad9_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:4454746edc32128a37ab4be8b97c99b87fd8d85fc2199a2d80834ff72f9790d5_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:b615e4d4f9d80660cd340c20df280f0387049f5940f7bb2812d2e3bf325a12f9_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ff9ba83cb0a4505d9bfbd5b0826400b0d3685572e8f599a2813f1462c8a2c310_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:dbdd7ba0477474b50810b0950c8e50171b2327f81ad14ff02ba34cb69885cd45_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:523a51c7c519af386cdaebb7e67971f0a05a7b31fb6683be852a291aada8201a_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:7ce1aebe1c0916ab52b66902127625b13c19231ffd67b24c8606a0131f19d4f9_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:8e02861c489702fb5b0ecb60c8b4e9bb6a14a5f026ceee9fee482891cf7dd61e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:c5fdf182c5b34b44e21971af93272ac07a2521c3d496b6d92c0a3a7afe3bd362_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:7551505ec9af37fd96ad9a226a475d3d7169eb7d861c4f45cd490ff1f0fae1d3_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:64b287be516147f19f83fe4ac93471de19a8bcc1e3489d7298b734ec26d45aab_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:943fe18122c39717e8874df366a9d8cb2e98572e62af6773445b6328b38b9b0e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:af6903e508dc41730b05d855d363f53c0e8efcb327429b59cbca959a9cc6aaf1_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee5eec8ed546799aa60d3181f45810632ce280a310a0f75fa847d8cfa0a7690d_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:e2e10580ca1783ac80ea08851c21f4accaa284951d7a909a59d3484ec3077163_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:0578be0cbc9bbbdd5bf86e5bbc15d1741f654af7149efdf184d300f6a3c0b86a_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:18da4574e93bb4cdf09757ad095257912cfdf8506546d83b2f705fbb9d067282_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:2a5eb683e47b2f8e1d02546ff6a640c984e71a9e657112243da082aea47d7af8_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:a696f5af8140d39bf5528d1efc1affab93050fb764c0e6d09c61f819375be139_amd64 | — |
Workaround
|
Threats
Impact
Important
References
50 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat Quay 3.12.17 is now available with bug fixes.",
"title": "Topic"
},
{
"category": "general",
"text": "Quay 3.12.17",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:11856",
"url": "https://access.redhat.com/errata/RHSA-2026:11856"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-25679",
"url": "https://access.redhat.com/security/cve/CVE-2026-25679"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-27459",
"url": "https://access.redhat.com/security/cve/CVE-2026-27459"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-29074",
"url": "https://access.redhat.com/security/cve/CVE-2026-29074"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-32286",
"url": "https://access.redhat.com/security/cve/CVE-2026-32286"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-33186",
"url": "https://access.redhat.com/security/cve/CVE-2026-33186"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-34986",
"url": "https://access.redhat.com/security/cve/CVE-2026-34986"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-4427",
"url": "https://access.redhat.com/security/cve/CVE-2026-4427"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_11856.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Quay 3.12.17",
"tracking": {
"current_release_date": "2026-06-27T14:37:50+00:00",
"generator": {
"date": "2026-06-27T14:37:50+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.2.6"
}
},
"id": "RHSA-2026:11856",
"initial_release_date": "2026-04-29T17:11:19+00:00",
"revision_history": [
{
"date": "2026-04-29T17:11:19+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-04-29T17:11:23+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-27T14:37:50+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Quay 3.12",
"product": {
"name": "Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:quay:3.12::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat Quay"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:7551505ec9af37fd96ad9a226a475d3d7169eb7d861c4f45cd490ff1f0fae1d3_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:7551505ec9af37fd96ad9a226a475d3d7169eb7d861c4f45cd490ff1f0fae1d3_amd64",
"product_id": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:7551505ec9af37fd96ad9a226a475d3d7169eb7d861c4f45cd490ff1f0fae1d3_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-bundle@sha256%3A7551505ec9af37fd96ad9a226a475d3d7169eb7d861c4f45cd490ff1f0fae1d3?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1776698050"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:64b287be516147f19f83fe4ac93471de19a8bcc1e3489d7298b734ec26d45aab_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:64b287be516147f19f83fe4ac93471de19a8bcc1e3489d7298b734ec26d45aab_amd64",
"product_id": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:64b287be516147f19f83fe4ac93471de19a8bcc1e3489d7298b734ec26d45aab_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-rhel8@sha256%3A64b287be516147f19f83fe4ac93471de19a8bcc1e3489d7298b734ec26d45aab?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1776697488"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:cba47e962ec1b6b6f68cea1b231e4a69f8e8ec25067b6e603ebeb268c9fc1ee0_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:cba47e962ec1b6b6f68cea1b231e4a69f8e8ec25067b6e603ebeb268c9fc1ee0_amd64",
"product_id": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:cba47e962ec1b6b6f68cea1b231e4a69f8e8ec25067b6e603ebeb268c9fc1ee0_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-bundle@sha256%3Acba47e962ec1b6b6f68cea1b231e4a69f8e8ec25067b6e603ebeb268c9fc1ee0?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1776698909"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ff9ba83cb0a4505d9bfbd5b0826400b0d3685572e8f599a2813f1462c8a2c310_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ff9ba83cb0a4505d9bfbd5b0826400b0d3685572e8f599a2813f1462c8a2c310_amd64",
"product_id": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ff9ba83cb0a4505d9bfbd5b0826400b0d3685572e8f599a2813f1462c8a2c310_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-rhel8@sha256%3Aff9ba83cb0a4505d9bfbd5b0826400b0d3685572e8f599a2813f1462c8a2c310?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1776697573"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:dbdd7ba0477474b50810b0950c8e50171b2327f81ad14ff02ba34cb69885cd45_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:dbdd7ba0477474b50810b0950c8e50171b2327f81ad14ff02ba34cb69885cd45_amd64",
"product_id": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:dbdd7ba0477474b50810b0950c8e50171b2327f81ad14ff02ba34cb69885cd45_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-qemu-rhcos-rhel8@sha256%3Adbdd7ba0477474b50810b0950c8e50171b2327f81ad14ff02ba34cb69885cd45?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1776698050"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:c5fdf182c5b34b44e21971af93272ac07a2521c3d496b6d92c0a3a7afe3bd362_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:c5fdf182c5b34b44e21971af93272ac07a2521c3d496b6d92c0a3a7afe3bd362_amd64",
"product_id": "registry.redhat.io/quay/quay-builder-rhel8@sha256:c5fdf182c5b34b44e21971af93272ac07a2521c3d496b6d92c0a3a7afe3bd362_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-rhel8@sha256%3Ac5fdf182c5b34b44e21971af93272ac07a2521c3d496b6d92c0a3a7afe3bd362?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1776798011"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/clair-rhel8@sha256:65503333e10391dca7854bd07dc161288cc00b1a722533e42af1e2c4c3c0afeb_amd64",
"product": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:65503333e10391dca7854bd07dc161288cc00b1a722533e42af1e2c4c3c0afeb_amd64",
"product_id": "registry.redhat.io/quay/clair-rhel8@sha256:65503333e10391dca7854bd07dc161288cc00b1a722533e42af1e2c4c3c0afeb_amd64",
"product_identification_helper": {
"purl": "pkg:oci/clair-rhel8@sha256%3A65503333e10391dca7854bd07dc161288cc00b1a722533e42af1e2c4c3c0afeb?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1776697568"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-operator-bundle@sha256:e2e10580ca1783ac80ea08851c21f4accaa284951d7a909a59d3484ec3077163_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-operator-bundle@sha256:e2e10580ca1783ac80ea08851c21f4accaa284951d7a909a59d3484ec3077163_amd64",
"product_id": "registry.redhat.io/quay/quay-operator-bundle@sha256:e2e10580ca1783ac80ea08851c21f4accaa284951d7a909a59d3484ec3077163_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-bundle@sha256%3Ae2e10580ca1783ac80ea08851c21f4accaa284951d7a909a59d3484ec3077163?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1776888642"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:a696f5af8140d39bf5528d1efc1affab93050fb764c0e6d09c61f819375be139_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:a696f5af8140d39bf5528d1efc1affab93050fb764c0e6d09c61f819375be139_amd64",
"product_id": "registry.redhat.io/quay/quay-operator-rhel8@sha256:a696f5af8140d39bf5528d1efc1affab93050fb764c0e6d09c61f819375be139_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-rhel8@sha256%3Aa696f5af8140d39bf5528d1efc1affab93050fb764c0e6d09c61f819375be139?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1776887968"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-rhel8@sha256:3c87ef209deb488a3c37626273123280364972c155ae53d986fbc784bf219892_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:3c87ef209deb488a3c37626273123280364972c155ae53d986fbc784bf219892_amd64",
"product_id": "registry.redhat.io/quay/quay-rhel8@sha256:3c87ef209deb488a3c37626273123280364972c155ae53d986fbc784bf219892_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-rhel8@sha256%3A3c87ef209deb488a3c37626273123280364972c155ae53d986fbc784bf219892?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1776752646"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:af6903e508dc41730b05d855d363f53c0e8efcb327429b59cbca959a9cc6aaf1_arm64",
"product": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:af6903e508dc41730b05d855d363f53c0e8efcb327429b59cbca959a9cc6aaf1_arm64",
"product_id": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:af6903e508dc41730b05d855d363f53c0e8efcb327429b59cbca959a9cc6aaf1_arm64",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-rhel8@sha256%3Aaf6903e508dc41730b05d855d363f53c0e8efcb327429b59cbca959a9cc6aaf1?arch=arm64\u0026repository_url=registry.redhat.io/quay\u0026tag=1776697488"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:b615e4d4f9d80660cd340c20df280f0387049f5940f7bb2812d2e3bf325a12f9_arm64",
"product": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:b615e4d4f9d80660cd340c20df280f0387049f5940f7bb2812d2e3bf325a12f9_arm64",
"product_id": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:b615e4d4f9d80660cd340c20df280f0387049f5940f7bb2812d2e3bf325a12f9_arm64",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-rhel8@sha256%3Ab615e4d4f9d80660cd340c20df280f0387049f5940f7bb2812d2e3bf325a12f9?arch=arm64\u0026repository_url=registry.redhat.io/quay\u0026tag=1776697573"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:523a51c7c519af386cdaebb7e67971f0a05a7b31fb6683be852a291aada8201a_arm64",
"product": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:523a51c7c519af386cdaebb7e67971f0a05a7b31fb6683be852a291aada8201a_arm64",
"product_id": "registry.redhat.io/quay/quay-builder-rhel8@sha256:523a51c7c519af386cdaebb7e67971f0a05a7b31fb6683be852a291aada8201a_arm64",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-rhel8@sha256%3A523a51c7c519af386cdaebb7e67971f0a05a7b31fb6683be852a291aada8201a?arch=arm64\u0026repository_url=registry.redhat.io/quay\u0026tag=1776798011"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/clair-rhel8@sha256:d682a5dd2a55034acfd3fe24b70526d1f514cf7e058aa51505d72537045cf3be_arm64",
"product": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:d682a5dd2a55034acfd3fe24b70526d1f514cf7e058aa51505d72537045cf3be_arm64",
"product_id": "registry.redhat.io/quay/clair-rhel8@sha256:d682a5dd2a55034acfd3fe24b70526d1f514cf7e058aa51505d72537045cf3be_arm64",
"product_identification_helper": {
"purl": "pkg:oci/clair-rhel8@sha256%3Ad682a5dd2a55034acfd3fe24b70526d1f514cf7e058aa51505d72537045cf3be?arch=arm64\u0026repository_url=registry.redhat.io/quay\u0026tag=1776697568"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:18da4574e93bb4cdf09757ad095257912cfdf8506546d83b2f705fbb9d067282_arm64",
"product": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:18da4574e93bb4cdf09757ad095257912cfdf8506546d83b2f705fbb9d067282_arm64",
"product_id": "registry.redhat.io/quay/quay-operator-rhel8@sha256:18da4574e93bb4cdf09757ad095257912cfdf8506546d83b2f705fbb9d067282_arm64",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-rhel8@sha256%3A18da4574e93bb4cdf09757ad095257912cfdf8506546d83b2f705fbb9d067282?arch=arm64\u0026repository_url=registry.redhat.io/quay\u0026tag=1776887968"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-rhel8@sha256:b64f0e80cebf4fe945fa945a9df2796c463cb3026a7cfd32e9ab2fc98528b7d3_arm64",
"product": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:b64f0e80cebf4fe945fa945a9df2796c463cb3026a7cfd32e9ab2fc98528b7d3_arm64",
"product_id": "registry.redhat.io/quay/quay-rhel8@sha256:b64f0e80cebf4fe945fa945a9df2796c463cb3026a7cfd32e9ab2fc98528b7d3_arm64",
"product_identification_helper": {
"purl": "pkg:oci/quay-rhel8@sha256%3Ab64f0e80cebf4fe945fa945a9df2796c463cb3026a7cfd32e9ab2fc98528b7d3?arch=arm64\u0026repository_url=registry.redhat.io/quay\u0026tag=1776752646"
}
}
}
],
"category": "architecture",
"name": "arm64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:943fe18122c39717e8874df366a9d8cb2e98572e62af6773445b6328b38b9b0e_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:943fe18122c39717e8874df366a9d8cb2e98572e62af6773445b6328b38b9b0e_ppc64le",
"product_id": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:943fe18122c39717e8874df366a9d8cb2e98572e62af6773445b6328b38b9b0e_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-rhel8@sha256%3A943fe18122c39717e8874df366a9d8cb2e98572e62af6773445b6328b38b9b0e?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=1776697488"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:4454746edc32128a37ab4be8b97c99b87fd8d85fc2199a2d80834ff72f9790d5_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:4454746edc32128a37ab4be8b97c99b87fd8d85fc2199a2d80834ff72f9790d5_ppc64le",
"product_id": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:4454746edc32128a37ab4be8b97c99b87fd8d85fc2199a2d80834ff72f9790d5_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-rhel8@sha256%3A4454746edc32128a37ab4be8b97c99b87fd8d85fc2199a2d80834ff72f9790d5?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=1776697573"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:8e02861c489702fb5b0ecb60c8b4e9bb6a14a5f026ceee9fee482891cf7dd61e_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:8e02861c489702fb5b0ecb60c8b4e9bb6a14a5f026ceee9fee482891cf7dd61e_ppc64le",
"product_id": "registry.redhat.io/quay/quay-builder-rhel8@sha256:8e02861c489702fb5b0ecb60c8b4e9bb6a14a5f026ceee9fee482891cf7dd61e_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-rhel8@sha256%3A8e02861c489702fb5b0ecb60c8b4e9bb6a14a5f026ceee9fee482891cf7dd61e?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=1776798011"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/clair-rhel8@sha256:53d2838548e77931e94f9bcd85e941fb694b28a3585d280ddcb761344d2845e6_ppc64le",
"product": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:53d2838548e77931e94f9bcd85e941fb694b28a3585d280ddcb761344d2845e6_ppc64le",
"product_id": "registry.redhat.io/quay/clair-rhel8@sha256:53d2838548e77931e94f9bcd85e941fb694b28a3585d280ddcb761344d2845e6_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/clair-rhel8@sha256%3A53d2838548e77931e94f9bcd85e941fb694b28a3585d280ddcb761344d2845e6?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=1776697568"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:0578be0cbc9bbbdd5bf86e5bbc15d1741f654af7149efdf184d300f6a3c0b86a_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:0578be0cbc9bbbdd5bf86e5bbc15d1741f654af7149efdf184d300f6a3c0b86a_ppc64le",
"product_id": "registry.redhat.io/quay/quay-operator-rhel8@sha256:0578be0cbc9bbbdd5bf86e5bbc15d1741f654af7149efdf184d300f6a3c0b86a_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-rhel8@sha256%3A0578be0cbc9bbbdd5bf86e5bbc15d1741f654af7149efdf184d300f6a3c0b86a?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=1776887968"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-rhel8@sha256:6af0be7e815a0c1db832025550381df8869a824393be8025d4cceb7e610619e9_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:6af0be7e815a0c1db832025550381df8869a824393be8025d4cceb7e610619e9_ppc64le",
"product_id": "registry.redhat.io/quay/quay-rhel8@sha256:6af0be7e815a0c1db832025550381df8869a824393be8025d4cceb7e610619e9_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-rhel8@sha256%3A6af0be7e815a0c1db832025550381df8869a824393be8025d4cceb7e610619e9?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=1776752646"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee5eec8ed546799aa60d3181f45810632ce280a310a0f75fa847d8cfa0a7690d_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee5eec8ed546799aa60d3181f45810632ce280a310a0f75fa847d8cfa0a7690d_s390x",
"product_id": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee5eec8ed546799aa60d3181f45810632ce280a310a0f75fa847d8cfa0a7690d_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-rhel8@sha256%3Aee5eec8ed546799aa60d3181f45810632ce280a310a0f75fa847d8cfa0a7690d?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=1776697488"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2195b3586d18555507672ce46cbe7ca44fc89271217f4d10c4a0f709d63a2ad9_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2195b3586d18555507672ce46cbe7ca44fc89271217f4d10c4a0f709d63a2ad9_s390x",
"product_id": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2195b3586d18555507672ce46cbe7ca44fc89271217f4d10c4a0f709d63a2ad9_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-rhel8@sha256%3A2195b3586d18555507672ce46cbe7ca44fc89271217f4d10c4a0f709d63a2ad9?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=1776697573"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:7ce1aebe1c0916ab52b66902127625b13c19231ffd67b24c8606a0131f19d4f9_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:7ce1aebe1c0916ab52b66902127625b13c19231ffd67b24c8606a0131f19d4f9_s390x",
"product_id": "registry.redhat.io/quay/quay-builder-rhel8@sha256:7ce1aebe1c0916ab52b66902127625b13c19231ffd67b24c8606a0131f19d4f9_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-rhel8@sha256%3A7ce1aebe1c0916ab52b66902127625b13c19231ffd67b24c8606a0131f19d4f9?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=1776798011"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/clair-rhel8@sha256:8185411ec370b562124ed94598c1dc5128f7b4eba2612d59a0b0b5c767a2a697_s390x",
"product": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:8185411ec370b562124ed94598c1dc5128f7b4eba2612d59a0b0b5c767a2a697_s390x",
"product_id": "registry.redhat.io/quay/clair-rhel8@sha256:8185411ec370b562124ed94598c1dc5128f7b4eba2612d59a0b0b5c767a2a697_s390x",
"product_identification_helper": {
"purl": "pkg:oci/clair-rhel8@sha256%3A8185411ec370b562124ed94598c1dc5128f7b4eba2612d59a0b0b5c767a2a697?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=1776697568"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:2a5eb683e47b2f8e1d02546ff6a640c984e71a9e657112243da082aea47d7af8_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:2a5eb683e47b2f8e1d02546ff6a640c984e71a9e657112243da082aea47d7af8_s390x",
"product_id": "registry.redhat.io/quay/quay-operator-rhel8@sha256:2a5eb683e47b2f8e1d02546ff6a640c984e71a9e657112243da082aea47d7af8_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-rhel8@sha256%3A2a5eb683e47b2f8e1d02546ff6a640c984e71a9e657112243da082aea47d7af8?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=1776887968"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-rhel8@sha256:e7316f47c02a052e731b15ee00e9bb0ed4a9a1dd19f5b2423150e83ebcb010dd_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:e7316f47c02a052e731b15ee00e9bb0ed4a9a1dd19f5b2423150e83ebcb010dd_s390x",
"product_id": "registry.redhat.io/quay/quay-rhel8@sha256:e7316f47c02a052e731b15ee00e9bb0ed4a9a1dd19f5b2423150e83ebcb010dd_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-rhel8@sha256%3Ae7316f47c02a052e731b15ee00e9bb0ed4a9a1dd19f5b2423150e83ebcb010dd?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=1776752646"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:53d2838548e77931e94f9bcd85e941fb694b28a3585d280ddcb761344d2845e6_ppc64le as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:53d2838548e77931e94f9bcd85e941fb694b28a3585d280ddcb761344d2845e6_ppc64le"
},
"product_reference": "registry.redhat.io/quay/clair-rhel8@sha256:53d2838548e77931e94f9bcd85e941fb694b28a3585d280ddcb761344d2845e6_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:65503333e10391dca7854bd07dc161288cc00b1a722533e42af1e2c4c3c0afeb_amd64 as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:65503333e10391dca7854bd07dc161288cc00b1a722533e42af1e2c4c3c0afeb_amd64"
},
"product_reference": "registry.redhat.io/quay/clair-rhel8@sha256:65503333e10391dca7854bd07dc161288cc00b1a722533e42af1e2c4c3c0afeb_amd64",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:8185411ec370b562124ed94598c1dc5128f7b4eba2612d59a0b0b5c767a2a697_s390x as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:8185411ec370b562124ed94598c1dc5128f7b4eba2612d59a0b0b5c767a2a697_s390x"
},
"product_reference": "registry.redhat.io/quay/clair-rhel8@sha256:8185411ec370b562124ed94598c1dc5128f7b4eba2612d59a0b0b5c767a2a697_s390x",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:d682a5dd2a55034acfd3fe24b70526d1f514cf7e058aa51505d72537045cf3be_arm64 as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d682a5dd2a55034acfd3fe24b70526d1f514cf7e058aa51505d72537045cf3be_arm64"
},
"product_reference": "registry.redhat.io/quay/clair-rhel8@sha256:d682a5dd2a55034acfd3fe24b70526d1f514cf7e058aa51505d72537045cf3be_arm64",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:cba47e962ec1b6b6f68cea1b231e4a69f8e8ec25067b6e603ebeb268c9fc1ee0_amd64 as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:cba47e962ec1b6b6f68cea1b231e4a69f8e8ec25067b6e603ebeb268c9fc1ee0_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:cba47e962ec1b6b6f68cea1b231e4a69f8e8ec25067b6e603ebeb268c9fc1ee0_amd64",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2195b3586d18555507672ce46cbe7ca44fc89271217f4d10c4a0f709d63a2ad9_s390x as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2195b3586d18555507672ce46cbe7ca44fc89271217f4d10c4a0f709d63a2ad9_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2195b3586d18555507672ce46cbe7ca44fc89271217f4d10c4a0f709d63a2ad9_s390x",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:4454746edc32128a37ab4be8b97c99b87fd8d85fc2199a2d80834ff72f9790d5_ppc64le as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:4454746edc32128a37ab4be8b97c99b87fd8d85fc2199a2d80834ff72f9790d5_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:4454746edc32128a37ab4be8b97c99b87fd8d85fc2199a2d80834ff72f9790d5_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:b615e4d4f9d80660cd340c20df280f0387049f5940f7bb2812d2e3bf325a12f9_arm64 as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:b615e4d4f9d80660cd340c20df280f0387049f5940f7bb2812d2e3bf325a12f9_arm64"
},
"product_reference": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:b615e4d4f9d80660cd340c20df280f0387049f5940f7bb2812d2e3bf325a12f9_arm64",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ff9ba83cb0a4505d9bfbd5b0826400b0d3685572e8f599a2813f1462c8a2c310_amd64 as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ff9ba83cb0a4505d9bfbd5b0826400b0d3685572e8f599a2813f1462c8a2c310_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ff9ba83cb0a4505d9bfbd5b0826400b0d3685572e8f599a2813f1462c8a2c310_amd64",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:dbdd7ba0477474b50810b0950c8e50171b2327f81ad14ff02ba34cb69885cd45_amd64 as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:dbdd7ba0477474b50810b0950c8e50171b2327f81ad14ff02ba34cb69885cd45_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:dbdd7ba0477474b50810b0950c8e50171b2327f81ad14ff02ba34cb69885cd45_amd64",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:523a51c7c519af386cdaebb7e67971f0a05a7b31fb6683be852a291aada8201a_arm64 as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:523a51c7c519af386cdaebb7e67971f0a05a7b31fb6683be852a291aada8201a_arm64"
},
"product_reference": "registry.redhat.io/quay/quay-builder-rhel8@sha256:523a51c7c519af386cdaebb7e67971f0a05a7b31fb6683be852a291aada8201a_arm64",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:7ce1aebe1c0916ab52b66902127625b13c19231ffd67b24c8606a0131f19d4f9_s390x as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:7ce1aebe1c0916ab52b66902127625b13c19231ffd67b24c8606a0131f19d4f9_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-builder-rhel8@sha256:7ce1aebe1c0916ab52b66902127625b13c19231ffd67b24c8606a0131f19d4f9_s390x",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:8e02861c489702fb5b0ecb60c8b4e9bb6a14a5f026ceee9fee482891cf7dd61e_ppc64le as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:8e02861c489702fb5b0ecb60c8b4e9bb6a14a5f026ceee9fee482891cf7dd61e_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-builder-rhel8@sha256:8e02861c489702fb5b0ecb60c8b4e9bb6a14a5f026ceee9fee482891cf7dd61e_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:c5fdf182c5b34b44e21971af93272ac07a2521c3d496b6d92c0a3a7afe3bd362_amd64 as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:c5fdf182c5b34b44e21971af93272ac07a2521c3d496b6d92c0a3a7afe3bd362_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-builder-rhel8@sha256:c5fdf182c5b34b44e21971af93272ac07a2521c3d496b6d92c0a3a7afe3bd362_amd64",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:7551505ec9af37fd96ad9a226a475d3d7169eb7d861c4f45cd490ff1f0fae1d3_amd64 as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:7551505ec9af37fd96ad9a226a475d3d7169eb7d861c4f45cd490ff1f0fae1d3_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:7551505ec9af37fd96ad9a226a475d3d7169eb7d861c4f45cd490ff1f0fae1d3_amd64",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:64b287be516147f19f83fe4ac93471de19a8bcc1e3489d7298b734ec26d45aab_amd64 as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:64b287be516147f19f83fe4ac93471de19a8bcc1e3489d7298b734ec26d45aab_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:64b287be516147f19f83fe4ac93471de19a8bcc1e3489d7298b734ec26d45aab_amd64",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:943fe18122c39717e8874df366a9d8cb2e98572e62af6773445b6328b38b9b0e_ppc64le as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:943fe18122c39717e8874df366a9d8cb2e98572e62af6773445b6328b38b9b0e_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:943fe18122c39717e8874df366a9d8cb2e98572e62af6773445b6328b38b9b0e_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:af6903e508dc41730b05d855d363f53c0e8efcb327429b59cbca959a9cc6aaf1_arm64 as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:af6903e508dc41730b05d855d363f53c0e8efcb327429b59cbca959a9cc6aaf1_arm64"
},
"product_reference": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:af6903e508dc41730b05d855d363f53c0e8efcb327429b59cbca959a9cc6aaf1_arm64",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee5eec8ed546799aa60d3181f45810632ce280a310a0f75fa847d8cfa0a7690d_s390x as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee5eec8ed546799aa60d3181f45810632ce280a310a0f75fa847d8cfa0a7690d_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee5eec8ed546799aa60d3181f45810632ce280a310a0f75fa847d8cfa0a7690d_s390x",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-operator-bundle@sha256:e2e10580ca1783ac80ea08851c21f4accaa284951d7a909a59d3484ec3077163_amd64 as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:e2e10580ca1783ac80ea08851c21f4accaa284951d7a909a59d3484ec3077163_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-operator-bundle@sha256:e2e10580ca1783ac80ea08851c21f4accaa284951d7a909a59d3484ec3077163_amd64",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:0578be0cbc9bbbdd5bf86e5bbc15d1741f654af7149efdf184d300f6a3c0b86a_ppc64le as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:0578be0cbc9bbbdd5bf86e5bbc15d1741f654af7149efdf184d300f6a3c0b86a_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-operator-rhel8@sha256:0578be0cbc9bbbdd5bf86e5bbc15d1741f654af7149efdf184d300f6a3c0b86a_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:18da4574e93bb4cdf09757ad095257912cfdf8506546d83b2f705fbb9d067282_arm64 as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:18da4574e93bb4cdf09757ad095257912cfdf8506546d83b2f705fbb9d067282_arm64"
},
"product_reference": "registry.redhat.io/quay/quay-operator-rhel8@sha256:18da4574e93bb4cdf09757ad095257912cfdf8506546d83b2f705fbb9d067282_arm64",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:2a5eb683e47b2f8e1d02546ff6a640c984e71a9e657112243da082aea47d7af8_s390x as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:2a5eb683e47b2f8e1d02546ff6a640c984e71a9e657112243da082aea47d7af8_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-operator-rhel8@sha256:2a5eb683e47b2f8e1d02546ff6a640c984e71a9e657112243da082aea47d7af8_s390x",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:a696f5af8140d39bf5528d1efc1affab93050fb764c0e6d09c61f819375be139_amd64 as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:a696f5af8140d39bf5528d1efc1affab93050fb764c0e6d09c61f819375be139_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-operator-rhel8@sha256:a696f5af8140d39bf5528d1efc1affab93050fb764c0e6d09c61f819375be139_amd64",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:3c87ef209deb488a3c37626273123280364972c155ae53d986fbc784bf219892_amd64 as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:3c87ef209deb488a3c37626273123280364972c155ae53d986fbc784bf219892_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-rhel8@sha256:3c87ef209deb488a3c37626273123280364972c155ae53d986fbc784bf219892_amd64",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:6af0be7e815a0c1db832025550381df8869a824393be8025d4cceb7e610619e9_ppc64le as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:6af0be7e815a0c1db832025550381df8869a824393be8025d4cceb7e610619e9_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-rhel8@sha256:6af0be7e815a0c1db832025550381df8869a824393be8025d4cceb7e610619e9_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:b64f0e80cebf4fe945fa945a9df2796c463cb3026a7cfd32e9ab2fc98528b7d3_arm64 as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:b64f0e80cebf4fe945fa945a9df2796c463cb3026a7cfd32e9ab2fc98528b7d3_arm64"
},
"product_reference": "registry.redhat.io/quay/quay-rhel8@sha256:b64f0e80cebf4fe945fa945a9df2796c463cb3026a7cfd32e9ab2fc98528b7d3_arm64",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:e7316f47c02a052e731b15ee00e9bb0ed4a9a1dd19f5b2423150e83ebcb010dd_s390x as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e7316f47c02a052e731b15ee00e9bb0ed4a9a1dd19f5b2423150e83ebcb010dd_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-rhel8@sha256:e7316f47c02a052e731b15ee00e9bb0ed4a9a1dd19f5b2423150e83ebcb010dd_s390x",
"relates_to_product_reference": "Red Hat Quay 3.12"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-4427",
"discovery_date": "2026-03-18T14:02:19.414820+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:53d2838548e77931e94f9bcd85e941fb694b28a3585d280ddcb761344d2845e6_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:65503333e10391dca7854bd07dc161288cc00b1a722533e42af1e2c4c3c0afeb_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:8185411ec370b562124ed94598c1dc5128f7b4eba2612d59a0b0b5c767a2a697_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d682a5dd2a55034acfd3fe24b70526d1f514cf7e058aa51505d72537045cf3be_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:cba47e962ec1b6b6f68cea1b231e4a69f8e8ec25067b6e603ebeb268c9fc1ee0_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2195b3586d18555507672ce46cbe7ca44fc89271217f4d10c4a0f709d63a2ad9_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:4454746edc32128a37ab4be8b97c99b87fd8d85fc2199a2d80834ff72f9790d5_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:b615e4d4f9d80660cd340c20df280f0387049f5940f7bb2812d2e3bf325a12f9_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ff9ba83cb0a4505d9bfbd5b0826400b0d3685572e8f599a2813f1462c8a2c310_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:dbdd7ba0477474b50810b0950c8e50171b2327f81ad14ff02ba34cb69885cd45_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:523a51c7c519af386cdaebb7e67971f0a05a7b31fb6683be852a291aada8201a_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:7ce1aebe1c0916ab52b66902127625b13c19231ffd67b24c8606a0131f19d4f9_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:8e02861c489702fb5b0ecb60c8b4e9bb6a14a5f026ceee9fee482891cf7dd61e_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:c5fdf182c5b34b44e21971af93272ac07a2521c3d496b6d92c0a3a7afe3bd362_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:7551505ec9af37fd96ad9a226a475d3d7169eb7d861c4f45cd490ff1f0fae1d3_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:64b287be516147f19f83fe4ac93471de19a8bcc1e3489d7298b734ec26d45aab_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:943fe18122c39717e8874df366a9d8cb2e98572e62af6773445b6328b38b9b0e_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:af6903e508dc41730b05d855d363f53c0e8efcb327429b59cbca959a9cc6aaf1_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee5eec8ed546799aa60d3181f45810632ce280a310a0f75fa847d8cfa0a7690d_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:e2e10580ca1783ac80ea08851c21f4accaa284951d7a909a59d3484ec3077163_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:0578be0cbc9bbbdd5bf86e5bbc15d1741f654af7149efdf184d300f6a3c0b86a_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:18da4574e93bb4cdf09757ad095257912cfdf8506546d83b2f705fbb9d067282_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:2a5eb683e47b2f8e1d02546ff6a640c984e71a9e657112243da082aea47d7af8_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:a696f5af8140d39bf5528d1efc1affab93050fb764c0e6d09c61f819375be139_amd64"
]
}
],
"notes": [
{
"category": "description",
"text": "No description is available for this CVE.",
"title": "Vulnerability description"
},
{
"category": "other",
"text": "This CVE has been marked as Rejected by the assigning CNA.",
"title": "Statement"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:3c87ef209deb488a3c37626273123280364972c155ae53d986fbc784bf219892_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:6af0be7e815a0c1db832025550381df8869a824393be8025d4cceb7e610619e9_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:b64f0e80cebf4fe945fa945a9df2796c463cb3026a7cfd32e9ab2fc98528b7d3_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e7316f47c02a052e731b15ee00e9bb0ed4a9a1dd19f5b2423150e83ebcb010dd_s390x"
],
"known_not_affected": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:53d2838548e77931e94f9bcd85e941fb694b28a3585d280ddcb761344d2845e6_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:65503333e10391dca7854bd07dc161288cc00b1a722533e42af1e2c4c3c0afeb_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:8185411ec370b562124ed94598c1dc5128f7b4eba2612d59a0b0b5c767a2a697_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d682a5dd2a55034acfd3fe24b70526d1f514cf7e058aa51505d72537045cf3be_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:cba47e962ec1b6b6f68cea1b231e4a69f8e8ec25067b6e603ebeb268c9fc1ee0_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2195b3586d18555507672ce46cbe7ca44fc89271217f4d10c4a0f709d63a2ad9_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:4454746edc32128a37ab4be8b97c99b87fd8d85fc2199a2d80834ff72f9790d5_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:b615e4d4f9d80660cd340c20df280f0387049f5940f7bb2812d2e3bf325a12f9_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ff9ba83cb0a4505d9bfbd5b0826400b0d3685572e8f599a2813f1462c8a2c310_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:dbdd7ba0477474b50810b0950c8e50171b2327f81ad14ff02ba34cb69885cd45_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:523a51c7c519af386cdaebb7e67971f0a05a7b31fb6683be852a291aada8201a_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:7ce1aebe1c0916ab52b66902127625b13c19231ffd67b24c8606a0131f19d4f9_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:8e02861c489702fb5b0ecb60c8b4e9bb6a14a5f026ceee9fee482891cf7dd61e_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:c5fdf182c5b34b44e21971af93272ac07a2521c3d496b6d92c0a3a7afe3bd362_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:7551505ec9af37fd96ad9a226a475d3d7169eb7d861c4f45cd490ff1f0fae1d3_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:64b287be516147f19f83fe4ac93471de19a8bcc1e3489d7298b734ec26d45aab_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:943fe18122c39717e8874df366a9d8cb2e98572e62af6773445b6328b38b9b0e_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:af6903e508dc41730b05d855d363f53c0e8efcb327429b59cbca959a9cc6aaf1_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee5eec8ed546799aa60d3181f45810632ce280a310a0f75fa847d8cfa0a7690d_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:e2e10580ca1783ac80ea08851c21f4accaa284951d7a909a59d3484ec3077163_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:0578be0cbc9bbbdd5bf86e5bbc15d1741f654af7149efdf184d300f6a3c0b86a_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:18da4574e93bb4cdf09757ad095257912cfdf8506546d83b2f705fbb9d067282_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:2a5eb683e47b2f8e1d02546ff6a640c984e71a9e657112243da082aea47d7af8_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:a696f5af8140d39bf5528d1efc1affab93050fb764c0e6d09c61f819375be139_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-4427"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-4427",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4427"
}
],
"release_date": "2026-03-18T13:00:31+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-29T17:11:19+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:3c87ef209deb488a3c37626273123280364972c155ae53d986fbc784bf219892_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:6af0be7e815a0c1db832025550381df8869a824393be8025d4cceb7e610619e9_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:b64f0e80cebf4fe945fa945a9df2796c463cb3026a7cfd32e9ab2fc98528b7d3_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e7316f47c02a052e731b15ee00e9bb0ed4a9a1dd19f5b2423150e83ebcb010dd_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:11856"
}
],
"title": "github.com/jackc/pgproto3: pgproto3: Denial of Service via negative field length in DataRow message"
},
{
"cve": "CVE-2026-25679",
"cwe": {
"id": "CWE-1286",
"name": "Improper Validation of Syntactic Correctness of Input"
},
"discovery_date": "2026-03-06T22:02:11.567841+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:53d2838548e77931e94f9bcd85e941fb694b28a3585d280ddcb761344d2845e6_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:65503333e10391dca7854bd07dc161288cc00b1a722533e42af1e2c4c3c0afeb_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:8185411ec370b562124ed94598c1dc5128f7b4eba2612d59a0b0b5c767a2a697_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d682a5dd2a55034acfd3fe24b70526d1f514cf7e058aa51505d72537045cf3be_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:cba47e962ec1b6b6f68cea1b231e4a69f8e8ec25067b6e603ebeb268c9fc1ee0_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2195b3586d18555507672ce46cbe7ca44fc89271217f4d10c4a0f709d63a2ad9_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:4454746edc32128a37ab4be8b97c99b87fd8d85fc2199a2d80834ff72f9790d5_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:b615e4d4f9d80660cd340c20df280f0387049f5940f7bb2812d2e3bf325a12f9_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ff9ba83cb0a4505d9bfbd5b0826400b0d3685572e8f599a2813f1462c8a2c310_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:dbdd7ba0477474b50810b0950c8e50171b2327f81ad14ff02ba34cb69885cd45_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:523a51c7c519af386cdaebb7e67971f0a05a7b31fb6683be852a291aada8201a_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:7ce1aebe1c0916ab52b66902127625b13c19231ffd67b24c8606a0131f19d4f9_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:8e02861c489702fb5b0ecb60c8b4e9bb6a14a5f026ceee9fee482891cf7dd61e_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:c5fdf182c5b34b44e21971af93272ac07a2521c3d496b6d92c0a3a7afe3bd362_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:7551505ec9af37fd96ad9a226a475d3d7169eb7d861c4f45cd490ff1f0fae1d3_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:64b287be516147f19f83fe4ac93471de19a8bcc1e3489d7298b734ec26d45aab_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:943fe18122c39717e8874df366a9d8cb2e98572e62af6773445b6328b38b9b0e_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:af6903e508dc41730b05d855d363f53c0e8efcb327429b59cbca959a9cc6aaf1_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee5eec8ed546799aa60d3181f45810632ce280a310a0f75fa847d8cfa0a7690d_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:e2e10580ca1783ac80ea08851c21f4accaa284951d7a909a59d3484ec3077163_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:0578be0cbc9bbbdd5bf86e5bbc15d1741f654af7149efdf184d300f6a3c0b86a_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:18da4574e93bb4cdf09757ad095257912cfdf8506546d83b2f705fbb9d067282_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:2a5eb683e47b2f8e1d02546ff6a640c984e71a9e657112243da082aea47d7af8_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:a696f5af8140d39bf5528d1efc1affab93050fb764c0e6d09c61f819375be139_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2445356"
}
],
"notes": [
{
"category": "description",
"text": "The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "net/url: Incorrect parsing of IPv6 host literals in net/url",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:3c87ef209deb488a3c37626273123280364972c155ae53d986fbc784bf219892_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:6af0be7e815a0c1db832025550381df8869a824393be8025d4cceb7e610619e9_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:b64f0e80cebf4fe945fa945a9df2796c463cb3026a7cfd32e9ab2fc98528b7d3_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e7316f47c02a052e731b15ee00e9bb0ed4a9a1dd19f5b2423150e83ebcb010dd_s390x"
],
"known_not_affected": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:53d2838548e77931e94f9bcd85e941fb694b28a3585d280ddcb761344d2845e6_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:65503333e10391dca7854bd07dc161288cc00b1a722533e42af1e2c4c3c0afeb_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:8185411ec370b562124ed94598c1dc5128f7b4eba2612d59a0b0b5c767a2a697_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d682a5dd2a55034acfd3fe24b70526d1f514cf7e058aa51505d72537045cf3be_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:cba47e962ec1b6b6f68cea1b231e4a69f8e8ec25067b6e603ebeb268c9fc1ee0_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2195b3586d18555507672ce46cbe7ca44fc89271217f4d10c4a0f709d63a2ad9_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:4454746edc32128a37ab4be8b97c99b87fd8d85fc2199a2d80834ff72f9790d5_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:b615e4d4f9d80660cd340c20df280f0387049f5940f7bb2812d2e3bf325a12f9_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ff9ba83cb0a4505d9bfbd5b0826400b0d3685572e8f599a2813f1462c8a2c310_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:dbdd7ba0477474b50810b0950c8e50171b2327f81ad14ff02ba34cb69885cd45_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:523a51c7c519af386cdaebb7e67971f0a05a7b31fb6683be852a291aada8201a_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:7ce1aebe1c0916ab52b66902127625b13c19231ffd67b24c8606a0131f19d4f9_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:8e02861c489702fb5b0ecb60c8b4e9bb6a14a5f026ceee9fee482891cf7dd61e_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:c5fdf182c5b34b44e21971af93272ac07a2521c3d496b6d92c0a3a7afe3bd362_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:7551505ec9af37fd96ad9a226a475d3d7169eb7d861c4f45cd490ff1f0fae1d3_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:64b287be516147f19f83fe4ac93471de19a8bcc1e3489d7298b734ec26d45aab_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:943fe18122c39717e8874df366a9d8cb2e98572e62af6773445b6328b38b9b0e_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:af6903e508dc41730b05d855d363f53c0e8efcb327429b59cbca959a9cc6aaf1_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee5eec8ed546799aa60d3181f45810632ce280a310a0f75fa847d8cfa0a7690d_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:e2e10580ca1783ac80ea08851c21f4accaa284951d7a909a59d3484ec3077163_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:0578be0cbc9bbbdd5bf86e5bbc15d1741f654af7149efdf184d300f6a3c0b86a_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:18da4574e93bb4cdf09757ad095257912cfdf8506546d83b2f705fbb9d067282_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:2a5eb683e47b2f8e1d02546ff6a640c984e71a9e657112243da082aea47d7af8_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:a696f5af8140d39bf5528d1efc1affab93050fb764c0e6d09c61f819375be139_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-25679"
},
{
"category": "external",
"summary": "RHBZ#2445356",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445356"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-25679",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25679"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-25679",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25679"
},
{
"category": "external",
"summary": "https://go.dev/cl/752180",
"url": "https://go.dev/cl/752180"
},
{
"category": "external",
"summary": "https://go.dev/issue/77578",
"url": "https://go.dev/issue/77578"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk",
"url": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4601",
"url": "https://pkg.go.dev/vuln/GO-2026-4601"
}
],
"release_date": "2026-03-06T21:28:14.211000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-29T17:11:19+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:3c87ef209deb488a3c37626273123280364972c155ae53d986fbc784bf219892_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:6af0be7e815a0c1db832025550381df8869a824393be8025d4cceb7e610619e9_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:b64f0e80cebf4fe945fa945a9df2796c463cb3026a7cfd32e9ab2fc98528b7d3_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e7316f47c02a052e731b15ee00e9bb0ed4a9a1dd19f5b2423150e83ebcb010dd_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:11856"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:53d2838548e77931e94f9bcd85e941fb694b28a3585d280ddcb761344d2845e6_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:65503333e10391dca7854bd07dc161288cc00b1a722533e42af1e2c4c3c0afeb_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:8185411ec370b562124ed94598c1dc5128f7b4eba2612d59a0b0b5c767a2a697_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d682a5dd2a55034acfd3fe24b70526d1f514cf7e058aa51505d72537045cf3be_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:cba47e962ec1b6b6f68cea1b231e4a69f8e8ec25067b6e603ebeb268c9fc1ee0_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2195b3586d18555507672ce46cbe7ca44fc89271217f4d10c4a0f709d63a2ad9_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:4454746edc32128a37ab4be8b97c99b87fd8d85fc2199a2d80834ff72f9790d5_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:b615e4d4f9d80660cd340c20df280f0387049f5940f7bb2812d2e3bf325a12f9_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ff9ba83cb0a4505d9bfbd5b0826400b0d3685572e8f599a2813f1462c8a2c310_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:dbdd7ba0477474b50810b0950c8e50171b2327f81ad14ff02ba34cb69885cd45_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:523a51c7c519af386cdaebb7e67971f0a05a7b31fb6683be852a291aada8201a_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:7ce1aebe1c0916ab52b66902127625b13c19231ffd67b24c8606a0131f19d4f9_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:8e02861c489702fb5b0ecb60c8b4e9bb6a14a5f026ceee9fee482891cf7dd61e_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:c5fdf182c5b34b44e21971af93272ac07a2521c3d496b6d92c0a3a7afe3bd362_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:7551505ec9af37fd96ad9a226a475d3d7169eb7d861c4f45cd490ff1f0fae1d3_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:64b287be516147f19f83fe4ac93471de19a8bcc1e3489d7298b734ec26d45aab_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:943fe18122c39717e8874df366a9d8cb2e98572e62af6773445b6328b38b9b0e_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:af6903e508dc41730b05d855d363f53c0e8efcb327429b59cbca959a9cc6aaf1_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee5eec8ed546799aa60d3181f45810632ce280a310a0f75fa847d8cfa0a7690d_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:e2e10580ca1783ac80ea08851c21f4accaa284951d7a909a59d3484ec3077163_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:0578be0cbc9bbbdd5bf86e5bbc15d1741f654af7149efdf184d300f6a3c0b86a_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:18da4574e93bb4cdf09757ad095257912cfdf8506546d83b2f705fbb9d067282_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:2a5eb683e47b2f8e1d02546ff6a640c984e71a9e657112243da082aea47d7af8_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:a696f5af8140d39bf5528d1efc1affab93050fb764c0e6d09c61f819375be139_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:3c87ef209deb488a3c37626273123280364972c155ae53d986fbc784bf219892_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:6af0be7e815a0c1db832025550381df8869a824393be8025d4cceb7e610619e9_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:b64f0e80cebf4fe945fa945a9df2796c463cb3026a7cfd32e9ab2fc98528b7d3_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e7316f47c02a052e731b15ee00e9bb0ed4a9a1dd19f5b2423150e83ebcb010dd_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:53d2838548e77931e94f9bcd85e941fb694b28a3585d280ddcb761344d2845e6_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:65503333e10391dca7854bd07dc161288cc00b1a722533e42af1e2c4c3c0afeb_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:8185411ec370b562124ed94598c1dc5128f7b4eba2612d59a0b0b5c767a2a697_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d682a5dd2a55034acfd3fe24b70526d1f514cf7e058aa51505d72537045cf3be_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:cba47e962ec1b6b6f68cea1b231e4a69f8e8ec25067b6e603ebeb268c9fc1ee0_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2195b3586d18555507672ce46cbe7ca44fc89271217f4d10c4a0f709d63a2ad9_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:4454746edc32128a37ab4be8b97c99b87fd8d85fc2199a2d80834ff72f9790d5_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:b615e4d4f9d80660cd340c20df280f0387049f5940f7bb2812d2e3bf325a12f9_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ff9ba83cb0a4505d9bfbd5b0826400b0d3685572e8f599a2813f1462c8a2c310_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:dbdd7ba0477474b50810b0950c8e50171b2327f81ad14ff02ba34cb69885cd45_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:523a51c7c519af386cdaebb7e67971f0a05a7b31fb6683be852a291aada8201a_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:7ce1aebe1c0916ab52b66902127625b13c19231ffd67b24c8606a0131f19d4f9_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:8e02861c489702fb5b0ecb60c8b4e9bb6a14a5f026ceee9fee482891cf7dd61e_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:c5fdf182c5b34b44e21971af93272ac07a2521c3d496b6d92c0a3a7afe3bd362_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:7551505ec9af37fd96ad9a226a475d3d7169eb7d861c4f45cd490ff1f0fae1d3_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:64b287be516147f19f83fe4ac93471de19a8bcc1e3489d7298b734ec26d45aab_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:943fe18122c39717e8874df366a9d8cb2e98572e62af6773445b6328b38b9b0e_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:af6903e508dc41730b05d855d363f53c0e8efcb327429b59cbca959a9cc6aaf1_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee5eec8ed546799aa60d3181f45810632ce280a310a0f75fa847d8cfa0a7690d_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:e2e10580ca1783ac80ea08851c21f4accaa284951d7a909a59d3484ec3077163_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:0578be0cbc9bbbdd5bf86e5bbc15d1741f654af7149efdf184d300f6a3c0b86a_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:18da4574e93bb4cdf09757ad095257912cfdf8506546d83b2f705fbb9d067282_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:2a5eb683e47b2f8e1d02546ff6a640c984e71a9e657112243da082aea47d7af8_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:a696f5af8140d39bf5528d1efc1affab93050fb764c0e6d09c61f819375be139_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:3c87ef209deb488a3c37626273123280364972c155ae53d986fbc784bf219892_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:6af0be7e815a0c1db832025550381df8869a824393be8025d4cceb7e610619e9_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:b64f0e80cebf4fe945fa945a9df2796c463cb3026a7cfd32e9ab2fc98528b7d3_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e7316f47c02a052e731b15ee00e9bb0ed4a9a1dd19f5b2423150e83ebcb010dd_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "net/url: Incorrect parsing of IPv6 host literals in net/url"
},
{
"cve": "CVE-2026-27459",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"discovery_date": "2026-03-18T00:01:41.404915+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:53d2838548e77931e94f9bcd85e941fb694b28a3585d280ddcb761344d2845e6_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:65503333e10391dca7854bd07dc161288cc00b1a722533e42af1e2c4c3c0afeb_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:8185411ec370b562124ed94598c1dc5128f7b4eba2612d59a0b0b5c767a2a697_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d682a5dd2a55034acfd3fe24b70526d1f514cf7e058aa51505d72537045cf3be_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:cba47e962ec1b6b6f68cea1b231e4a69f8e8ec25067b6e603ebeb268c9fc1ee0_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2195b3586d18555507672ce46cbe7ca44fc89271217f4d10c4a0f709d63a2ad9_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:4454746edc32128a37ab4be8b97c99b87fd8d85fc2199a2d80834ff72f9790d5_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:b615e4d4f9d80660cd340c20df280f0387049f5940f7bb2812d2e3bf325a12f9_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ff9ba83cb0a4505d9bfbd5b0826400b0d3685572e8f599a2813f1462c8a2c310_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:dbdd7ba0477474b50810b0950c8e50171b2327f81ad14ff02ba34cb69885cd45_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:523a51c7c519af386cdaebb7e67971f0a05a7b31fb6683be852a291aada8201a_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:7ce1aebe1c0916ab52b66902127625b13c19231ffd67b24c8606a0131f19d4f9_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:8e02861c489702fb5b0ecb60c8b4e9bb6a14a5f026ceee9fee482891cf7dd61e_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:c5fdf182c5b34b44e21971af93272ac07a2521c3d496b6d92c0a3a7afe3bd362_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:7551505ec9af37fd96ad9a226a475d3d7169eb7d861c4f45cd490ff1f0fae1d3_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:64b287be516147f19f83fe4ac93471de19a8bcc1e3489d7298b734ec26d45aab_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:943fe18122c39717e8874df366a9d8cb2e98572e62af6773445b6328b38b9b0e_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:af6903e508dc41730b05d855d363f53c0e8efcb327429b59cbca959a9cc6aaf1_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee5eec8ed546799aa60d3181f45810632ce280a310a0f75fa847d8cfa0a7690d_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:e2e10580ca1783ac80ea08851c21f4accaa284951d7a909a59d3484ec3077163_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:0578be0cbc9bbbdd5bf86e5bbc15d1741f654af7149efdf184d300f6a3c0b86a_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:18da4574e93bb4cdf09757ad095257912cfdf8506546d83b2f705fbb9d067282_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:2a5eb683e47b2f8e1d02546ff6a640c984e71a9e657112243da082aea47d7af8_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:a696f5af8140d39bf5528d1efc1affab93050fb764c0e6d09c61f819375be139_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2448503"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in pyOpenSSL. The set_cookie_generate_callback callback function can be used to generate DTLS cookies. When the callback returns a cookie string or byte sequence longer than 256 bytes, a buffer overflow can be triggered due to a missing bounds checking before copying the data to a fixed-size buffer provided by the underlying OpenSSL library.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "pyOpenSSL: DTLS cookie callback buffer overflow",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw is only exploitable when an application using the pyOpenSSL library provides a custom callback to the set_cookie_generate_callback function. For the buffer overflow to occur, the callback function must return a cookie string or byte sequence longer than 256 bytes, limiting the exposure of this issue. Due to these reasons, this vulnerability has been rated with an important severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:3c87ef209deb488a3c37626273123280364972c155ae53d986fbc784bf219892_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:6af0be7e815a0c1db832025550381df8869a824393be8025d4cceb7e610619e9_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:b64f0e80cebf4fe945fa945a9df2796c463cb3026a7cfd32e9ab2fc98528b7d3_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e7316f47c02a052e731b15ee00e9bb0ed4a9a1dd19f5b2423150e83ebcb010dd_s390x"
],
"known_not_affected": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:53d2838548e77931e94f9bcd85e941fb694b28a3585d280ddcb761344d2845e6_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:65503333e10391dca7854bd07dc161288cc00b1a722533e42af1e2c4c3c0afeb_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:8185411ec370b562124ed94598c1dc5128f7b4eba2612d59a0b0b5c767a2a697_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d682a5dd2a55034acfd3fe24b70526d1f514cf7e058aa51505d72537045cf3be_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:cba47e962ec1b6b6f68cea1b231e4a69f8e8ec25067b6e603ebeb268c9fc1ee0_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2195b3586d18555507672ce46cbe7ca44fc89271217f4d10c4a0f709d63a2ad9_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:4454746edc32128a37ab4be8b97c99b87fd8d85fc2199a2d80834ff72f9790d5_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:b615e4d4f9d80660cd340c20df280f0387049f5940f7bb2812d2e3bf325a12f9_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ff9ba83cb0a4505d9bfbd5b0826400b0d3685572e8f599a2813f1462c8a2c310_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:dbdd7ba0477474b50810b0950c8e50171b2327f81ad14ff02ba34cb69885cd45_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:523a51c7c519af386cdaebb7e67971f0a05a7b31fb6683be852a291aada8201a_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:7ce1aebe1c0916ab52b66902127625b13c19231ffd67b24c8606a0131f19d4f9_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:8e02861c489702fb5b0ecb60c8b4e9bb6a14a5f026ceee9fee482891cf7dd61e_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:c5fdf182c5b34b44e21971af93272ac07a2521c3d496b6d92c0a3a7afe3bd362_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:7551505ec9af37fd96ad9a226a475d3d7169eb7d861c4f45cd490ff1f0fae1d3_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:64b287be516147f19f83fe4ac93471de19a8bcc1e3489d7298b734ec26d45aab_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:943fe18122c39717e8874df366a9d8cb2e98572e62af6773445b6328b38b9b0e_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:af6903e508dc41730b05d855d363f53c0e8efcb327429b59cbca959a9cc6aaf1_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee5eec8ed546799aa60d3181f45810632ce280a310a0f75fa847d8cfa0a7690d_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:e2e10580ca1783ac80ea08851c21f4accaa284951d7a909a59d3484ec3077163_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:0578be0cbc9bbbdd5bf86e5bbc15d1741f654af7149efdf184d300f6a3c0b86a_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:18da4574e93bb4cdf09757ad095257912cfdf8506546d83b2f705fbb9d067282_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:2a5eb683e47b2f8e1d02546ff6a640c984e71a9e657112243da082aea47d7af8_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:a696f5af8140d39bf5528d1efc1affab93050fb764c0e6d09c61f819375be139_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-27459"
},
{
"category": "external",
"summary": "RHBZ#2448503",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448503"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-27459",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27459"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-27459",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27459"
},
{
"category": "external",
"summary": "https://github.com/pyca/pyopenssl/blob/358cbf29c4e364c59930e53a270116249581eaa3/CHANGELOG.rst",
"url": "https://github.com/pyca/pyopenssl/blob/358cbf29c4e364c59930e53a270116249581eaa3/CHANGELOG.rst"
},
{
"category": "external",
"summary": "https://github.com/pyca/pyopenssl/commit/57f09bb4bb051d3bc2a1abd36e9525313d5cd408",
"url": "https://github.com/pyca/pyopenssl/commit/57f09bb4bb051d3bc2a1abd36e9525313d5cd408"
},
{
"category": "external",
"summary": "https://github.com/pyca/pyopenssl/security/advisories/GHSA-5pwr-322w-8jr4",
"url": "https://github.com/pyca/pyopenssl/security/advisories/GHSA-5pwr-322w-8jr4"
}
],
"release_date": "2026-03-17T23:34:28.483000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-29T17:11:19+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:3c87ef209deb488a3c37626273123280364972c155ae53d986fbc784bf219892_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:6af0be7e815a0c1db832025550381df8869a824393be8025d4cceb7e610619e9_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:b64f0e80cebf4fe945fa945a9df2796c463cb3026a7cfd32e9ab2fc98528b7d3_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e7316f47c02a052e731b15ee00e9bb0ed4a9a1dd19f5b2423150e83ebcb010dd_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:11856"
},
{
"category": "workaround",
"details": "To mitigate this flaw, ensure the callback provided to the set_cookie_generate_callback function strictly limits the returned cookie string or byte sequence to under 256 bytes.",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:53d2838548e77931e94f9bcd85e941fb694b28a3585d280ddcb761344d2845e6_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:65503333e10391dca7854bd07dc161288cc00b1a722533e42af1e2c4c3c0afeb_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:8185411ec370b562124ed94598c1dc5128f7b4eba2612d59a0b0b5c767a2a697_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d682a5dd2a55034acfd3fe24b70526d1f514cf7e058aa51505d72537045cf3be_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:cba47e962ec1b6b6f68cea1b231e4a69f8e8ec25067b6e603ebeb268c9fc1ee0_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2195b3586d18555507672ce46cbe7ca44fc89271217f4d10c4a0f709d63a2ad9_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:4454746edc32128a37ab4be8b97c99b87fd8d85fc2199a2d80834ff72f9790d5_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:b615e4d4f9d80660cd340c20df280f0387049f5940f7bb2812d2e3bf325a12f9_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ff9ba83cb0a4505d9bfbd5b0826400b0d3685572e8f599a2813f1462c8a2c310_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:dbdd7ba0477474b50810b0950c8e50171b2327f81ad14ff02ba34cb69885cd45_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:523a51c7c519af386cdaebb7e67971f0a05a7b31fb6683be852a291aada8201a_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:7ce1aebe1c0916ab52b66902127625b13c19231ffd67b24c8606a0131f19d4f9_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:8e02861c489702fb5b0ecb60c8b4e9bb6a14a5f026ceee9fee482891cf7dd61e_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:c5fdf182c5b34b44e21971af93272ac07a2521c3d496b6d92c0a3a7afe3bd362_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:7551505ec9af37fd96ad9a226a475d3d7169eb7d861c4f45cd490ff1f0fae1d3_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:64b287be516147f19f83fe4ac93471de19a8bcc1e3489d7298b734ec26d45aab_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:943fe18122c39717e8874df366a9d8cb2e98572e62af6773445b6328b38b9b0e_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:af6903e508dc41730b05d855d363f53c0e8efcb327429b59cbca959a9cc6aaf1_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee5eec8ed546799aa60d3181f45810632ce280a310a0f75fa847d8cfa0a7690d_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:e2e10580ca1783ac80ea08851c21f4accaa284951d7a909a59d3484ec3077163_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:0578be0cbc9bbbdd5bf86e5bbc15d1741f654af7149efdf184d300f6a3c0b86a_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:18da4574e93bb4cdf09757ad095257912cfdf8506546d83b2f705fbb9d067282_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:2a5eb683e47b2f8e1d02546ff6a640c984e71a9e657112243da082aea47d7af8_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:a696f5af8140d39bf5528d1efc1affab93050fb764c0e6d09c61f819375be139_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:3c87ef209deb488a3c37626273123280364972c155ae53d986fbc784bf219892_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:6af0be7e815a0c1db832025550381df8869a824393be8025d4cceb7e610619e9_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:b64f0e80cebf4fe945fa945a9df2796c463cb3026a7cfd32e9ab2fc98528b7d3_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e7316f47c02a052e731b15ee00e9bb0ed4a9a1dd19f5b2423150e83ebcb010dd_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:53d2838548e77931e94f9bcd85e941fb694b28a3585d280ddcb761344d2845e6_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:65503333e10391dca7854bd07dc161288cc00b1a722533e42af1e2c4c3c0afeb_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:8185411ec370b562124ed94598c1dc5128f7b4eba2612d59a0b0b5c767a2a697_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d682a5dd2a55034acfd3fe24b70526d1f514cf7e058aa51505d72537045cf3be_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:cba47e962ec1b6b6f68cea1b231e4a69f8e8ec25067b6e603ebeb268c9fc1ee0_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2195b3586d18555507672ce46cbe7ca44fc89271217f4d10c4a0f709d63a2ad9_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:4454746edc32128a37ab4be8b97c99b87fd8d85fc2199a2d80834ff72f9790d5_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:b615e4d4f9d80660cd340c20df280f0387049f5940f7bb2812d2e3bf325a12f9_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ff9ba83cb0a4505d9bfbd5b0826400b0d3685572e8f599a2813f1462c8a2c310_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:dbdd7ba0477474b50810b0950c8e50171b2327f81ad14ff02ba34cb69885cd45_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:523a51c7c519af386cdaebb7e67971f0a05a7b31fb6683be852a291aada8201a_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:7ce1aebe1c0916ab52b66902127625b13c19231ffd67b24c8606a0131f19d4f9_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:8e02861c489702fb5b0ecb60c8b4e9bb6a14a5f026ceee9fee482891cf7dd61e_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:c5fdf182c5b34b44e21971af93272ac07a2521c3d496b6d92c0a3a7afe3bd362_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:7551505ec9af37fd96ad9a226a475d3d7169eb7d861c4f45cd490ff1f0fae1d3_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:64b287be516147f19f83fe4ac93471de19a8bcc1e3489d7298b734ec26d45aab_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:943fe18122c39717e8874df366a9d8cb2e98572e62af6773445b6328b38b9b0e_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:af6903e508dc41730b05d855d363f53c0e8efcb327429b59cbca959a9cc6aaf1_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee5eec8ed546799aa60d3181f45810632ce280a310a0f75fa847d8cfa0a7690d_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:e2e10580ca1783ac80ea08851c21f4accaa284951d7a909a59d3484ec3077163_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:0578be0cbc9bbbdd5bf86e5bbc15d1741f654af7149efdf184d300f6a3c0b86a_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:18da4574e93bb4cdf09757ad095257912cfdf8506546d83b2f705fbb9d067282_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:2a5eb683e47b2f8e1d02546ff6a640c984e71a9e657112243da082aea47d7af8_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:a696f5af8140d39bf5528d1efc1affab93050fb764c0e6d09c61f819375be139_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:3c87ef209deb488a3c37626273123280364972c155ae53d986fbc784bf219892_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:6af0be7e815a0c1db832025550381df8869a824393be8025d4cceb7e610619e9_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:b64f0e80cebf4fe945fa945a9df2796c463cb3026a7cfd32e9ab2fc98528b7d3_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e7316f47c02a052e731b15ee00e9bb0ed4a9a1dd19f5b2423150e83ebcb010dd_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "pyOpenSSL: DTLS cookie callback buffer overflow"
},
{
"cve": "CVE-2026-29074",
"cwe": {
"id": "CWE-776",
"name": "Improper Restriction of Recursive Entity References in DTDs (\u0027XML Entity Expansion\u0027)"
},
"discovery_date": "2026-03-06T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:53d2838548e77931e94f9bcd85e941fb694b28a3585d280ddcb761344d2845e6_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:65503333e10391dca7854bd07dc161288cc00b1a722533e42af1e2c4c3c0afeb_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:8185411ec370b562124ed94598c1dc5128f7b4eba2612d59a0b0b5c767a2a697_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d682a5dd2a55034acfd3fe24b70526d1f514cf7e058aa51505d72537045cf3be_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:cba47e962ec1b6b6f68cea1b231e4a69f8e8ec25067b6e603ebeb268c9fc1ee0_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2195b3586d18555507672ce46cbe7ca44fc89271217f4d10c4a0f709d63a2ad9_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:4454746edc32128a37ab4be8b97c99b87fd8d85fc2199a2d80834ff72f9790d5_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:b615e4d4f9d80660cd340c20df280f0387049f5940f7bb2812d2e3bf325a12f9_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ff9ba83cb0a4505d9bfbd5b0826400b0d3685572e8f599a2813f1462c8a2c310_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:dbdd7ba0477474b50810b0950c8e50171b2327f81ad14ff02ba34cb69885cd45_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:523a51c7c519af386cdaebb7e67971f0a05a7b31fb6683be852a291aada8201a_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:7ce1aebe1c0916ab52b66902127625b13c19231ffd67b24c8606a0131f19d4f9_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:8e02861c489702fb5b0ecb60c8b4e9bb6a14a5f026ceee9fee482891cf7dd61e_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:c5fdf182c5b34b44e21971af93272ac07a2521c3d496b6d92c0a3a7afe3bd362_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:7551505ec9af37fd96ad9a226a475d3d7169eb7d861c4f45cd490ff1f0fae1d3_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:64b287be516147f19f83fe4ac93471de19a8bcc1e3489d7298b734ec26d45aab_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:943fe18122c39717e8874df366a9d8cb2e98572e62af6773445b6328b38b9b0e_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:af6903e508dc41730b05d855d363f53c0e8efcb327429b59cbca959a9cc6aaf1_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee5eec8ed546799aa60d3181f45810632ce280a310a0f75fa847d8cfa0a7690d_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:e2e10580ca1783ac80ea08851c21f4accaa284951d7a909a59d3484ec3077163_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:0578be0cbc9bbbdd5bf86e5bbc15d1741f654af7149efdf184d300f6a3c0b86a_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:18da4574e93bb4cdf09757ad095257912cfdf8506546d83b2f705fbb9d067282_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:2a5eb683e47b2f8e1d02546ff6a640c984e71a9e657112243da082aea47d7af8_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:a696f5af8140d39bf5528d1efc1affab93050fb764c0e6d09c61f819375be139_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2445132"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in SVGO, an SVG (Scalable Vector Graphics) Optimizer. This vulnerability allows a remote attacker to cause a Denial of Service (DoS) by submitting a specially crafted XML file. The application\u0027s failure to properly guard against XML entity expansion or recursion can lead to the Node.js process consuming excessive memory and crashing.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "svgo: SVGO: Denial of Service via XML entity expansion",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:3c87ef209deb488a3c37626273123280364972c155ae53d986fbc784bf219892_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:6af0be7e815a0c1db832025550381df8869a824393be8025d4cceb7e610619e9_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:b64f0e80cebf4fe945fa945a9df2796c463cb3026a7cfd32e9ab2fc98528b7d3_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e7316f47c02a052e731b15ee00e9bb0ed4a9a1dd19f5b2423150e83ebcb010dd_s390x"
],
"known_not_affected": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:53d2838548e77931e94f9bcd85e941fb694b28a3585d280ddcb761344d2845e6_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:65503333e10391dca7854bd07dc161288cc00b1a722533e42af1e2c4c3c0afeb_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:8185411ec370b562124ed94598c1dc5128f7b4eba2612d59a0b0b5c767a2a697_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d682a5dd2a55034acfd3fe24b70526d1f514cf7e058aa51505d72537045cf3be_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:cba47e962ec1b6b6f68cea1b231e4a69f8e8ec25067b6e603ebeb268c9fc1ee0_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2195b3586d18555507672ce46cbe7ca44fc89271217f4d10c4a0f709d63a2ad9_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:4454746edc32128a37ab4be8b97c99b87fd8d85fc2199a2d80834ff72f9790d5_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:b615e4d4f9d80660cd340c20df280f0387049f5940f7bb2812d2e3bf325a12f9_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ff9ba83cb0a4505d9bfbd5b0826400b0d3685572e8f599a2813f1462c8a2c310_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:dbdd7ba0477474b50810b0950c8e50171b2327f81ad14ff02ba34cb69885cd45_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:523a51c7c519af386cdaebb7e67971f0a05a7b31fb6683be852a291aada8201a_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:7ce1aebe1c0916ab52b66902127625b13c19231ffd67b24c8606a0131f19d4f9_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:8e02861c489702fb5b0ecb60c8b4e9bb6a14a5f026ceee9fee482891cf7dd61e_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:c5fdf182c5b34b44e21971af93272ac07a2521c3d496b6d92c0a3a7afe3bd362_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:7551505ec9af37fd96ad9a226a475d3d7169eb7d861c4f45cd490ff1f0fae1d3_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:64b287be516147f19f83fe4ac93471de19a8bcc1e3489d7298b734ec26d45aab_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:943fe18122c39717e8874df366a9d8cb2e98572e62af6773445b6328b38b9b0e_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:af6903e508dc41730b05d855d363f53c0e8efcb327429b59cbca959a9cc6aaf1_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee5eec8ed546799aa60d3181f45810632ce280a310a0f75fa847d8cfa0a7690d_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:e2e10580ca1783ac80ea08851c21f4accaa284951d7a909a59d3484ec3077163_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:0578be0cbc9bbbdd5bf86e5bbc15d1741f654af7149efdf184d300f6a3c0b86a_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:18da4574e93bb4cdf09757ad095257912cfdf8506546d83b2f705fbb9d067282_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:2a5eb683e47b2f8e1d02546ff6a640c984e71a9e657112243da082aea47d7af8_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:a696f5af8140d39bf5528d1efc1affab93050fb764c0e6d09c61f819375be139_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-29074"
},
{
"category": "external",
"summary": "RHBZ#2445132",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445132"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-29074",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-29074"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-29074",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-29074"
},
{
"category": "external",
"summary": "https://github.com/svg/svgo/security/advisories/GHSA-xpqw-6gx7-v673",
"url": "https://github.com/svg/svgo/security/advisories/GHSA-xpqw-6gx7-v673"
}
],
"release_date": "2026-03-06T07:23:05.716000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-29T17:11:19+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:3c87ef209deb488a3c37626273123280364972c155ae53d986fbc784bf219892_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:6af0be7e815a0c1db832025550381df8869a824393be8025d4cceb7e610619e9_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:b64f0e80cebf4fe945fa945a9df2796c463cb3026a7cfd32e9ab2fc98528b7d3_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e7316f47c02a052e731b15ee00e9bb0ed4a9a1dd19f5b2423150e83ebcb010dd_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:11856"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:53d2838548e77931e94f9bcd85e941fb694b28a3585d280ddcb761344d2845e6_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:65503333e10391dca7854bd07dc161288cc00b1a722533e42af1e2c4c3c0afeb_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:8185411ec370b562124ed94598c1dc5128f7b4eba2612d59a0b0b5c767a2a697_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d682a5dd2a55034acfd3fe24b70526d1f514cf7e058aa51505d72537045cf3be_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:cba47e962ec1b6b6f68cea1b231e4a69f8e8ec25067b6e603ebeb268c9fc1ee0_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2195b3586d18555507672ce46cbe7ca44fc89271217f4d10c4a0f709d63a2ad9_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:4454746edc32128a37ab4be8b97c99b87fd8d85fc2199a2d80834ff72f9790d5_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:b615e4d4f9d80660cd340c20df280f0387049f5940f7bb2812d2e3bf325a12f9_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ff9ba83cb0a4505d9bfbd5b0826400b0d3685572e8f599a2813f1462c8a2c310_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:dbdd7ba0477474b50810b0950c8e50171b2327f81ad14ff02ba34cb69885cd45_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:523a51c7c519af386cdaebb7e67971f0a05a7b31fb6683be852a291aada8201a_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:7ce1aebe1c0916ab52b66902127625b13c19231ffd67b24c8606a0131f19d4f9_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:8e02861c489702fb5b0ecb60c8b4e9bb6a14a5f026ceee9fee482891cf7dd61e_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:c5fdf182c5b34b44e21971af93272ac07a2521c3d496b6d92c0a3a7afe3bd362_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:7551505ec9af37fd96ad9a226a475d3d7169eb7d861c4f45cd490ff1f0fae1d3_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:64b287be516147f19f83fe4ac93471de19a8bcc1e3489d7298b734ec26d45aab_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:943fe18122c39717e8874df366a9d8cb2e98572e62af6773445b6328b38b9b0e_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:af6903e508dc41730b05d855d363f53c0e8efcb327429b59cbca959a9cc6aaf1_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee5eec8ed546799aa60d3181f45810632ce280a310a0f75fa847d8cfa0a7690d_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:e2e10580ca1783ac80ea08851c21f4accaa284951d7a909a59d3484ec3077163_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:0578be0cbc9bbbdd5bf86e5bbc15d1741f654af7149efdf184d300f6a3c0b86a_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:18da4574e93bb4cdf09757ad095257912cfdf8506546d83b2f705fbb9d067282_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:2a5eb683e47b2f8e1d02546ff6a640c984e71a9e657112243da082aea47d7af8_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:a696f5af8140d39bf5528d1efc1affab93050fb764c0e6d09c61f819375be139_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:3c87ef209deb488a3c37626273123280364972c155ae53d986fbc784bf219892_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:6af0be7e815a0c1db832025550381df8869a824393be8025d4cceb7e610619e9_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:b64f0e80cebf4fe945fa945a9df2796c463cb3026a7cfd32e9ab2fc98528b7d3_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e7316f47c02a052e731b15ee00e9bb0ed4a9a1dd19f5b2423150e83ebcb010dd_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:53d2838548e77931e94f9bcd85e941fb694b28a3585d280ddcb761344d2845e6_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:65503333e10391dca7854bd07dc161288cc00b1a722533e42af1e2c4c3c0afeb_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:8185411ec370b562124ed94598c1dc5128f7b4eba2612d59a0b0b5c767a2a697_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d682a5dd2a55034acfd3fe24b70526d1f514cf7e058aa51505d72537045cf3be_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:cba47e962ec1b6b6f68cea1b231e4a69f8e8ec25067b6e603ebeb268c9fc1ee0_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2195b3586d18555507672ce46cbe7ca44fc89271217f4d10c4a0f709d63a2ad9_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:4454746edc32128a37ab4be8b97c99b87fd8d85fc2199a2d80834ff72f9790d5_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:b615e4d4f9d80660cd340c20df280f0387049f5940f7bb2812d2e3bf325a12f9_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ff9ba83cb0a4505d9bfbd5b0826400b0d3685572e8f599a2813f1462c8a2c310_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:dbdd7ba0477474b50810b0950c8e50171b2327f81ad14ff02ba34cb69885cd45_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:523a51c7c519af386cdaebb7e67971f0a05a7b31fb6683be852a291aada8201a_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:7ce1aebe1c0916ab52b66902127625b13c19231ffd67b24c8606a0131f19d4f9_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:8e02861c489702fb5b0ecb60c8b4e9bb6a14a5f026ceee9fee482891cf7dd61e_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:c5fdf182c5b34b44e21971af93272ac07a2521c3d496b6d92c0a3a7afe3bd362_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:7551505ec9af37fd96ad9a226a475d3d7169eb7d861c4f45cd490ff1f0fae1d3_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:64b287be516147f19f83fe4ac93471de19a8bcc1e3489d7298b734ec26d45aab_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:943fe18122c39717e8874df366a9d8cb2e98572e62af6773445b6328b38b9b0e_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:af6903e508dc41730b05d855d363f53c0e8efcb327429b59cbca959a9cc6aaf1_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee5eec8ed546799aa60d3181f45810632ce280a310a0f75fa847d8cfa0a7690d_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:e2e10580ca1783ac80ea08851c21f4accaa284951d7a909a59d3484ec3077163_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:0578be0cbc9bbbdd5bf86e5bbc15d1741f654af7149efdf184d300f6a3c0b86a_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:18da4574e93bb4cdf09757ad095257912cfdf8506546d83b2f705fbb9d067282_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:2a5eb683e47b2f8e1d02546ff6a640c984e71a9e657112243da082aea47d7af8_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:a696f5af8140d39bf5528d1efc1affab93050fb764c0e6d09c61f819375be139_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:3c87ef209deb488a3c37626273123280364972c155ae53d986fbc784bf219892_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:6af0be7e815a0c1db832025550381df8869a824393be8025d4cceb7e610619e9_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:b64f0e80cebf4fe945fa945a9df2796c463cb3026a7cfd32e9ab2fc98528b7d3_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e7316f47c02a052e731b15ee00e9bb0ed4a9a1dd19f5b2423150e83ebcb010dd_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "svgo: SVGO: Denial of Service via XML entity expansion"
},
{
"cve": "CVE-2026-32286",
"cwe": {
"id": "CWE-1285",
"name": "Improper Validation of Specified Index, Position, or Offset in Input"
},
"discovery_date": "2026-03-26T20:01:59.226117+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:53d2838548e77931e94f9bcd85e941fb694b28a3585d280ddcb761344d2845e6_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:65503333e10391dca7854bd07dc161288cc00b1a722533e42af1e2c4c3c0afeb_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:8185411ec370b562124ed94598c1dc5128f7b4eba2612d59a0b0b5c767a2a697_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d682a5dd2a55034acfd3fe24b70526d1f514cf7e058aa51505d72537045cf3be_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:cba47e962ec1b6b6f68cea1b231e4a69f8e8ec25067b6e603ebeb268c9fc1ee0_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2195b3586d18555507672ce46cbe7ca44fc89271217f4d10c4a0f709d63a2ad9_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:4454746edc32128a37ab4be8b97c99b87fd8d85fc2199a2d80834ff72f9790d5_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:b615e4d4f9d80660cd340c20df280f0387049f5940f7bb2812d2e3bf325a12f9_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ff9ba83cb0a4505d9bfbd5b0826400b0d3685572e8f599a2813f1462c8a2c310_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:dbdd7ba0477474b50810b0950c8e50171b2327f81ad14ff02ba34cb69885cd45_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:523a51c7c519af386cdaebb7e67971f0a05a7b31fb6683be852a291aada8201a_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:7ce1aebe1c0916ab52b66902127625b13c19231ffd67b24c8606a0131f19d4f9_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:8e02861c489702fb5b0ecb60c8b4e9bb6a14a5f026ceee9fee482891cf7dd61e_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:c5fdf182c5b34b44e21971af93272ac07a2521c3d496b6d92c0a3a7afe3bd362_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:7551505ec9af37fd96ad9a226a475d3d7169eb7d861c4f45cd490ff1f0fae1d3_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:64b287be516147f19f83fe4ac93471de19a8bcc1e3489d7298b734ec26d45aab_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:943fe18122c39717e8874df366a9d8cb2e98572e62af6773445b6328b38b9b0e_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:af6903e508dc41730b05d855d363f53c0e8efcb327429b59cbca959a9cc6aaf1_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee5eec8ed546799aa60d3181f45810632ce280a310a0f75fa847d8cfa0a7690d_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:e2e10580ca1783ac80ea08851c21f4accaa284951d7a909a59d3484ec3077163_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:0578be0cbc9bbbdd5bf86e5bbc15d1741f654af7149efdf184d300f6a3c0b86a_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:18da4574e93bb4cdf09757ad095257912cfdf8506546d83b2f705fbb9d067282_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:2a5eb683e47b2f8e1d02546ff6a640c984e71a9e657112243da082aea47d7af8_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:a696f5af8140d39bf5528d1efc1affab93050fb764c0e6d09c61f819375be139_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2451847"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the DataRow.Decode function within the github.com/jackc/pgproto3/v2 component. A malicious or compromised PostgreSQL server can exploit this by sending a DataRow message containing a negative field length. This improper validation of field lengths leads to a \"slice bounds out of range panic\", resulting in a Denial of Service (DoS) for the affected application.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "github.com/jackc/pgproto3/v2: github.com/jackc/pgproto3/v2: Denial of Service via malicious PostgreSQL server",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The PostgreSQL server multicluster-globalhub-manager connects to is either provisioned by the operator itself or specified by the admin managing the deployment. To successfully exploit the vulnerability in this context the attacker would need to compromise the operator-deployed PostgreSQL server to force a crafted malicious DataRow message or they would need to have the privileges required to modify the operator-provisioned deployment or configure globalhub-manager to use a compromised/malicious \u201cBYO Postgres\u201d server.\n\nThe first scenario (compromising a legitimate PostgreSQL server) would change Attack Complexity from Low to High resulting in an adjusted CVSS v3.1 score of 5.9 (Moderate)\nThe other scenarios (manipulating the operator provisioned-deployment or configuring the globalhub-manager to use a malicious server) would maintain AC:L but would require privileged access. This would change Privileges Required from None to High resulting in an adjusted CVSS v3.1 score of 4.9 (Moderate)\n\nBased on the above the Impact Rating for multicluster-globalhub-manager-rhel9 is Moderate.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:3c87ef209deb488a3c37626273123280364972c155ae53d986fbc784bf219892_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:6af0be7e815a0c1db832025550381df8869a824393be8025d4cceb7e610619e9_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:b64f0e80cebf4fe945fa945a9df2796c463cb3026a7cfd32e9ab2fc98528b7d3_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e7316f47c02a052e731b15ee00e9bb0ed4a9a1dd19f5b2423150e83ebcb010dd_s390x"
],
"known_not_affected": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:53d2838548e77931e94f9bcd85e941fb694b28a3585d280ddcb761344d2845e6_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:65503333e10391dca7854bd07dc161288cc00b1a722533e42af1e2c4c3c0afeb_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:8185411ec370b562124ed94598c1dc5128f7b4eba2612d59a0b0b5c767a2a697_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d682a5dd2a55034acfd3fe24b70526d1f514cf7e058aa51505d72537045cf3be_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:cba47e962ec1b6b6f68cea1b231e4a69f8e8ec25067b6e603ebeb268c9fc1ee0_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2195b3586d18555507672ce46cbe7ca44fc89271217f4d10c4a0f709d63a2ad9_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:4454746edc32128a37ab4be8b97c99b87fd8d85fc2199a2d80834ff72f9790d5_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:b615e4d4f9d80660cd340c20df280f0387049f5940f7bb2812d2e3bf325a12f9_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ff9ba83cb0a4505d9bfbd5b0826400b0d3685572e8f599a2813f1462c8a2c310_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:dbdd7ba0477474b50810b0950c8e50171b2327f81ad14ff02ba34cb69885cd45_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:523a51c7c519af386cdaebb7e67971f0a05a7b31fb6683be852a291aada8201a_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:7ce1aebe1c0916ab52b66902127625b13c19231ffd67b24c8606a0131f19d4f9_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:8e02861c489702fb5b0ecb60c8b4e9bb6a14a5f026ceee9fee482891cf7dd61e_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:c5fdf182c5b34b44e21971af93272ac07a2521c3d496b6d92c0a3a7afe3bd362_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:7551505ec9af37fd96ad9a226a475d3d7169eb7d861c4f45cd490ff1f0fae1d3_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:64b287be516147f19f83fe4ac93471de19a8bcc1e3489d7298b734ec26d45aab_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:943fe18122c39717e8874df366a9d8cb2e98572e62af6773445b6328b38b9b0e_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:af6903e508dc41730b05d855d363f53c0e8efcb327429b59cbca959a9cc6aaf1_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee5eec8ed546799aa60d3181f45810632ce280a310a0f75fa847d8cfa0a7690d_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:e2e10580ca1783ac80ea08851c21f4accaa284951d7a909a59d3484ec3077163_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:0578be0cbc9bbbdd5bf86e5bbc15d1741f654af7149efdf184d300f6a3c0b86a_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:18da4574e93bb4cdf09757ad095257912cfdf8506546d83b2f705fbb9d067282_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:2a5eb683e47b2f8e1d02546ff6a640c984e71a9e657112243da082aea47d7af8_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:a696f5af8140d39bf5528d1efc1affab93050fb764c0e6d09c61f819375be139_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-32286"
},
{
"category": "external",
"summary": "RHBZ#2451847",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451847"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-32286",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32286"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32286",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32286"
},
{
"category": "external",
"summary": "https://github.com/golang/vulndb/issues/4518",
"url": "https://github.com/golang/vulndb/issues/4518"
},
{
"category": "external",
"summary": "https://github.com/jackc/pgx/issues/2507",
"url": "https://github.com/jackc/pgx/issues/2507"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4518",
"url": "https://pkg.go.dev/vuln/GO-2026-4518"
}
],
"release_date": "2026-03-26T19:40:51.974000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-29T17:11:19+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:3c87ef209deb488a3c37626273123280364972c155ae53d986fbc784bf219892_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:6af0be7e815a0c1db832025550381df8869a824393be8025d4cceb7e610619e9_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:b64f0e80cebf4fe945fa945a9df2796c463cb3026a7cfd32e9ab2fc98528b7d3_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e7316f47c02a052e731b15ee00e9bb0ed4a9a1dd19f5b2423150e83ebcb010dd_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:11856"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:53d2838548e77931e94f9bcd85e941fb694b28a3585d280ddcb761344d2845e6_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:65503333e10391dca7854bd07dc161288cc00b1a722533e42af1e2c4c3c0afeb_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:8185411ec370b562124ed94598c1dc5128f7b4eba2612d59a0b0b5c767a2a697_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d682a5dd2a55034acfd3fe24b70526d1f514cf7e058aa51505d72537045cf3be_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:cba47e962ec1b6b6f68cea1b231e4a69f8e8ec25067b6e603ebeb268c9fc1ee0_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2195b3586d18555507672ce46cbe7ca44fc89271217f4d10c4a0f709d63a2ad9_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:4454746edc32128a37ab4be8b97c99b87fd8d85fc2199a2d80834ff72f9790d5_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:b615e4d4f9d80660cd340c20df280f0387049f5940f7bb2812d2e3bf325a12f9_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ff9ba83cb0a4505d9bfbd5b0826400b0d3685572e8f599a2813f1462c8a2c310_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:dbdd7ba0477474b50810b0950c8e50171b2327f81ad14ff02ba34cb69885cd45_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:523a51c7c519af386cdaebb7e67971f0a05a7b31fb6683be852a291aada8201a_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:7ce1aebe1c0916ab52b66902127625b13c19231ffd67b24c8606a0131f19d4f9_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:8e02861c489702fb5b0ecb60c8b4e9bb6a14a5f026ceee9fee482891cf7dd61e_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:c5fdf182c5b34b44e21971af93272ac07a2521c3d496b6d92c0a3a7afe3bd362_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:7551505ec9af37fd96ad9a226a475d3d7169eb7d861c4f45cd490ff1f0fae1d3_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:64b287be516147f19f83fe4ac93471de19a8bcc1e3489d7298b734ec26d45aab_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:943fe18122c39717e8874df366a9d8cb2e98572e62af6773445b6328b38b9b0e_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:af6903e508dc41730b05d855d363f53c0e8efcb327429b59cbca959a9cc6aaf1_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee5eec8ed546799aa60d3181f45810632ce280a310a0f75fa847d8cfa0a7690d_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:e2e10580ca1783ac80ea08851c21f4accaa284951d7a909a59d3484ec3077163_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:0578be0cbc9bbbdd5bf86e5bbc15d1741f654af7149efdf184d300f6a3c0b86a_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:18da4574e93bb4cdf09757ad095257912cfdf8506546d83b2f705fbb9d067282_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:2a5eb683e47b2f8e1d02546ff6a640c984e71a9e657112243da082aea47d7af8_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:a696f5af8140d39bf5528d1efc1affab93050fb764c0e6d09c61f819375be139_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:3c87ef209deb488a3c37626273123280364972c155ae53d986fbc784bf219892_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:6af0be7e815a0c1db832025550381df8869a824393be8025d4cceb7e610619e9_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:b64f0e80cebf4fe945fa945a9df2796c463cb3026a7cfd32e9ab2fc98528b7d3_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e7316f47c02a052e731b15ee00e9bb0ed4a9a1dd19f5b2423150e83ebcb010dd_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:53d2838548e77931e94f9bcd85e941fb694b28a3585d280ddcb761344d2845e6_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:65503333e10391dca7854bd07dc161288cc00b1a722533e42af1e2c4c3c0afeb_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:8185411ec370b562124ed94598c1dc5128f7b4eba2612d59a0b0b5c767a2a697_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d682a5dd2a55034acfd3fe24b70526d1f514cf7e058aa51505d72537045cf3be_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:cba47e962ec1b6b6f68cea1b231e4a69f8e8ec25067b6e603ebeb268c9fc1ee0_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2195b3586d18555507672ce46cbe7ca44fc89271217f4d10c4a0f709d63a2ad9_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:4454746edc32128a37ab4be8b97c99b87fd8d85fc2199a2d80834ff72f9790d5_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:b615e4d4f9d80660cd340c20df280f0387049f5940f7bb2812d2e3bf325a12f9_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ff9ba83cb0a4505d9bfbd5b0826400b0d3685572e8f599a2813f1462c8a2c310_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:dbdd7ba0477474b50810b0950c8e50171b2327f81ad14ff02ba34cb69885cd45_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:523a51c7c519af386cdaebb7e67971f0a05a7b31fb6683be852a291aada8201a_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:7ce1aebe1c0916ab52b66902127625b13c19231ffd67b24c8606a0131f19d4f9_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:8e02861c489702fb5b0ecb60c8b4e9bb6a14a5f026ceee9fee482891cf7dd61e_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:c5fdf182c5b34b44e21971af93272ac07a2521c3d496b6d92c0a3a7afe3bd362_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:7551505ec9af37fd96ad9a226a475d3d7169eb7d861c4f45cd490ff1f0fae1d3_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:64b287be516147f19f83fe4ac93471de19a8bcc1e3489d7298b734ec26d45aab_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:943fe18122c39717e8874df366a9d8cb2e98572e62af6773445b6328b38b9b0e_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:af6903e508dc41730b05d855d363f53c0e8efcb327429b59cbca959a9cc6aaf1_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee5eec8ed546799aa60d3181f45810632ce280a310a0f75fa847d8cfa0a7690d_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:e2e10580ca1783ac80ea08851c21f4accaa284951d7a909a59d3484ec3077163_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:0578be0cbc9bbbdd5bf86e5bbc15d1741f654af7149efdf184d300f6a3c0b86a_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:18da4574e93bb4cdf09757ad095257912cfdf8506546d83b2f705fbb9d067282_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:2a5eb683e47b2f8e1d02546ff6a640c984e71a9e657112243da082aea47d7af8_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:a696f5af8140d39bf5528d1efc1affab93050fb764c0e6d09c61f819375be139_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:3c87ef209deb488a3c37626273123280364972c155ae53d986fbc784bf219892_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:6af0be7e815a0c1db832025550381df8869a824393be8025d4cceb7e610619e9_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:b64f0e80cebf4fe945fa945a9df2796c463cb3026a7cfd32e9ab2fc98528b7d3_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e7316f47c02a052e731b15ee00e9bb0ed4a9a1dd19f5b2423150e83ebcb010dd_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "github.com/jackc/pgproto3/v2: github.com/jackc/pgproto3/v2: Denial of Service via malicious PostgreSQL server"
},
{
"cve": "CVE-2026-33186",
"cwe": {
"id": "CWE-551",
"name": "Incorrect Behavior Order: Authorization Before Parsing and Canonicalization"
},
"discovery_date": "2026-03-20T23:02:27.802640+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:53d2838548e77931e94f9bcd85e941fb694b28a3585d280ddcb761344d2845e6_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:65503333e10391dca7854bd07dc161288cc00b1a722533e42af1e2c4c3c0afeb_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:8185411ec370b562124ed94598c1dc5128f7b4eba2612d59a0b0b5c767a2a697_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d682a5dd2a55034acfd3fe24b70526d1f514cf7e058aa51505d72537045cf3be_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:cba47e962ec1b6b6f68cea1b231e4a69f8e8ec25067b6e603ebeb268c9fc1ee0_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2195b3586d18555507672ce46cbe7ca44fc89271217f4d10c4a0f709d63a2ad9_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:4454746edc32128a37ab4be8b97c99b87fd8d85fc2199a2d80834ff72f9790d5_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:b615e4d4f9d80660cd340c20df280f0387049f5940f7bb2812d2e3bf325a12f9_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ff9ba83cb0a4505d9bfbd5b0826400b0d3685572e8f599a2813f1462c8a2c310_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:dbdd7ba0477474b50810b0950c8e50171b2327f81ad14ff02ba34cb69885cd45_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:523a51c7c519af386cdaebb7e67971f0a05a7b31fb6683be852a291aada8201a_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:7ce1aebe1c0916ab52b66902127625b13c19231ffd67b24c8606a0131f19d4f9_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:8e02861c489702fb5b0ecb60c8b4e9bb6a14a5f026ceee9fee482891cf7dd61e_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:c5fdf182c5b34b44e21971af93272ac07a2521c3d496b6d92c0a3a7afe3bd362_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:7551505ec9af37fd96ad9a226a475d3d7169eb7d861c4f45cd490ff1f0fae1d3_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:64b287be516147f19f83fe4ac93471de19a8bcc1e3489d7298b734ec26d45aab_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:943fe18122c39717e8874df366a9d8cb2e98572e62af6773445b6328b38b9b0e_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:af6903e508dc41730b05d855d363f53c0e8efcb327429b59cbca959a9cc6aaf1_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee5eec8ed546799aa60d3181f45810632ce280a310a0f75fa847d8cfa0a7690d_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:e2e10580ca1783ac80ea08851c21f4accaa284951d7a909a59d3484ec3077163_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:0578be0cbc9bbbdd5bf86e5bbc15d1741f654af7149efdf184d300f6a3c0b86a_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:18da4574e93bb4cdf09757ad095257912cfdf8506546d83b2f705fbb9d067282_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:2a5eb683e47b2f8e1d02546ff6a640c984e71a9e657112243da082aea47d7af8_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:a696f5af8140d39bf5528d1efc1affab93050fb764c0e6d09c61f819375be139_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2449833"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in gRPC-Go, the Go language implementation of gRPC. This vulnerability, an authorization bypass, is caused by improper input validation of the HTTP/2 `:path` pseudo-header. A remote attacker can exploit this by sending raw HTTP/2 frames with a malformed `:path` that omits the mandatory leading slash. This allows the attacker to bypass defined security policies, potentially leading to unauthorized access to services or information disclosure.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "google.golang.org/grpc/grpc-go: google.golang.org/grpc/authz: gRPC-Go: Authorization bypass due to improper HTTP/2 path validation",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:3c87ef209deb488a3c37626273123280364972c155ae53d986fbc784bf219892_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:6af0be7e815a0c1db832025550381df8869a824393be8025d4cceb7e610619e9_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:b64f0e80cebf4fe945fa945a9df2796c463cb3026a7cfd32e9ab2fc98528b7d3_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e7316f47c02a052e731b15ee00e9bb0ed4a9a1dd19f5b2423150e83ebcb010dd_s390x"
],
"known_not_affected": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:53d2838548e77931e94f9bcd85e941fb694b28a3585d280ddcb761344d2845e6_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:65503333e10391dca7854bd07dc161288cc00b1a722533e42af1e2c4c3c0afeb_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:8185411ec370b562124ed94598c1dc5128f7b4eba2612d59a0b0b5c767a2a697_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d682a5dd2a55034acfd3fe24b70526d1f514cf7e058aa51505d72537045cf3be_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:cba47e962ec1b6b6f68cea1b231e4a69f8e8ec25067b6e603ebeb268c9fc1ee0_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2195b3586d18555507672ce46cbe7ca44fc89271217f4d10c4a0f709d63a2ad9_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:4454746edc32128a37ab4be8b97c99b87fd8d85fc2199a2d80834ff72f9790d5_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:b615e4d4f9d80660cd340c20df280f0387049f5940f7bb2812d2e3bf325a12f9_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ff9ba83cb0a4505d9bfbd5b0826400b0d3685572e8f599a2813f1462c8a2c310_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:dbdd7ba0477474b50810b0950c8e50171b2327f81ad14ff02ba34cb69885cd45_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:523a51c7c519af386cdaebb7e67971f0a05a7b31fb6683be852a291aada8201a_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:7ce1aebe1c0916ab52b66902127625b13c19231ffd67b24c8606a0131f19d4f9_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:8e02861c489702fb5b0ecb60c8b4e9bb6a14a5f026ceee9fee482891cf7dd61e_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:c5fdf182c5b34b44e21971af93272ac07a2521c3d496b6d92c0a3a7afe3bd362_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:7551505ec9af37fd96ad9a226a475d3d7169eb7d861c4f45cd490ff1f0fae1d3_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:64b287be516147f19f83fe4ac93471de19a8bcc1e3489d7298b734ec26d45aab_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:943fe18122c39717e8874df366a9d8cb2e98572e62af6773445b6328b38b9b0e_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:af6903e508dc41730b05d855d363f53c0e8efcb327429b59cbca959a9cc6aaf1_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee5eec8ed546799aa60d3181f45810632ce280a310a0f75fa847d8cfa0a7690d_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:e2e10580ca1783ac80ea08851c21f4accaa284951d7a909a59d3484ec3077163_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:0578be0cbc9bbbdd5bf86e5bbc15d1741f654af7149efdf184d300f6a3c0b86a_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:18da4574e93bb4cdf09757ad095257912cfdf8506546d83b2f705fbb9d067282_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:2a5eb683e47b2f8e1d02546ff6a640c984e71a9e657112243da082aea47d7af8_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:a696f5af8140d39bf5528d1efc1affab93050fb764c0e6d09c61f819375be139_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-33186"
},
{
"category": "external",
"summary": "RHBZ#2449833",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2449833"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-33186",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33186"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-33186",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33186"
},
{
"category": "external",
"summary": "https://github.com/grpc/grpc-go/security/advisories/GHSA-p77j-4mvh-x3m3",
"url": "https://github.com/grpc/grpc-go/security/advisories/GHSA-p77j-4mvh-x3m3"
}
],
"release_date": "2026-03-20T22:23:32.147000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-29T17:11:19+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:3c87ef209deb488a3c37626273123280364972c155ae53d986fbc784bf219892_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:6af0be7e815a0c1db832025550381df8869a824393be8025d4cceb7e610619e9_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:b64f0e80cebf4fe945fa945a9df2796c463cb3026a7cfd32e9ab2fc98528b7d3_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e7316f47c02a052e731b15ee00e9bb0ed4a9a1dd19f5b2423150e83ebcb010dd_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:11856"
},
{
"category": "workaround",
"details": "To mitigate this issue, implement infrastructure-level normalization to ensure all incoming HTTP/2 `:path` headers are properly formatted with a leading slash before reaching the gRPC-Go server. This can be achieved by configuring a reverse proxy or API gateway to validate and normalize the `:path` header. Ensure that any such intermediary is properly configured and restarted to apply the changes, which may temporarily impact service availability.",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:53d2838548e77931e94f9bcd85e941fb694b28a3585d280ddcb761344d2845e6_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:65503333e10391dca7854bd07dc161288cc00b1a722533e42af1e2c4c3c0afeb_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:8185411ec370b562124ed94598c1dc5128f7b4eba2612d59a0b0b5c767a2a697_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d682a5dd2a55034acfd3fe24b70526d1f514cf7e058aa51505d72537045cf3be_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:cba47e962ec1b6b6f68cea1b231e4a69f8e8ec25067b6e603ebeb268c9fc1ee0_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2195b3586d18555507672ce46cbe7ca44fc89271217f4d10c4a0f709d63a2ad9_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:4454746edc32128a37ab4be8b97c99b87fd8d85fc2199a2d80834ff72f9790d5_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:b615e4d4f9d80660cd340c20df280f0387049f5940f7bb2812d2e3bf325a12f9_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ff9ba83cb0a4505d9bfbd5b0826400b0d3685572e8f599a2813f1462c8a2c310_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:dbdd7ba0477474b50810b0950c8e50171b2327f81ad14ff02ba34cb69885cd45_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:523a51c7c519af386cdaebb7e67971f0a05a7b31fb6683be852a291aada8201a_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:7ce1aebe1c0916ab52b66902127625b13c19231ffd67b24c8606a0131f19d4f9_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:8e02861c489702fb5b0ecb60c8b4e9bb6a14a5f026ceee9fee482891cf7dd61e_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:c5fdf182c5b34b44e21971af93272ac07a2521c3d496b6d92c0a3a7afe3bd362_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:7551505ec9af37fd96ad9a226a475d3d7169eb7d861c4f45cd490ff1f0fae1d3_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:64b287be516147f19f83fe4ac93471de19a8bcc1e3489d7298b734ec26d45aab_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:943fe18122c39717e8874df366a9d8cb2e98572e62af6773445b6328b38b9b0e_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:af6903e508dc41730b05d855d363f53c0e8efcb327429b59cbca959a9cc6aaf1_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee5eec8ed546799aa60d3181f45810632ce280a310a0f75fa847d8cfa0a7690d_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:e2e10580ca1783ac80ea08851c21f4accaa284951d7a909a59d3484ec3077163_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:0578be0cbc9bbbdd5bf86e5bbc15d1741f654af7149efdf184d300f6a3c0b86a_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:18da4574e93bb4cdf09757ad095257912cfdf8506546d83b2f705fbb9d067282_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:2a5eb683e47b2f8e1d02546ff6a640c984e71a9e657112243da082aea47d7af8_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:a696f5af8140d39bf5528d1efc1affab93050fb764c0e6d09c61f819375be139_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:3c87ef209deb488a3c37626273123280364972c155ae53d986fbc784bf219892_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:6af0be7e815a0c1db832025550381df8869a824393be8025d4cceb7e610619e9_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:b64f0e80cebf4fe945fa945a9df2796c463cb3026a7cfd32e9ab2fc98528b7d3_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e7316f47c02a052e731b15ee00e9bb0ed4a9a1dd19f5b2423150e83ebcb010dd_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:53d2838548e77931e94f9bcd85e941fb694b28a3585d280ddcb761344d2845e6_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:65503333e10391dca7854bd07dc161288cc00b1a722533e42af1e2c4c3c0afeb_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:8185411ec370b562124ed94598c1dc5128f7b4eba2612d59a0b0b5c767a2a697_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d682a5dd2a55034acfd3fe24b70526d1f514cf7e058aa51505d72537045cf3be_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:cba47e962ec1b6b6f68cea1b231e4a69f8e8ec25067b6e603ebeb268c9fc1ee0_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2195b3586d18555507672ce46cbe7ca44fc89271217f4d10c4a0f709d63a2ad9_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:4454746edc32128a37ab4be8b97c99b87fd8d85fc2199a2d80834ff72f9790d5_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:b615e4d4f9d80660cd340c20df280f0387049f5940f7bb2812d2e3bf325a12f9_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ff9ba83cb0a4505d9bfbd5b0826400b0d3685572e8f599a2813f1462c8a2c310_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:dbdd7ba0477474b50810b0950c8e50171b2327f81ad14ff02ba34cb69885cd45_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:523a51c7c519af386cdaebb7e67971f0a05a7b31fb6683be852a291aada8201a_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:7ce1aebe1c0916ab52b66902127625b13c19231ffd67b24c8606a0131f19d4f9_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:8e02861c489702fb5b0ecb60c8b4e9bb6a14a5f026ceee9fee482891cf7dd61e_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:c5fdf182c5b34b44e21971af93272ac07a2521c3d496b6d92c0a3a7afe3bd362_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:7551505ec9af37fd96ad9a226a475d3d7169eb7d861c4f45cd490ff1f0fae1d3_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:64b287be516147f19f83fe4ac93471de19a8bcc1e3489d7298b734ec26d45aab_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:943fe18122c39717e8874df366a9d8cb2e98572e62af6773445b6328b38b9b0e_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:af6903e508dc41730b05d855d363f53c0e8efcb327429b59cbca959a9cc6aaf1_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee5eec8ed546799aa60d3181f45810632ce280a310a0f75fa847d8cfa0a7690d_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:e2e10580ca1783ac80ea08851c21f4accaa284951d7a909a59d3484ec3077163_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:0578be0cbc9bbbdd5bf86e5bbc15d1741f654af7149efdf184d300f6a3c0b86a_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:18da4574e93bb4cdf09757ad095257912cfdf8506546d83b2f705fbb9d067282_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:2a5eb683e47b2f8e1d02546ff6a640c984e71a9e657112243da082aea47d7af8_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:a696f5af8140d39bf5528d1efc1affab93050fb764c0e6d09c61f819375be139_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:3c87ef209deb488a3c37626273123280364972c155ae53d986fbc784bf219892_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:6af0be7e815a0c1db832025550381df8869a824393be8025d4cceb7e610619e9_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:b64f0e80cebf4fe945fa945a9df2796c463cb3026a7cfd32e9ab2fc98528b7d3_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e7316f47c02a052e731b15ee00e9bb0ed4a9a1dd19f5b2423150e83ebcb010dd_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "google.golang.org/grpc/grpc-go: google.golang.org/grpc/authz: gRPC-Go: Authorization bypass due to improper HTTP/2 path validation"
},
{
"cve": "CVE-2026-34986",
"cwe": {
"id": "CWE-131",
"name": "Incorrect Calculation of Buffer Size"
},
"discovery_date": "2026-04-06T17:01:34.639203+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:53d2838548e77931e94f9bcd85e941fb694b28a3585d280ddcb761344d2845e6_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:65503333e10391dca7854bd07dc161288cc00b1a722533e42af1e2c4c3c0afeb_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:8185411ec370b562124ed94598c1dc5128f7b4eba2612d59a0b0b5c767a2a697_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d682a5dd2a55034acfd3fe24b70526d1f514cf7e058aa51505d72537045cf3be_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:cba47e962ec1b6b6f68cea1b231e4a69f8e8ec25067b6e603ebeb268c9fc1ee0_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2195b3586d18555507672ce46cbe7ca44fc89271217f4d10c4a0f709d63a2ad9_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:4454746edc32128a37ab4be8b97c99b87fd8d85fc2199a2d80834ff72f9790d5_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:b615e4d4f9d80660cd340c20df280f0387049f5940f7bb2812d2e3bf325a12f9_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ff9ba83cb0a4505d9bfbd5b0826400b0d3685572e8f599a2813f1462c8a2c310_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:dbdd7ba0477474b50810b0950c8e50171b2327f81ad14ff02ba34cb69885cd45_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:523a51c7c519af386cdaebb7e67971f0a05a7b31fb6683be852a291aada8201a_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:7ce1aebe1c0916ab52b66902127625b13c19231ffd67b24c8606a0131f19d4f9_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:8e02861c489702fb5b0ecb60c8b4e9bb6a14a5f026ceee9fee482891cf7dd61e_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:c5fdf182c5b34b44e21971af93272ac07a2521c3d496b6d92c0a3a7afe3bd362_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:7551505ec9af37fd96ad9a226a475d3d7169eb7d861c4f45cd490ff1f0fae1d3_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:64b287be516147f19f83fe4ac93471de19a8bcc1e3489d7298b734ec26d45aab_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:943fe18122c39717e8874df366a9d8cb2e98572e62af6773445b6328b38b9b0e_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:af6903e508dc41730b05d855d363f53c0e8efcb327429b59cbca959a9cc6aaf1_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee5eec8ed546799aa60d3181f45810632ce280a310a0f75fa847d8cfa0a7690d_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:e2e10580ca1783ac80ea08851c21f4accaa284951d7a909a59d3484ec3077163_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:0578be0cbc9bbbdd5bf86e5bbc15d1741f654af7149efdf184d300f6a3c0b86a_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:18da4574e93bb4cdf09757ad095257912cfdf8506546d83b2f705fbb9d067282_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:2a5eb683e47b2f8e1d02546ff6a640c984e71a9e657112243da082aea47d7af8_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:a696f5af8140d39bf5528d1efc1affab93050fb764c0e6d09c61f819375be139_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2455470"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Go JOSE, a library for handling JSON Web Encryption (JWE) objects. A remote attacker could exploit this vulnerability by providing a specially crafted JWE object. When decrypting such an object, if a key wrapping algorithm is specified but the encrypted key field is empty, the application can crash. This leads to a denial of service (DoS), making the affected service unavailable to legitimate users.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "github.com/go-jose/go-jose/v3: github.com/go-jose/go-jose/v4: Go JOSE: Denial of Service via crafted JSON Web Encryption (JWE) object",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:3c87ef209deb488a3c37626273123280364972c155ae53d986fbc784bf219892_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:6af0be7e815a0c1db832025550381df8869a824393be8025d4cceb7e610619e9_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:b64f0e80cebf4fe945fa945a9df2796c463cb3026a7cfd32e9ab2fc98528b7d3_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e7316f47c02a052e731b15ee00e9bb0ed4a9a1dd19f5b2423150e83ebcb010dd_s390x"
],
"known_not_affected": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:53d2838548e77931e94f9bcd85e941fb694b28a3585d280ddcb761344d2845e6_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:65503333e10391dca7854bd07dc161288cc00b1a722533e42af1e2c4c3c0afeb_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:8185411ec370b562124ed94598c1dc5128f7b4eba2612d59a0b0b5c767a2a697_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d682a5dd2a55034acfd3fe24b70526d1f514cf7e058aa51505d72537045cf3be_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:cba47e962ec1b6b6f68cea1b231e4a69f8e8ec25067b6e603ebeb268c9fc1ee0_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2195b3586d18555507672ce46cbe7ca44fc89271217f4d10c4a0f709d63a2ad9_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:4454746edc32128a37ab4be8b97c99b87fd8d85fc2199a2d80834ff72f9790d5_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:b615e4d4f9d80660cd340c20df280f0387049f5940f7bb2812d2e3bf325a12f9_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ff9ba83cb0a4505d9bfbd5b0826400b0d3685572e8f599a2813f1462c8a2c310_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:dbdd7ba0477474b50810b0950c8e50171b2327f81ad14ff02ba34cb69885cd45_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:523a51c7c519af386cdaebb7e67971f0a05a7b31fb6683be852a291aada8201a_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:7ce1aebe1c0916ab52b66902127625b13c19231ffd67b24c8606a0131f19d4f9_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:8e02861c489702fb5b0ecb60c8b4e9bb6a14a5f026ceee9fee482891cf7dd61e_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:c5fdf182c5b34b44e21971af93272ac07a2521c3d496b6d92c0a3a7afe3bd362_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:7551505ec9af37fd96ad9a226a475d3d7169eb7d861c4f45cd490ff1f0fae1d3_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:64b287be516147f19f83fe4ac93471de19a8bcc1e3489d7298b734ec26d45aab_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:943fe18122c39717e8874df366a9d8cb2e98572e62af6773445b6328b38b9b0e_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:af6903e508dc41730b05d855d363f53c0e8efcb327429b59cbca959a9cc6aaf1_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee5eec8ed546799aa60d3181f45810632ce280a310a0f75fa847d8cfa0a7690d_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:e2e10580ca1783ac80ea08851c21f4accaa284951d7a909a59d3484ec3077163_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:0578be0cbc9bbbdd5bf86e5bbc15d1741f654af7149efdf184d300f6a3c0b86a_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:18da4574e93bb4cdf09757ad095257912cfdf8506546d83b2f705fbb9d067282_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:2a5eb683e47b2f8e1d02546ff6a640c984e71a9e657112243da082aea47d7af8_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:a696f5af8140d39bf5528d1efc1affab93050fb764c0e6d09c61f819375be139_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-34986"
},
{
"category": "external",
"summary": "RHBZ#2455470",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2455470"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-34986",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34986"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-34986",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34986"
},
{
"category": "external",
"summary": "https://github.com/go-jose/go-jose/security/advisories/GHSA-78h2-9frx-2jm8",
"url": "https://github.com/go-jose/go-jose/security/advisories/GHSA-78h2-9frx-2jm8"
},
{
"category": "external",
"summary": "https://pkg.go.dev/github.com/go-jose/go-jose/v4#pkg-constants",
"url": "https://pkg.go.dev/github.com/go-jose/go-jose/v4#pkg-constants"
}
],
"release_date": "2026-04-06T16:22:45.353000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-29T17:11:19+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:3c87ef209deb488a3c37626273123280364972c155ae53d986fbc784bf219892_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:6af0be7e815a0c1db832025550381df8869a824393be8025d4cceb7e610619e9_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:b64f0e80cebf4fe945fa945a9df2796c463cb3026a7cfd32e9ab2fc98528b7d3_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e7316f47c02a052e731b15ee00e9bb0ed4a9a1dd19f5b2423150e83ebcb010dd_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:11856"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:53d2838548e77931e94f9bcd85e941fb694b28a3585d280ddcb761344d2845e6_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:65503333e10391dca7854bd07dc161288cc00b1a722533e42af1e2c4c3c0afeb_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:8185411ec370b562124ed94598c1dc5128f7b4eba2612d59a0b0b5c767a2a697_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d682a5dd2a55034acfd3fe24b70526d1f514cf7e058aa51505d72537045cf3be_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:cba47e962ec1b6b6f68cea1b231e4a69f8e8ec25067b6e603ebeb268c9fc1ee0_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2195b3586d18555507672ce46cbe7ca44fc89271217f4d10c4a0f709d63a2ad9_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:4454746edc32128a37ab4be8b97c99b87fd8d85fc2199a2d80834ff72f9790d5_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:b615e4d4f9d80660cd340c20df280f0387049f5940f7bb2812d2e3bf325a12f9_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ff9ba83cb0a4505d9bfbd5b0826400b0d3685572e8f599a2813f1462c8a2c310_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:dbdd7ba0477474b50810b0950c8e50171b2327f81ad14ff02ba34cb69885cd45_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:523a51c7c519af386cdaebb7e67971f0a05a7b31fb6683be852a291aada8201a_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:7ce1aebe1c0916ab52b66902127625b13c19231ffd67b24c8606a0131f19d4f9_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:8e02861c489702fb5b0ecb60c8b4e9bb6a14a5f026ceee9fee482891cf7dd61e_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:c5fdf182c5b34b44e21971af93272ac07a2521c3d496b6d92c0a3a7afe3bd362_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:7551505ec9af37fd96ad9a226a475d3d7169eb7d861c4f45cd490ff1f0fae1d3_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:64b287be516147f19f83fe4ac93471de19a8bcc1e3489d7298b734ec26d45aab_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:943fe18122c39717e8874df366a9d8cb2e98572e62af6773445b6328b38b9b0e_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:af6903e508dc41730b05d855d363f53c0e8efcb327429b59cbca959a9cc6aaf1_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee5eec8ed546799aa60d3181f45810632ce280a310a0f75fa847d8cfa0a7690d_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:e2e10580ca1783ac80ea08851c21f4accaa284951d7a909a59d3484ec3077163_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:0578be0cbc9bbbdd5bf86e5bbc15d1741f654af7149efdf184d300f6a3c0b86a_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:18da4574e93bb4cdf09757ad095257912cfdf8506546d83b2f705fbb9d067282_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:2a5eb683e47b2f8e1d02546ff6a640c984e71a9e657112243da082aea47d7af8_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:a696f5af8140d39bf5528d1efc1affab93050fb764c0e6d09c61f819375be139_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:3c87ef209deb488a3c37626273123280364972c155ae53d986fbc784bf219892_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:6af0be7e815a0c1db832025550381df8869a824393be8025d4cceb7e610619e9_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:b64f0e80cebf4fe945fa945a9df2796c463cb3026a7cfd32e9ab2fc98528b7d3_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e7316f47c02a052e731b15ee00e9bb0ed4a9a1dd19f5b2423150e83ebcb010dd_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:53d2838548e77931e94f9bcd85e941fb694b28a3585d280ddcb761344d2845e6_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:65503333e10391dca7854bd07dc161288cc00b1a722533e42af1e2c4c3c0afeb_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:8185411ec370b562124ed94598c1dc5128f7b4eba2612d59a0b0b5c767a2a697_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d682a5dd2a55034acfd3fe24b70526d1f514cf7e058aa51505d72537045cf3be_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:cba47e962ec1b6b6f68cea1b231e4a69f8e8ec25067b6e603ebeb268c9fc1ee0_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2195b3586d18555507672ce46cbe7ca44fc89271217f4d10c4a0f709d63a2ad9_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:4454746edc32128a37ab4be8b97c99b87fd8d85fc2199a2d80834ff72f9790d5_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:b615e4d4f9d80660cd340c20df280f0387049f5940f7bb2812d2e3bf325a12f9_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ff9ba83cb0a4505d9bfbd5b0826400b0d3685572e8f599a2813f1462c8a2c310_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:dbdd7ba0477474b50810b0950c8e50171b2327f81ad14ff02ba34cb69885cd45_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:523a51c7c519af386cdaebb7e67971f0a05a7b31fb6683be852a291aada8201a_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:7ce1aebe1c0916ab52b66902127625b13c19231ffd67b24c8606a0131f19d4f9_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:8e02861c489702fb5b0ecb60c8b4e9bb6a14a5f026ceee9fee482891cf7dd61e_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:c5fdf182c5b34b44e21971af93272ac07a2521c3d496b6d92c0a3a7afe3bd362_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:7551505ec9af37fd96ad9a226a475d3d7169eb7d861c4f45cd490ff1f0fae1d3_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:64b287be516147f19f83fe4ac93471de19a8bcc1e3489d7298b734ec26d45aab_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:943fe18122c39717e8874df366a9d8cb2e98572e62af6773445b6328b38b9b0e_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:af6903e508dc41730b05d855d363f53c0e8efcb327429b59cbca959a9cc6aaf1_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee5eec8ed546799aa60d3181f45810632ce280a310a0f75fa847d8cfa0a7690d_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:e2e10580ca1783ac80ea08851c21f4accaa284951d7a909a59d3484ec3077163_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:0578be0cbc9bbbdd5bf86e5bbc15d1741f654af7149efdf184d300f6a3c0b86a_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:18da4574e93bb4cdf09757ad095257912cfdf8506546d83b2f705fbb9d067282_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:2a5eb683e47b2f8e1d02546ff6a640c984e71a9e657112243da082aea47d7af8_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:a696f5af8140d39bf5528d1efc1affab93050fb764c0e6d09c61f819375be139_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:3c87ef209deb488a3c37626273123280364972c155ae53d986fbc784bf219892_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:6af0be7e815a0c1db832025550381df8869a824393be8025d4cceb7e610619e9_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:b64f0e80cebf4fe945fa945a9df2796c463cb3026a7cfd32e9ab2fc98528b7d3_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e7316f47c02a052e731b15ee00e9bb0ed4a9a1dd19f5b2423150e83ebcb010dd_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "github.com/go-jose/go-jose/v3: github.com/go-jose/go-jose/v4: Go JOSE: Denial of Service via crafted JSON Web Encryption (JWE) object"
}
]
}
RHSA-2026:11916
Vulnerability from csaf_redhat - Published: 2026-04-29 21:18 - Updated: 2026-06-27 14:37Summary
Red Hat Security Advisory: Red Hat Quay 3.10.21
Severity
Important
Notes
Topic: Red Hat Quay 3.10.21 is now available with bug fixes.
Details: Quay 3.10.21
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
No description is available for this CVE.
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:1f42a9088fd931804a16d6170c2d65a1a49b2433e906d3e3ac59f5169793ae8d_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:82890320e84c3be368d5f7e4b76fb99d6a20340cd5c3b2809e3e23cabc76bc7b_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:dcf424eb353016ba6d2751052099542b330f99ea8ee0540431e50a8df5628263_amd64 | — |
Vendor Fix
fix
|
Known not affected
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:0a65832e2056a4f317afc7aaffa870418a67a5c8216787469d5845e7b9e1da56_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:62c33fd8160ec9f5ca795496c302f9ab708167a784f56422705e42a73eaa69fc_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:77f795c922f07ccdb237e98bc0184c2b63e640bb9fb71c183b00ece2d4d423f7_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:a85190ee795f8fa1e9324af5e0af259ab69fa3a05272a5bb5f4076d372fd5fd1_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2aa45808282b59093c37870eee91e90f3ea0f5505a2c3081044426afc1b24c43_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:57a8db4bfcc0f507fc46e9e0f379bb85558431940861d5ccf7d67c28b4ce70d6_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:628fb2f45f9ae0a1f7ade369ddb11aaf19e849914df3e1602a72bbd747c39403_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:0349e3a25a20874671f34ded49ea0a692a4ccff726ae9a7c212134edd5684aa6_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:3ef001da349fb2880c5b4c7b2b480d84497d2d7b06d5f88b434a5867b15831ea_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:762a843c527f3eae162e4bedee20f88b2df2919499bc07ee156ed6e575673a2b_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d564610e1019680260e701955356a2fbd14de32a46506128208c1ebc6771e0e_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:db1bd588d96d3eff25fce96b0e6d78d042b6041b0bb31a64f4683df65b3af5e3_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5845f4f7c9d013682cf2605a766aeb698e41934f85e3cf4f40a39f95036d2778_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:7e32adf6e8872a6b867d64020b03c1ed4ecbb4079539c3f66e85a595704b008d_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a39cdaf818b6cc9fcb1c780a82c39b1f8d7f00dcb5f4ecdf5795cd7452f56203_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:77dbe735cb007c4cb31d0d01e26aa46f7014ea4089b72630d206526605b78e52_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:489446f0c5a57d9d6bcdb7b0ccba2db6c5f961693bc0c95cda02a6ee52a718ae_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:7c05bf2bab975c345fbb1f54c74ce00b512a7780262087ffeb5e18e39d357e2e_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:bf747665d8f980936633273351381207f0db7e5a920f6c1745dd1282f9a7a7a7_s390x | — |
The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid.
7.5 (High)
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:1f42a9088fd931804a16d6170c2d65a1a49b2433e906d3e3ac59f5169793ae8d_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:82890320e84c3be368d5f7e4b76fb99d6a20340cd5c3b2809e3e23cabc76bc7b_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:dcf424eb353016ba6d2751052099542b330f99ea8ee0540431e50a8df5628263_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:0a65832e2056a4f317afc7aaffa870418a67a5c8216787469d5845e7b9e1da56_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:62c33fd8160ec9f5ca795496c302f9ab708167a784f56422705e42a73eaa69fc_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:77f795c922f07ccdb237e98bc0184c2b63e640bb9fb71c183b00ece2d4d423f7_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:a85190ee795f8fa1e9324af5e0af259ab69fa3a05272a5bb5f4076d372fd5fd1_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2aa45808282b59093c37870eee91e90f3ea0f5505a2c3081044426afc1b24c43_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:57a8db4bfcc0f507fc46e9e0f379bb85558431940861d5ccf7d67c28b4ce70d6_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:628fb2f45f9ae0a1f7ade369ddb11aaf19e849914df3e1602a72bbd747c39403_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:0349e3a25a20874671f34ded49ea0a692a4ccff726ae9a7c212134edd5684aa6_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:3ef001da349fb2880c5b4c7b2b480d84497d2d7b06d5f88b434a5867b15831ea_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:762a843c527f3eae162e4bedee20f88b2df2919499bc07ee156ed6e575673a2b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d564610e1019680260e701955356a2fbd14de32a46506128208c1ebc6771e0e_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:db1bd588d96d3eff25fce96b0e6d78d042b6041b0bb31a64f4683df65b3af5e3_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5845f4f7c9d013682cf2605a766aeb698e41934f85e3cf4f40a39f95036d2778_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:7e32adf6e8872a6b867d64020b03c1ed4ecbb4079539c3f66e85a595704b008d_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a39cdaf818b6cc9fcb1c780a82c39b1f8d7f00dcb5f4ecdf5795cd7452f56203_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:77dbe735cb007c4cb31d0d01e26aa46f7014ea4089b72630d206526605b78e52_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:489446f0c5a57d9d6bcdb7b0ccba2db6c5f961693bc0c95cda02a6ee52a718ae_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:7c05bf2bab975c345fbb1f54c74ce00b512a7780262087ffeb5e18e39d357e2e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:bf747665d8f980936633273351381207f0db7e5a920f6c1745dd1282f9a7a7a7_s390x | — |
Workaround
|
Threats
Impact
Important
A flaw was found in pyOpenSSL. The set_cookie_generate_callback callback function can be used to generate DTLS cookies. When the callback returns a cookie string or byte sequence longer than 256 bytes, a buffer overflow can be triggered due to a missing bounds checking before copying the data to a fixed-size buffer provided by the underlying OpenSSL library.
8.1 (High)
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:1f42a9088fd931804a16d6170c2d65a1a49b2433e906d3e3ac59f5169793ae8d_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:82890320e84c3be368d5f7e4b76fb99d6a20340cd5c3b2809e3e23cabc76bc7b_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:dcf424eb353016ba6d2751052099542b330f99ea8ee0540431e50a8df5628263_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:0a65832e2056a4f317afc7aaffa870418a67a5c8216787469d5845e7b9e1da56_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:62c33fd8160ec9f5ca795496c302f9ab708167a784f56422705e42a73eaa69fc_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:77f795c922f07ccdb237e98bc0184c2b63e640bb9fb71c183b00ece2d4d423f7_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:a85190ee795f8fa1e9324af5e0af259ab69fa3a05272a5bb5f4076d372fd5fd1_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2aa45808282b59093c37870eee91e90f3ea0f5505a2c3081044426afc1b24c43_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:57a8db4bfcc0f507fc46e9e0f379bb85558431940861d5ccf7d67c28b4ce70d6_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:628fb2f45f9ae0a1f7ade369ddb11aaf19e849914df3e1602a72bbd747c39403_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:0349e3a25a20874671f34ded49ea0a692a4ccff726ae9a7c212134edd5684aa6_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:3ef001da349fb2880c5b4c7b2b480d84497d2d7b06d5f88b434a5867b15831ea_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:762a843c527f3eae162e4bedee20f88b2df2919499bc07ee156ed6e575673a2b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d564610e1019680260e701955356a2fbd14de32a46506128208c1ebc6771e0e_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:db1bd588d96d3eff25fce96b0e6d78d042b6041b0bb31a64f4683df65b3af5e3_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5845f4f7c9d013682cf2605a766aeb698e41934f85e3cf4f40a39f95036d2778_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:7e32adf6e8872a6b867d64020b03c1ed4ecbb4079539c3f66e85a595704b008d_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a39cdaf818b6cc9fcb1c780a82c39b1f8d7f00dcb5f4ecdf5795cd7452f56203_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:77dbe735cb007c4cb31d0d01e26aa46f7014ea4089b72630d206526605b78e52_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:489446f0c5a57d9d6bcdb7b0ccba2db6c5f961693bc0c95cda02a6ee52a718ae_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:7c05bf2bab975c345fbb1f54c74ce00b512a7780262087ffeb5e18e39d357e2e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:bf747665d8f980936633273351381207f0db7e5a920f6c1745dd1282f9a7a7a7_s390x | — |
Workaround
|
Threats
Impact
Important
A flaw was found in Immutable.js, a library for persistent immutable data structures. This vulnerability, known as Prototype Pollution, allows an attacker with low privileges to inject unwanted properties into core JavaScript object prototypes without user interaction. By manipulating specific APIs such as mergeDeep(), mergeDeepWith(), merge(), Map.toJS(), and Map.toObject(), a remote attacker could potentially execute arbitrary code or cause a denial of service (DoS).
8.8 (High)
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:1f42a9088fd931804a16d6170c2d65a1a49b2433e906d3e3ac59f5169793ae8d_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:82890320e84c3be368d5f7e4b76fb99d6a20340cd5c3b2809e3e23cabc76bc7b_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:dcf424eb353016ba6d2751052099542b330f99ea8ee0540431e50a8df5628263_amd64 | — |
Vendor Fix
fix
|
Known not affected
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:0a65832e2056a4f317afc7aaffa870418a67a5c8216787469d5845e7b9e1da56_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:62c33fd8160ec9f5ca795496c302f9ab708167a784f56422705e42a73eaa69fc_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:77f795c922f07ccdb237e98bc0184c2b63e640bb9fb71c183b00ece2d4d423f7_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:a85190ee795f8fa1e9324af5e0af259ab69fa3a05272a5bb5f4076d372fd5fd1_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2aa45808282b59093c37870eee91e90f3ea0f5505a2c3081044426afc1b24c43_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:57a8db4bfcc0f507fc46e9e0f379bb85558431940861d5ccf7d67c28b4ce70d6_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:628fb2f45f9ae0a1f7ade369ddb11aaf19e849914df3e1602a72bbd747c39403_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:0349e3a25a20874671f34ded49ea0a692a4ccff726ae9a7c212134edd5684aa6_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:3ef001da349fb2880c5b4c7b2b480d84497d2d7b06d5f88b434a5867b15831ea_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:762a843c527f3eae162e4bedee20f88b2df2919499bc07ee156ed6e575673a2b_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d564610e1019680260e701955356a2fbd14de32a46506128208c1ebc6771e0e_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:db1bd588d96d3eff25fce96b0e6d78d042b6041b0bb31a64f4683df65b3af5e3_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5845f4f7c9d013682cf2605a766aeb698e41934f85e3cf4f40a39f95036d2778_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:7e32adf6e8872a6b867d64020b03c1ed4ecbb4079539c3f66e85a595704b008d_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a39cdaf818b6cc9fcb1c780a82c39b1f8d7f00dcb5f4ecdf5795cd7452f56203_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:77dbe735cb007c4cb31d0d01e26aa46f7014ea4089b72630d206526605b78e52_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:489446f0c5a57d9d6bcdb7b0ccba2db6c5f961693bc0c95cda02a6ee52a718ae_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:7c05bf2bab975c345fbb1f54c74ce00b512a7780262087ffeb5e18e39d357e2e_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:bf747665d8f980936633273351381207f0db7e5a920f6c1745dd1282f9a7a7a7_s390x | — |
Threats
Impact
Important
A flaw was found in SVGO, an SVG (Scalable Vector Graphics) Optimizer. This vulnerability allows a remote attacker to cause a Denial of Service (DoS) by submitting a specially crafted XML file. The application's failure to properly guard against XML entity expansion or recursion can lead to the Node.js process consuming excessive memory and crashing.
7.5 (High)
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:1f42a9088fd931804a16d6170c2d65a1a49b2433e906d3e3ac59f5169793ae8d_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:82890320e84c3be368d5f7e4b76fb99d6a20340cd5c3b2809e3e23cabc76bc7b_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:dcf424eb353016ba6d2751052099542b330f99ea8ee0540431e50a8df5628263_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:0a65832e2056a4f317afc7aaffa870418a67a5c8216787469d5845e7b9e1da56_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:62c33fd8160ec9f5ca795496c302f9ab708167a784f56422705e42a73eaa69fc_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:77f795c922f07ccdb237e98bc0184c2b63e640bb9fb71c183b00ece2d4d423f7_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:a85190ee795f8fa1e9324af5e0af259ab69fa3a05272a5bb5f4076d372fd5fd1_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2aa45808282b59093c37870eee91e90f3ea0f5505a2c3081044426afc1b24c43_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:57a8db4bfcc0f507fc46e9e0f379bb85558431940861d5ccf7d67c28b4ce70d6_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:628fb2f45f9ae0a1f7ade369ddb11aaf19e849914df3e1602a72bbd747c39403_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:0349e3a25a20874671f34ded49ea0a692a4ccff726ae9a7c212134edd5684aa6_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:3ef001da349fb2880c5b4c7b2b480d84497d2d7b06d5f88b434a5867b15831ea_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:762a843c527f3eae162e4bedee20f88b2df2919499bc07ee156ed6e575673a2b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d564610e1019680260e701955356a2fbd14de32a46506128208c1ebc6771e0e_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:db1bd588d96d3eff25fce96b0e6d78d042b6041b0bb31a64f4683df65b3af5e3_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5845f4f7c9d013682cf2605a766aeb698e41934f85e3cf4f40a39f95036d2778_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:7e32adf6e8872a6b867d64020b03c1ed4ecbb4079539c3f66e85a595704b008d_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a39cdaf818b6cc9fcb1c780a82c39b1f8d7f00dcb5f4ecdf5795cd7452f56203_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:77dbe735cb007c4cb31d0d01e26aa46f7014ea4089b72630d206526605b78e52_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:489446f0c5a57d9d6bcdb7b0ccba2db6c5f961693bc0c95cda02a6ee52a718ae_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:7c05bf2bab975c345fbb1f54c74ce00b512a7780262087ffeb5e18e39d357e2e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:bf747665d8f980936633273351381207f0db7e5a920f6c1745dd1282f9a7a7a7_s390x | — |
Workaround
|
Threats
Impact
Important
A flaw was found in the DataRow.Decode function within the github.com/jackc/pgproto3/v2 component. A malicious or compromised PostgreSQL server can exploit this by sending a DataRow message containing a negative field length. This improper validation of field lengths leads to a "slice bounds out of range panic", resulting in a Denial of Service (DoS) for the affected application.
7.5 (High)
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:1f42a9088fd931804a16d6170c2d65a1a49b2433e906d3e3ac59f5169793ae8d_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:82890320e84c3be368d5f7e4b76fb99d6a20340cd5c3b2809e3e23cabc76bc7b_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:dcf424eb353016ba6d2751052099542b330f99ea8ee0540431e50a8df5628263_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:0a65832e2056a4f317afc7aaffa870418a67a5c8216787469d5845e7b9e1da56_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:62c33fd8160ec9f5ca795496c302f9ab708167a784f56422705e42a73eaa69fc_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:77f795c922f07ccdb237e98bc0184c2b63e640bb9fb71c183b00ece2d4d423f7_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:a85190ee795f8fa1e9324af5e0af259ab69fa3a05272a5bb5f4076d372fd5fd1_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2aa45808282b59093c37870eee91e90f3ea0f5505a2c3081044426afc1b24c43_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:57a8db4bfcc0f507fc46e9e0f379bb85558431940861d5ccf7d67c28b4ce70d6_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:628fb2f45f9ae0a1f7ade369ddb11aaf19e849914df3e1602a72bbd747c39403_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:0349e3a25a20874671f34ded49ea0a692a4ccff726ae9a7c212134edd5684aa6_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:3ef001da349fb2880c5b4c7b2b480d84497d2d7b06d5f88b434a5867b15831ea_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:762a843c527f3eae162e4bedee20f88b2df2919499bc07ee156ed6e575673a2b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d564610e1019680260e701955356a2fbd14de32a46506128208c1ebc6771e0e_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:db1bd588d96d3eff25fce96b0e6d78d042b6041b0bb31a64f4683df65b3af5e3_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5845f4f7c9d013682cf2605a766aeb698e41934f85e3cf4f40a39f95036d2778_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:7e32adf6e8872a6b867d64020b03c1ed4ecbb4079539c3f66e85a595704b008d_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a39cdaf818b6cc9fcb1c780a82c39b1f8d7f00dcb5f4ecdf5795cd7452f56203_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:77dbe735cb007c4cb31d0d01e26aa46f7014ea4089b72630d206526605b78e52_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:489446f0c5a57d9d6bcdb7b0ccba2db6c5f961693bc0c95cda02a6ee52a718ae_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:7c05bf2bab975c345fbb1f54c74ce00b512a7780262087ffeb5e18e39d357e2e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:bf747665d8f980936633273351381207f0db7e5a920f6c1745dd1282f9a7a7a7_s390x | — |
Workaround
|
Threats
Impact
Important
A flaw was found in gRPC-Go, the Go language implementation of gRPC. This vulnerability, an authorization bypass, is caused by improper input validation of the HTTP/2 `:path` pseudo-header. A remote attacker can exploit this by sending raw HTTP/2 frames with a malformed `:path` that omits the mandatory leading slash. This allows the attacker to bypass defined security policies, potentially leading to unauthorized access to services or information disclosure.
9.1 (Critical)
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:1f42a9088fd931804a16d6170c2d65a1a49b2433e906d3e3ac59f5169793ae8d_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:82890320e84c3be368d5f7e4b76fb99d6a20340cd5c3b2809e3e23cabc76bc7b_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:dcf424eb353016ba6d2751052099542b330f99ea8ee0540431e50a8df5628263_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:0a65832e2056a4f317afc7aaffa870418a67a5c8216787469d5845e7b9e1da56_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:62c33fd8160ec9f5ca795496c302f9ab708167a784f56422705e42a73eaa69fc_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:77f795c922f07ccdb237e98bc0184c2b63e640bb9fb71c183b00ece2d4d423f7_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:a85190ee795f8fa1e9324af5e0af259ab69fa3a05272a5bb5f4076d372fd5fd1_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2aa45808282b59093c37870eee91e90f3ea0f5505a2c3081044426afc1b24c43_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:57a8db4bfcc0f507fc46e9e0f379bb85558431940861d5ccf7d67c28b4ce70d6_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:628fb2f45f9ae0a1f7ade369ddb11aaf19e849914df3e1602a72bbd747c39403_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:0349e3a25a20874671f34ded49ea0a692a4ccff726ae9a7c212134edd5684aa6_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:3ef001da349fb2880c5b4c7b2b480d84497d2d7b06d5f88b434a5867b15831ea_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:762a843c527f3eae162e4bedee20f88b2df2919499bc07ee156ed6e575673a2b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d564610e1019680260e701955356a2fbd14de32a46506128208c1ebc6771e0e_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:db1bd588d96d3eff25fce96b0e6d78d042b6041b0bb31a64f4683df65b3af5e3_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5845f4f7c9d013682cf2605a766aeb698e41934f85e3cf4f40a39f95036d2778_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:7e32adf6e8872a6b867d64020b03c1ed4ecbb4079539c3f66e85a595704b008d_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a39cdaf818b6cc9fcb1c780a82c39b1f8d7f00dcb5f4ecdf5795cd7452f56203_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:77dbe735cb007c4cb31d0d01e26aa46f7014ea4089b72630d206526605b78e52_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:489446f0c5a57d9d6bcdb7b0ccba2db6c5f961693bc0c95cda02a6ee52a718ae_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:7c05bf2bab975c345fbb1f54c74ce00b512a7780262087ffeb5e18e39d357e2e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:bf747665d8f980936633273351381207f0db7e5a920f6c1745dd1282f9a7a7a7_s390x | — |
Workaround
|
Threats
Impact
Important
A flaw was found in Go JOSE, a library for handling JSON Web Encryption (JWE) objects. A remote attacker could exploit this vulnerability by providing a specially crafted JWE object. When decrypting such an object, if a key wrapping algorithm is specified but the encrypted key field is empty, the application can crash. This leads to a denial of service (DoS), making the affected service unavailable to legitimate users.
7.5 (High)
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:1f42a9088fd931804a16d6170c2d65a1a49b2433e906d3e3ac59f5169793ae8d_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:82890320e84c3be368d5f7e4b76fb99d6a20340cd5c3b2809e3e23cabc76bc7b_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:dcf424eb353016ba6d2751052099542b330f99ea8ee0540431e50a8df5628263_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:0a65832e2056a4f317afc7aaffa870418a67a5c8216787469d5845e7b9e1da56_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:62c33fd8160ec9f5ca795496c302f9ab708167a784f56422705e42a73eaa69fc_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:77f795c922f07ccdb237e98bc0184c2b63e640bb9fb71c183b00ece2d4d423f7_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:a85190ee795f8fa1e9324af5e0af259ab69fa3a05272a5bb5f4076d372fd5fd1_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2aa45808282b59093c37870eee91e90f3ea0f5505a2c3081044426afc1b24c43_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:57a8db4bfcc0f507fc46e9e0f379bb85558431940861d5ccf7d67c28b4ce70d6_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:628fb2f45f9ae0a1f7ade369ddb11aaf19e849914df3e1602a72bbd747c39403_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:0349e3a25a20874671f34ded49ea0a692a4ccff726ae9a7c212134edd5684aa6_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:3ef001da349fb2880c5b4c7b2b480d84497d2d7b06d5f88b434a5867b15831ea_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:762a843c527f3eae162e4bedee20f88b2df2919499bc07ee156ed6e575673a2b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d564610e1019680260e701955356a2fbd14de32a46506128208c1ebc6771e0e_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:db1bd588d96d3eff25fce96b0e6d78d042b6041b0bb31a64f4683df65b3af5e3_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5845f4f7c9d013682cf2605a766aeb698e41934f85e3cf4f40a39f95036d2778_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:7e32adf6e8872a6b867d64020b03c1ed4ecbb4079539c3f66e85a595704b008d_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a39cdaf818b6cc9fcb1c780a82c39b1f8d7f00dcb5f4ecdf5795cd7452f56203_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:77dbe735cb007c4cb31d0d01e26aa46f7014ea4089b72630d206526605b78e52_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:489446f0c5a57d9d6bcdb7b0ccba2db6c5f961693bc0c95cda02a6ee52a718ae_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:7c05bf2bab975c345fbb1f54c74ce00b512a7780262087ffeb5e18e39d357e2e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:bf747665d8f980936633273351381207f0db7e5a920f6c1745dd1282f9a7a7a7_s390x | — |
Workaround
|
Threats
Impact
Important
References
59 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat Quay 3.10.21 is now available with bug fixes.",
"title": "Topic"
},
{
"category": "general",
"text": "Quay 3.10.21",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:11916",
"url": "https://access.redhat.com/errata/RHSA-2026:11916"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-25679",
"url": "https://access.redhat.com/security/cve/CVE-2026-25679"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-27459",
"url": "https://access.redhat.com/security/cve/CVE-2026-27459"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-29063",
"url": "https://access.redhat.com/security/cve/CVE-2026-29063"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-29074",
"url": "https://access.redhat.com/security/cve/CVE-2026-29074"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-32286",
"url": "https://access.redhat.com/security/cve/CVE-2026-32286"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-33186",
"url": "https://access.redhat.com/security/cve/CVE-2026-33186"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-34986",
"url": "https://access.redhat.com/security/cve/CVE-2026-34986"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-4427",
"url": "https://access.redhat.com/security/cve/CVE-2026-4427"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_11916.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Quay 3.10.21",
"tracking": {
"current_release_date": "2026-06-27T14:37:50+00:00",
"generator": {
"date": "2026-06-27T14:37:50+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.2.6"
}
},
"id": "RHSA-2026:11916",
"initial_release_date": "2026-04-29T21:18:39+00:00",
"revision_history": [
{
"date": "2026-04-29T21:18:39+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-04-29T21:18:58+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-27T14:37:50+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Quay 3.1",
"product": {
"name": "Red Hat Quay 3.1",
"product_id": "Red Hat Quay 3.1",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:quay:3.10::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat Quay"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:db1bd588d96d3eff25fce96b0e6d78d042b6041b0bb31a64f4683df65b3af5e3_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:db1bd588d96d3eff25fce96b0e6d78d042b6041b0bb31a64f4683df65b3af5e3_amd64",
"product_id": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:db1bd588d96d3eff25fce96b0e6d78d042b6041b0bb31a64f4683df65b3af5e3_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-bundle@sha256%3Adb1bd588d96d3eff25fce96b0e6d78d042b6041b0bb31a64f4683df65b3af5e3?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1776785871"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5845f4f7c9d013682cf2605a766aeb698e41934f85e3cf4f40a39f95036d2778_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5845f4f7c9d013682cf2605a766aeb698e41934f85e3cf4f40a39f95036d2778_amd64",
"product_id": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5845f4f7c9d013682cf2605a766aeb698e41934f85e3cf4f40a39f95036d2778_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-rhel8@sha256%3A5845f4f7c9d013682cf2605a766aeb698e41934f85e3cf4f40a39f95036d2778?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1776784458"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:a85190ee795f8fa1e9324af5e0af259ab69fa3a05272a5bb5f4076d372fd5fd1_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:a85190ee795f8fa1e9324af5e0af259ab69fa3a05272a5bb5f4076d372fd5fd1_amd64",
"product_id": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:a85190ee795f8fa1e9324af5e0af259ab69fa3a05272a5bb5f4076d372fd5fd1_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-bundle@sha256%3Aa85190ee795f8fa1e9324af5e0af259ab69fa3a05272a5bb5f4076d372fd5fd1?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1776785891"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2aa45808282b59093c37870eee91e90f3ea0f5505a2c3081044426afc1b24c43_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2aa45808282b59093c37870eee91e90f3ea0f5505a2c3081044426afc1b24c43_amd64",
"product_id": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2aa45808282b59093c37870eee91e90f3ea0f5505a2c3081044426afc1b24c43_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-rhel8@sha256%3A2aa45808282b59093c37870eee91e90f3ea0f5505a2c3081044426afc1b24c43?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1776784548"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:0349e3a25a20874671f34ded49ea0a692a4ccff726ae9a7c212134edd5684aa6_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:0349e3a25a20874671f34ded49ea0a692a4ccff726ae9a7c212134edd5684aa6_amd64",
"product_id": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:0349e3a25a20874671f34ded49ea0a692a4ccff726ae9a7c212134edd5684aa6_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-qemu-rhcos-rhel8@sha256%3A0349e3a25a20874671f34ded49ea0a692a4ccff726ae9a7c212134edd5684aa6?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1776706008"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:762a843c527f3eae162e4bedee20f88b2df2919499bc07ee156ed6e575673a2b_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:762a843c527f3eae162e4bedee20f88b2df2919499bc07ee156ed6e575673a2b_amd64",
"product_id": "registry.redhat.io/quay/quay-builder-rhel8@sha256:762a843c527f3eae162e4bedee20f88b2df2919499bc07ee156ed6e575673a2b_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-rhel8@sha256%3A762a843c527f3eae162e4bedee20f88b2df2919499bc07ee156ed6e575673a2b?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1777302567"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/clair-rhel8@sha256:77f795c922f07ccdb237e98bc0184c2b63e640bb9fb71c183b00ece2d4d423f7_amd64",
"product": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:77f795c922f07ccdb237e98bc0184c2b63e640bb9fb71c183b00ece2d4d423f7_amd64",
"product_id": "registry.redhat.io/quay/clair-rhel8@sha256:77f795c922f07ccdb237e98bc0184c2b63e640bb9fb71c183b00ece2d4d423f7_amd64",
"product_identification_helper": {
"purl": "pkg:oci/clair-rhel8@sha256%3A77f795c922f07ccdb237e98bc0184c2b63e640bb9fb71c183b00ece2d4d423f7?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1776705546"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-operator-bundle@sha256:77dbe735cb007c4cb31d0d01e26aa46f7014ea4089b72630d206526605b78e52_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-operator-bundle@sha256:77dbe735cb007c4cb31d0d01e26aa46f7014ea4089b72630d206526605b78e52_amd64",
"product_id": "registry.redhat.io/quay/quay-operator-bundle@sha256:77dbe735cb007c4cb31d0d01e26aa46f7014ea4089b72630d206526605b78e52_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-bundle@sha256%3A77dbe735cb007c4cb31d0d01e26aa46f7014ea4089b72630d206526605b78e52?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1777303274"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:489446f0c5a57d9d6bcdb7b0ccba2db6c5f961693bc0c95cda02a6ee52a718ae_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:489446f0c5a57d9d6bcdb7b0ccba2db6c5f961693bc0c95cda02a6ee52a718ae_amd64",
"product_id": "registry.redhat.io/quay/quay-operator-rhel8@sha256:489446f0c5a57d9d6bcdb7b0ccba2db6c5f961693bc0c95cda02a6ee52a718ae_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-rhel8@sha256%3A489446f0c5a57d9d6bcdb7b0ccba2db6c5f961693bc0c95cda02a6ee52a718ae?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1776908884"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-rhel8@sha256:dcf424eb353016ba6d2751052099542b330f99ea8ee0540431e50a8df5628263_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:dcf424eb353016ba6d2751052099542b330f99ea8ee0540431e50a8df5628263_amd64",
"product_id": "registry.redhat.io/quay/quay-rhel8@sha256:dcf424eb353016ba6d2751052099542b330f99ea8ee0540431e50a8df5628263_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-rhel8@sha256%3Adcf424eb353016ba6d2751052099542b330f99ea8ee0540431e50a8df5628263?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1776736910"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:7e32adf6e8872a6b867d64020b03c1ed4ecbb4079539c3f66e85a595704b008d_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:7e32adf6e8872a6b867d64020b03c1ed4ecbb4079539c3f66e85a595704b008d_ppc64le",
"product_id": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:7e32adf6e8872a6b867d64020b03c1ed4ecbb4079539c3f66e85a595704b008d_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-rhel8@sha256%3A7e32adf6e8872a6b867d64020b03c1ed4ecbb4079539c3f66e85a595704b008d?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=1776784458"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:57a8db4bfcc0f507fc46e9e0f379bb85558431940861d5ccf7d67c28b4ce70d6_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:57a8db4bfcc0f507fc46e9e0f379bb85558431940861d5ccf7d67c28b4ce70d6_ppc64le",
"product_id": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:57a8db4bfcc0f507fc46e9e0f379bb85558431940861d5ccf7d67c28b4ce70d6_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-rhel8@sha256%3A57a8db4bfcc0f507fc46e9e0f379bb85558431940861d5ccf7d67c28b4ce70d6?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=1776784548"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:3ef001da349fb2880c5b4c7b2b480d84497d2d7b06d5f88b434a5867b15831ea_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:3ef001da349fb2880c5b4c7b2b480d84497d2d7b06d5f88b434a5867b15831ea_ppc64le",
"product_id": "registry.redhat.io/quay/quay-builder-rhel8@sha256:3ef001da349fb2880c5b4c7b2b480d84497d2d7b06d5f88b434a5867b15831ea_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-rhel8@sha256%3A3ef001da349fb2880c5b4c7b2b480d84497d2d7b06d5f88b434a5867b15831ea?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=1777302567"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/clair-rhel8@sha256:0a65832e2056a4f317afc7aaffa870418a67a5c8216787469d5845e7b9e1da56_ppc64le",
"product": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:0a65832e2056a4f317afc7aaffa870418a67a5c8216787469d5845e7b9e1da56_ppc64le",
"product_id": "registry.redhat.io/quay/clair-rhel8@sha256:0a65832e2056a4f317afc7aaffa870418a67a5c8216787469d5845e7b9e1da56_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/clair-rhel8@sha256%3A0a65832e2056a4f317afc7aaffa870418a67a5c8216787469d5845e7b9e1da56?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=1776705546"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:7c05bf2bab975c345fbb1f54c74ce00b512a7780262087ffeb5e18e39d357e2e_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:7c05bf2bab975c345fbb1f54c74ce00b512a7780262087ffeb5e18e39d357e2e_ppc64le",
"product_id": "registry.redhat.io/quay/quay-operator-rhel8@sha256:7c05bf2bab975c345fbb1f54c74ce00b512a7780262087ffeb5e18e39d357e2e_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-rhel8@sha256%3A7c05bf2bab975c345fbb1f54c74ce00b512a7780262087ffeb5e18e39d357e2e?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=1776908884"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-rhel8@sha256:82890320e84c3be368d5f7e4b76fb99d6a20340cd5c3b2809e3e23cabc76bc7b_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:82890320e84c3be368d5f7e4b76fb99d6a20340cd5c3b2809e3e23cabc76bc7b_ppc64le",
"product_id": "registry.redhat.io/quay/quay-rhel8@sha256:82890320e84c3be368d5f7e4b76fb99d6a20340cd5c3b2809e3e23cabc76bc7b_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-rhel8@sha256%3A82890320e84c3be368d5f7e4b76fb99d6a20340cd5c3b2809e3e23cabc76bc7b?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=1776736910"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a39cdaf818b6cc9fcb1c780a82c39b1f8d7f00dcb5f4ecdf5795cd7452f56203_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a39cdaf818b6cc9fcb1c780a82c39b1f8d7f00dcb5f4ecdf5795cd7452f56203_s390x",
"product_id": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a39cdaf818b6cc9fcb1c780a82c39b1f8d7f00dcb5f4ecdf5795cd7452f56203_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-rhel8@sha256%3Aa39cdaf818b6cc9fcb1c780a82c39b1f8d7f00dcb5f4ecdf5795cd7452f56203?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=1776784458"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:628fb2f45f9ae0a1f7ade369ddb11aaf19e849914df3e1602a72bbd747c39403_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:628fb2f45f9ae0a1f7ade369ddb11aaf19e849914df3e1602a72bbd747c39403_s390x",
"product_id": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:628fb2f45f9ae0a1f7ade369ddb11aaf19e849914df3e1602a72bbd747c39403_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-rhel8@sha256%3A628fb2f45f9ae0a1f7ade369ddb11aaf19e849914df3e1602a72bbd747c39403?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=1776784548"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:9d564610e1019680260e701955356a2fbd14de32a46506128208c1ebc6771e0e_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:9d564610e1019680260e701955356a2fbd14de32a46506128208c1ebc6771e0e_s390x",
"product_id": "registry.redhat.io/quay/quay-builder-rhel8@sha256:9d564610e1019680260e701955356a2fbd14de32a46506128208c1ebc6771e0e_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-rhel8@sha256%3A9d564610e1019680260e701955356a2fbd14de32a46506128208c1ebc6771e0e?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=1777302567"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/clair-rhel8@sha256:62c33fd8160ec9f5ca795496c302f9ab708167a784f56422705e42a73eaa69fc_s390x",
"product": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:62c33fd8160ec9f5ca795496c302f9ab708167a784f56422705e42a73eaa69fc_s390x",
"product_id": "registry.redhat.io/quay/clair-rhel8@sha256:62c33fd8160ec9f5ca795496c302f9ab708167a784f56422705e42a73eaa69fc_s390x",
"product_identification_helper": {
"purl": "pkg:oci/clair-rhel8@sha256%3A62c33fd8160ec9f5ca795496c302f9ab708167a784f56422705e42a73eaa69fc?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=1776705546"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:bf747665d8f980936633273351381207f0db7e5a920f6c1745dd1282f9a7a7a7_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:bf747665d8f980936633273351381207f0db7e5a920f6c1745dd1282f9a7a7a7_s390x",
"product_id": "registry.redhat.io/quay/quay-operator-rhel8@sha256:bf747665d8f980936633273351381207f0db7e5a920f6c1745dd1282f9a7a7a7_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-rhel8@sha256%3Abf747665d8f980936633273351381207f0db7e5a920f6c1745dd1282f9a7a7a7?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=1776908884"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-rhel8@sha256:1f42a9088fd931804a16d6170c2d65a1a49b2433e906d3e3ac59f5169793ae8d_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:1f42a9088fd931804a16d6170c2d65a1a49b2433e906d3e3ac59f5169793ae8d_s390x",
"product_id": "registry.redhat.io/quay/quay-rhel8@sha256:1f42a9088fd931804a16d6170c2d65a1a49b2433e906d3e3ac59f5169793ae8d_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-rhel8@sha256%3A1f42a9088fd931804a16d6170c2d65a1a49b2433e906d3e3ac59f5169793ae8d?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=1776736910"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:0a65832e2056a4f317afc7aaffa870418a67a5c8216787469d5845e7b9e1da56_ppc64le as a component of Red Hat Quay 3.1",
"product_id": "Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:0a65832e2056a4f317afc7aaffa870418a67a5c8216787469d5845e7b9e1da56_ppc64le"
},
"product_reference": "registry.redhat.io/quay/clair-rhel8@sha256:0a65832e2056a4f317afc7aaffa870418a67a5c8216787469d5845e7b9e1da56_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:62c33fd8160ec9f5ca795496c302f9ab708167a784f56422705e42a73eaa69fc_s390x as a component of Red Hat Quay 3.1",
"product_id": "Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:62c33fd8160ec9f5ca795496c302f9ab708167a784f56422705e42a73eaa69fc_s390x"
},
"product_reference": "registry.redhat.io/quay/clair-rhel8@sha256:62c33fd8160ec9f5ca795496c302f9ab708167a784f56422705e42a73eaa69fc_s390x",
"relates_to_product_reference": "Red Hat Quay 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:77f795c922f07ccdb237e98bc0184c2b63e640bb9fb71c183b00ece2d4d423f7_amd64 as a component of Red Hat Quay 3.1",
"product_id": "Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:77f795c922f07ccdb237e98bc0184c2b63e640bb9fb71c183b00ece2d4d423f7_amd64"
},
"product_reference": "registry.redhat.io/quay/clair-rhel8@sha256:77f795c922f07ccdb237e98bc0184c2b63e640bb9fb71c183b00ece2d4d423f7_amd64",
"relates_to_product_reference": "Red Hat Quay 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:a85190ee795f8fa1e9324af5e0af259ab69fa3a05272a5bb5f4076d372fd5fd1_amd64 as a component of Red Hat Quay 3.1",
"product_id": "Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:a85190ee795f8fa1e9324af5e0af259ab69fa3a05272a5bb5f4076d372fd5fd1_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:a85190ee795f8fa1e9324af5e0af259ab69fa3a05272a5bb5f4076d372fd5fd1_amd64",
"relates_to_product_reference": "Red Hat Quay 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2aa45808282b59093c37870eee91e90f3ea0f5505a2c3081044426afc1b24c43_amd64 as a component of Red Hat Quay 3.1",
"product_id": "Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2aa45808282b59093c37870eee91e90f3ea0f5505a2c3081044426afc1b24c43_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2aa45808282b59093c37870eee91e90f3ea0f5505a2c3081044426afc1b24c43_amd64",
"relates_to_product_reference": "Red Hat Quay 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:57a8db4bfcc0f507fc46e9e0f379bb85558431940861d5ccf7d67c28b4ce70d6_ppc64le as a component of Red Hat Quay 3.1",
"product_id": "Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:57a8db4bfcc0f507fc46e9e0f379bb85558431940861d5ccf7d67c28b4ce70d6_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:57a8db4bfcc0f507fc46e9e0f379bb85558431940861d5ccf7d67c28b4ce70d6_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:628fb2f45f9ae0a1f7ade369ddb11aaf19e849914df3e1602a72bbd747c39403_s390x as a component of Red Hat Quay 3.1",
"product_id": "Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:628fb2f45f9ae0a1f7ade369ddb11aaf19e849914df3e1602a72bbd747c39403_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:628fb2f45f9ae0a1f7ade369ddb11aaf19e849914df3e1602a72bbd747c39403_s390x",
"relates_to_product_reference": "Red Hat Quay 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:0349e3a25a20874671f34ded49ea0a692a4ccff726ae9a7c212134edd5684aa6_amd64 as a component of Red Hat Quay 3.1",
"product_id": "Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:0349e3a25a20874671f34ded49ea0a692a4ccff726ae9a7c212134edd5684aa6_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:0349e3a25a20874671f34ded49ea0a692a4ccff726ae9a7c212134edd5684aa6_amd64",
"relates_to_product_reference": "Red Hat Quay 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:3ef001da349fb2880c5b4c7b2b480d84497d2d7b06d5f88b434a5867b15831ea_ppc64le as a component of Red Hat Quay 3.1",
"product_id": "Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:3ef001da349fb2880c5b4c7b2b480d84497d2d7b06d5f88b434a5867b15831ea_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-builder-rhel8@sha256:3ef001da349fb2880c5b4c7b2b480d84497d2d7b06d5f88b434a5867b15831ea_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:762a843c527f3eae162e4bedee20f88b2df2919499bc07ee156ed6e575673a2b_amd64 as a component of Red Hat Quay 3.1",
"product_id": "Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:762a843c527f3eae162e4bedee20f88b2df2919499bc07ee156ed6e575673a2b_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-builder-rhel8@sha256:762a843c527f3eae162e4bedee20f88b2df2919499bc07ee156ed6e575673a2b_amd64",
"relates_to_product_reference": "Red Hat Quay 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:9d564610e1019680260e701955356a2fbd14de32a46506128208c1ebc6771e0e_s390x as a component of Red Hat Quay 3.1",
"product_id": "Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d564610e1019680260e701955356a2fbd14de32a46506128208c1ebc6771e0e_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-builder-rhel8@sha256:9d564610e1019680260e701955356a2fbd14de32a46506128208c1ebc6771e0e_s390x",
"relates_to_product_reference": "Red Hat Quay 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:db1bd588d96d3eff25fce96b0e6d78d042b6041b0bb31a64f4683df65b3af5e3_amd64 as a component of Red Hat Quay 3.1",
"product_id": "Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:db1bd588d96d3eff25fce96b0e6d78d042b6041b0bb31a64f4683df65b3af5e3_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:db1bd588d96d3eff25fce96b0e6d78d042b6041b0bb31a64f4683df65b3af5e3_amd64",
"relates_to_product_reference": "Red Hat Quay 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5845f4f7c9d013682cf2605a766aeb698e41934f85e3cf4f40a39f95036d2778_amd64 as a component of Red Hat Quay 3.1",
"product_id": "Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5845f4f7c9d013682cf2605a766aeb698e41934f85e3cf4f40a39f95036d2778_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5845f4f7c9d013682cf2605a766aeb698e41934f85e3cf4f40a39f95036d2778_amd64",
"relates_to_product_reference": "Red Hat Quay 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:7e32adf6e8872a6b867d64020b03c1ed4ecbb4079539c3f66e85a595704b008d_ppc64le as a component of Red Hat Quay 3.1",
"product_id": "Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:7e32adf6e8872a6b867d64020b03c1ed4ecbb4079539c3f66e85a595704b008d_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:7e32adf6e8872a6b867d64020b03c1ed4ecbb4079539c3f66e85a595704b008d_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a39cdaf818b6cc9fcb1c780a82c39b1f8d7f00dcb5f4ecdf5795cd7452f56203_s390x as a component of Red Hat Quay 3.1",
"product_id": "Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a39cdaf818b6cc9fcb1c780a82c39b1f8d7f00dcb5f4ecdf5795cd7452f56203_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a39cdaf818b6cc9fcb1c780a82c39b1f8d7f00dcb5f4ecdf5795cd7452f56203_s390x",
"relates_to_product_reference": "Red Hat Quay 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-operator-bundle@sha256:77dbe735cb007c4cb31d0d01e26aa46f7014ea4089b72630d206526605b78e52_amd64 as a component of Red Hat Quay 3.1",
"product_id": "Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:77dbe735cb007c4cb31d0d01e26aa46f7014ea4089b72630d206526605b78e52_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-operator-bundle@sha256:77dbe735cb007c4cb31d0d01e26aa46f7014ea4089b72630d206526605b78e52_amd64",
"relates_to_product_reference": "Red Hat Quay 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:489446f0c5a57d9d6bcdb7b0ccba2db6c5f961693bc0c95cda02a6ee52a718ae_amd64 as a component of Red Hat Quay 3.1",
"product_id": "Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:489446f0c5a57d9d6bcdb7b0ccba2db6c5f961693bc0c95cda02a6ee52a718ae_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-operator-rhel8@sha256:489446f0c5a57d9d6bcdb7b0ccba2db6c5f961693bc0c95cda02a6ee52a718ae_amd64",
"relates_to_product_reference": "Red Hat Quay 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:7c05bf2bab975c345fbb1f54c74ce00b512a7780262087ffeb5e18e39d357e2e_ppc64le as a component of Red Hat Quay 3.1",
"product_id": "Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:7c05bf2bab975c345fbb1f54c74ce00b512a7780262087ffeb5e18e39d357e2e_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-operator-rhel8@sha256:7c05bf2bab975c345fbb1f54c74ce00b512a7780262087ffeb5e18e39d357e2e_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:bf747665d8f980936633273351381207f0db7e5a920f6c1745dd1282f9a7a7a7_s390x as a component of Red Hat Quay 3.1",
"product_id": "Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:bf747665d8f980936633273351381207f0db7e5a920f6c1745dd1282f9a7a7a7_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-operator-rhel8@sha256:bf747665d8f980936633273351381207f0db7e5a920f6c1745dd1282f9a7a7a7_s390x",
"relates_to_product_reference": "Red Hat Quay 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:1f42a9088fd931804a16d6170c2d65a1a49b2433e906d3e3ac59f5169793ae8d_s390x as a component of Red Hat Quay 3.1",
"product_id": "Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:1f42a9088fd931804a16d6170c2d65a1a49b2433e906d3e3ac59f5169793ae8d_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-rhel8@sha256:1f42a9088fd931804a16d6170c2d65a1a49b2433e906d3e3ac59f5169793ae8d_s390x",
"relates_to_product_reference": "Red Hat Quay 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:82890320e84c3be368d5f7e4b76fb99d6a20340cd5c3b2809e3e23cabc76bc7b_ppc64le as a component of Red Hat Quay 3.1",
"product_id": "Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:82890320e84c3be368d5f7e4b76fb99d6a20340cd5c3b2809e3e23cabc76bc7b_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-rhel8@sha256:82890320e84c3be368d5f7e4b76fb99d6a20340cd5c3b2809e3e23cabc76bc7b_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:dcf424eb353016ba6d2751052099542b330f99ea8ee0540431e50a8df5628263_amd64 as a component of Red Hat Quay 3.1",
"product_id": "Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:dcf424eb353016ba6d2751052099542b330f99ea8ee0540431e50a8df5628263_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-rhel8@sha256:dcf424eb353016ba6d2751052099542b330f99ea8ee0540431e50a8df5628263_amd64",
"relates_to_product_reference": "Red Hat Quay 3.1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-4427",
"discovery_date": "2026-03-18T14:02:19.414820+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:0a65832e2056a4f317afc7aaffa870418a67a5c8216787469d5845e7b9e1da56_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:62c33fd8160ec9f5ca795496c302f9ab708167a784f56422705e42a73eaa69fc_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:77f795c922f07ccdb237e98bc0184c2b63e640bb9fb71c183b00ece2d4d423f7_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:a85190ee795f8fa1e9324af5e0af259ab69fa3a05272a5bb5f4076d372fd5fd1_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2aa45808282b59093c37870eee91e90f3ea0f5505a2c3081044426afc1b24c43_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:57a8db4bfcc0f507fc46e9e0f379bb85558431940861d5ccf7d67c28b4ce70d6_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:628fb2f45f9ae0a1f7ade369ddb11aaf19e849914df3e1602a72bbd747c39403_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:0349e3a25a20874671f34ded49ea0a692a4ccff726ae9a7c212134edd5684aa6_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:3ef001da349fb2880c5b4c7b2b480d84497d2d7b06d5f88b434a5867b15831ea_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:762a843c527f3eae162e4bedee20f88b2df2919499bc07ee156ed6e575673a2b_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d564610e1019680260e701955356a2fbd14de32a46506128208c1ebc6771e0e_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:db1bd588d96d3eff25fce96b0e6d78d042b6041b0bb31a64f4683df65b3af5e3_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5845f4f7c9d013682cf2605a766aeb698e41934f85e3cf4f40a39f95036d2778_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:7e32adf6e8872a6b867d64020b03c1ed4ecbb4079539c3f66e85a595704b008d_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a39cdaf818b6cc9fcb1c780a82c39b1f8d7f00dcb5f4ecdf5795cd7452f56203_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:77dbe735cb007c4cb31d0d01e26aa46f7014ea4089b72630d206526605b78e52_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:489446f0c5a57d9d6bcdb7b0ccba2db6c5f961693bc0c95cda02a6ee52a718ae_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:7c05bf2bab975c345fbb1f54c74ce00b512a7780262087ffeb5e18e39d357e2e_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:bf747665d8f980936633273351381207f0db7e5a920f6c1745dd1282f9a7a7a7_s390x"
]
}
],
"notes": [
{
"category": "description",
"text": "No description is available for this CVE.",
"title": "Vulnerability description"
},
{
"category": "other",
"text": "This CVE has been marked as Rejected by the assigning CNA.",
"title": "Statement"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:1f42a9088fd931804a16d6170c2d65a1a49b2433e906d3e3ac59f5169793ae8d_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:82890320e84c3be368d5f7e4b76fb99d6a20340cd5c3b2809e3e23cabc76bc7b_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:dcf424eb353016ba6d2751052099542b330f99ea8ee0540431e50a8df5628263_amd64"
],
"known_not_affected": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:0a65832e2056a4f317afc7aaffa870418a67a5c8216787469d5845e7b9e1da56_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:62c33fd8160ec9f5ca795496c302f9ab708167a784f56422705e42a73eaa69fc_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:77f795c922f07ccdb237e98bc0184c2b63e640bb9fb71c183b00ece2d4d423f7_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:a85190ee795f8fa1e9324af5e0af259ab69fa3a05272a5bb5f4076d372fd5fd1_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2aa45808282b59093c37870eee91e90f3ea0f5505a2c3081044426afc1b24c43_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:57a8db4bfcc0f507fc46e9e0f379bb85558431940861d5ccf7d67c28b4ce70d6_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:628fb2f45f9ae0a1f7ade369ddb11aaf19e849914df3e1602a72bbd747c39403_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:0349e3a25a20874671f34ded49ea0a692a4ccff726ae9a7c212134edd5684aa6_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:3ef001da349fb2880c5b4c7b2b480d84497d2d7b06d5f88b434a5867b15831ea_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:762a843c527f3eae162e4bedee20f88b2df2919499bc07ee156ed6e575673a2b_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d564610e1019680260e701955356a2fbd14de32a46506128208c1ebc6771e0e_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:db1bd588d96d3eff25fce96b0e6d78d042b6041b0bb31a64f4683df65b3af5e3_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5845f4f7c9d013682cf2605a766aeb698e41934f85e3cf4f40a39f95036d2778_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:7e32adf6e8872a6b867d64020b03c1ed4ecbb4079539c3f66e85a595704b008d_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a39cdaf818b6cc9fcb1c780a82c39b1f8d7f00dcb5f4ecdf5795cd7452f56203_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:77dbe735cb007c4cb31d0d01e26aa46f7014ea4089b72630d206526605b78e52_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:489446f0c5a57d9d6bcdb7b0ccba2db6c5f961693bc0c95cda02a6ee52a718ae_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:7c05bf2bab975c345fbb1f54c74ce00b512a7780262087ffeb5e18e39d357e2e_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:bf747665d8f980936633273351381207f0db7e5a920f6c1745dd1282f9a7a7a7_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-4427"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-4427",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4427"
}
],
"release_date": "2026-03-18T13:00:31+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-29T21:18:39+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:1f42a9088fd931804a16d6170c2d65a1a49b2433e906d3e3ac59f5169793ae8d_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:82890320e84c3be368d5f7e4b76fb99d6a20340cd5c3b2809e3e23cabc76bc7b_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:dcf424eb353016ba6d2751052099542b330f99ea8ee0540431e50a8df5628263_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:11916"
}
],
"title": "github.com/jackc/pgproto3: pgproto3: Denial of Service via negative field length in DataRow message"
},
{
"cve": "CVE-2026-25679",
"cwe": {
"id": "CWE-1286",
"name": "Improper Validation of Syntactic Correctness of Input"
},
"discovery_date": "2026-03-06T22:02:11.567841+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:0a65832e2056a4f317afc7aaffa870418a67a5c8216787469d5845e7b9e1da56_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:62c33fd8160ec9f5ca795496c302f9ab708167a784f56422705e42a73eaa69fc_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:77f795c922f07ccdb237e98bc0184c2b63e640bb9fb71c183b00ece2d4d423f7_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:a85190ee795f8fa1e9324af5e0af259ab69fa3a05272a5bb5f4076d372fd5fd1_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2aa45808282b59093c37870eee91e90f3ea0f5505a2c3081044426afc1b24c43_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:57a8db4bfcc0f507fc46e9e0f379bb85558431940861d5ccf7d67c28b4ce70d6_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:628fb2f45f9ae0a1f7ade369ddb11aaf19e849914df3e1602a72bbd747c39403_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:0349e3a25a20874671f34ded49ea0a692a4ccff726ae9a7c212134edd5684aa6_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:3ef001da349fb2880c5b4c7b2b480d84497d2d7b06d5f88b434a5867b15831ea_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:762a843c527f3eae162e4bedee20f88b2df2919499bc07ee156ed6e575673a2b_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d564610e1019680260e701955356a2fbd14de32a46506128208c1ebc6771e0e_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:db1bd588d96d3eff25fce96b0e6d78d042b6041b0bb31a64f4683df65b3af5e3_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5845f4f7c9d013682cf2605a766aeb698e41934f85e3cf4f40a39f95036d2778_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:7e32adf6e8872a6b867d64020b03c1ed4ecbb4079539c3f66e85a595704b008d_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a39cdaf818b6cc9fcb1c780a82c39b1f8d7f00dcb5f4ecdf5795cd7452f56203_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:77dbe735cb007c4cb31d0d01e26aa46f7014ea4089b72630d206526605b78e52_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:489446f0c5a57d9d6bcdb7b0ccba2db6c5f961693bc0c95cda02a6ee52a718ae_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:7c05bf2bab975c345fbb1f54c74ce00b512a7780262087ffeb5e18e39d357e2e_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:bf747665d8f980936633273351381207f0db7e5a920f6c1745dd1282f9a7a7a7_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2445356"
}
],
"notes": [
{
"category": "description",
"text": "The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "net/url: Incorrect parsing of IPv6 host literals in net/url",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:1f42a9088fd931804a16d6170c2d65a1a49b2433e906d3e3ac59f5169793ae8d_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:82890320e84c3be368d5f7e4b76fb99d6a20340cd5c3b2809e3e23cabc76bc7b_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:dcf424eb353016ba6d2751052099542b330f99ea8ee0540431e50a8df5628263_amd64"
],
"known_not_affected": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:0a65832e2056a4f317afc7aaffa870418a67a5c8216787469d5845e7b9e1da56_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:62c33fd8160ec9f5ca795496c302f9ab708167a784f56422705e42a73eaa69fc_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:77f795c922f07ccdb237e98bc0184c2b63e640bb9fb71c183b00ece2d4d423f7_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:a85190ee795f8fa1e9324af5e0af259ab69fa3a05272a5bb5f4076d372fd5fd1_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2aa45808282b59093c37870eee91e90f3ea0f5505a2c3081044426afc1b24c43_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:57a8db4bfcc0f507fc46e9e0f379bb85558431940861d5ccf7d67c28b4ce70d6_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:628fb2f45f9ae0a1f7ade369ddb11aaf19e849914df3e1602a72bbd747c39403_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:0349e3a25a20874671f34ded49ea0a692a4ccff726ae9a7c212134edd5684aa6_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:3ef001da349fb2880c5b4c7b2b480d84497d2d7b06d5f88b434a5867b15831ea_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:762a843c527f3eae162e4bedee20f88b2df2919499bc07ee156ed6e575673a2b_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d564610e1019680260e701955356a2fbd14de32a46506128208c1ebc6771e0e_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:db1bd588d96d3eff25fce96b0e6d78d042b6041b0bb31a64f4683df65b3af5e3_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5845f4f7c9d013682cf2605a766aeb698e41934f85e3cf4f40a39f95036d2778_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:7e32adf6e8872a6b867d64020b03c1ed4ecbb4079539c3f66e85a595704b008d_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a39cdaf818b6cc9fcb1c780a82c39b1f8d7f00dcb5f4ecdf5795cd7452f56203_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:77dbe735cb007c4cb31d0d01e26aa46f7014ea4089b72630d206526605b78e52_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:489446f0c5a57d9d6bcdb7b0ccba2db6c5f961693bc0c95cda02a6ee52a718ae_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:7c05bf2bab975c345fbb1f54c74ce00b512a7780262087ffeb5e18e39d357e2e_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:bf747665d8f980936633273351381207f0db7e5a920f6c1745dd1282f9a7a7a7_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-25679"
},
{
"category": "external",
"summary": "RHBZ#2445356",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445356"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-25679",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25679"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-25679",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25679"
},
{
"category": "external",
"summary": "https://go.dev/cl/752180",
"url": "https://go.dev/cl/752180"
},
{
"category": "external",
"summary": "https://go.dev/issue/77578",
"url": "https://go.dev/issue/77578"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk",
"url": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4601",
"url": "https://pkg.go.dev/vuln/GO-2026-4601"
}
],
"release_date": "2026-03-06T21:28:14.211000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-29T21:18:39+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:1f42a9088fd931804a16d6170c2d65a1a49b2433e906d3e3ac59f5169793ae8d_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:82890320e84c3be368d5f7e4b76fb99d6a20340cd5c3b2809e3e23cabc76bc7b_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:dcf424eb353016ba6d2751052099542b330f99ea8ee0540431e50a8df5628263_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:11916"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:0a65832e2056a4f317afc7aaffa870418a67a5c8216787469d5845e7b9e1da56_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:62c33fd8160ec9f5ca795496c302f9ab708167a784f56422705e42a73eaa69fc_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:77f795c922f07ccdb237e98bc0184c2b63e640bb9fb71c183b00ece2d4d423f7_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:a85190ee795f8fa1e9324af5e0af259ab69fa3a05272a5bb5f4076d372fd5fd1_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2aa45808282b59093c37870eee91e90f3ea0f5505a2c3081044426afc1b24c43_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:57a8db4bfcc0f507fc46e9e0f379bb85558431940861d5ccf7d67c28b4ce70d6_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:628fb2f45f9ae0a1f7ade369ddb11aaf19e849914df3e1602a72bbd747c39403_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:0349e3a25a20874671f34ded49ea0a692a4ccff726ae9a7c212134edd5684aa6_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:3ef001da349fb2880c5b4c7b2b480d84497d2d7b06d5f88b434a5867b15831ea_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:762a843c527f3eae162e4bedee20f88b2df2919499bc07ee156ed6e575673a2b_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d564610e1019680260e701955356a2fbd14de32a46506128208c1ebc6771e0e_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:db1bd588d96d3eff25fce96b0e6d78d042b6041b0bb31a64f4683df65b3af5e3_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5845f4f7c9d013682cf2605a766aeb698e41934f85e3cf4f40a39f95036d2778_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:7e32adf6e8872a6b867d64020b03c1ed4ecbb4079539c3f66e85a595704b008d_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a39cdaf818b6cc9fcb1c780a82c39b1f8d7f00dcb5f4ecdf5795cd7452f56203_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:77dbe735cb007c4cb31d0d01e26aa46f7014ea4089b72630d206526605b78e52_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:489446f0c5a57d9d6bcdb7b0ccba2db6c5f961693bc0c95cda02a6ee52a718ae_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:7c05bf2bab975c345fbb1f54c74ce00b512a7780262087ffeb5e18e39d357e2e_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:bf747665d8f980936633273351381207f0db7e5a920f6c1745dd1282f9a7a7a7_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:1f42a9088fd931804a16d6170c2d65a1a49b2433e906d3e3ac59f5169793ae8d_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:82890320e84c3be368d5f7e4b76fb99d6a20340cd5c3b2809e3e23cabc76bc7b_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:dcf424eb353016ba6d2751052099542b330f99ea8ee0540431e50a8df5628263_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:0a65832e2056a4f317afc7aaffa870418a67a5c8216787469d5845e7b9e1da56_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:62c33fd8160ec9f5ca795496c302f9ab708167a784f56422705e42a73eaa69fc_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:77f795c922f07ccdb237e98bc0184c2b63e640bb9fb71c183b00ece2d4d423f7_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:a85190ee795f8fa1e9324af5e0af259ab69fa3a05272a5bb5f4076d372fd5fd1_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2aa45808282b59093c37870eee91e90f3ea0f5505a2c3081044426afc1b24c43_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:57a8db4bfcc0f507fc46e9e0f379bb85558431940861d5ccf7d67c28b4ce70d6_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:628fb2f45f9ae0a1f7ade369ddb11aaf19e849914df3e1602a72bbd747c39403_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:0349e3a25a20874671f34ded49ea0a692a4ccff726ae9a7c212134edd5684aa6_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:3ef001da349fb2880c5b4c7b2b480d84497d2d7b06d5f88b434a5867b15831ea_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:762a843c527f3eae162e4bedee20f88b2df2919499bc07ee156ed6e575673a2b_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d564610e1019680260e701955356a2fbd14de32a46506128208c1ebc6771e0e_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:db1bd588d96d3eff25fce96b0e6d78d042b6041b0bb31a64f4683df65b3af5e3_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5845f4f7c9d013682cf2605a766aeb698e41934f85e3cf4f40a39f95036d2778_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:7e32adf6e8872a6b867d64020b03c1ed4ecbb4079539c3f66e85a595704b008d_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a39cdaf818b6cc9fcb1c780a82c39b1f8d7f00dcb5f4ecdf5795cd7452f56203_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:77dbe735cb007c4cb31d0d01e26aa46f7014ea4089b72630d206526605b78e52_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:489446f0c5a57d9d6bcdb7b0ccba2db6c5f961693bc0c95cda02a6ee52a718ae_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:7c05bf2bab975c345fbb1f54c74ce00b512a7780262087ffeb5e18e39d357e2e_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:bf747665d8f980936633273351381207f0db7e5a920f6c1745dd1282f9a7a7a7_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:1f42a9088fd931804a16d6170c2d65a1a49b2433e906d3e3ac59f5169793ae8d_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:82890320e84c3be368d5f7e4b76fb99d6a20340cd5c3b2809e3e23cabc76bc7b_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:dcf424eb353016ba6d2751052099542b330f99ea8ee0540431e50a8df5628263_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "net/url: Incorrect parsing of IPv6 host literals in net/url"
},
{
"cve": "CVE-2026-27459",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"discovery_date": "2026-03-18T00:01:41.404915+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:0a65832e2056a4f317afc7aaffa870418a67a5c8216787469d5845e7b9e1da56_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:62c33fd8160ec9f5ca795496c302f9ab708167a784f56422705e42a73eaa69fc_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:77f795c922f07ccdb237e98bc0184c2b63e640bb9fb71c183b00ece2d4d423f7_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:a85190ee795f8fa1e9324af5e0af259ab69fa3a05272a5bb5f4076d372fd5fd1_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2aa45808282b59093c37870eee91e90f3ea0f5505a2c3081044426afc1b24c43_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:57a8db4bfcc0f507fc46e9e0f379bb85558431940861d5ccf7d67c28b4ce70d6_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:628fb2f45f9ae0a1f7ade369ddb11aaf19e849914df3e1602a72bbd747c39403_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:0349e3a25a20874671f34ded49ea0a692a4ccff726ae9a7c212134edd5684aa6_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:3ef001da349fb2880c5b4c7b2b480d84497d2d7b06d5f88b434a5867b15831ea_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:762a843c527f3eae162e4bedee20f88b2df2919499bc07ee156ed6e575673a2b_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d564610e1019680260e701955356a2fbd14de32a46506128208c1ebc6771e0e_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:db1bd588d96d3eff25fce96b0e6d78d042b6041b0bb31a64f4683df65b3af5e3_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5845f4f7c9d013682cf2605a766aeb698e41934f85e3cf4f40a39f95036d2778_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:7e32adf6e8872a6b867d64020b03c1ed4ecbb4079539c3f66e85a595704b008d_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a39cdaf818b6cc9fcb1c780a82c39b1f8d7f00dcb5f4ecdf5795cd7452f56203_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:77dbe735cb007c4cb31d0d01e26aa46f7014ea4089b72630d206526605b78e52_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:489446f0c5a57d9d6bcdb7b0ccba2db6c5f961693bc0c95cda02a6ee52a718ae_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:7c05bf2bab975c345fbb1f54c74ce00b512a7780262087ffeb5e18e39d357e2e_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:bf747665d8f980936633273351381207f0db7e5a920f6c1745dd1282f9a7a7a7_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2448503"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in pyOpenSSL. The set_cookie_generate_callback callback function can be used to generate DTLS cookies. When the callback returns a cookie string or byte sequence longer than 256 bytes, a buffer overflow can be triggered due to a missing bounds checking before copying the data to a fixed-size buffer provided by the underlying OpenSSL library.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "pyOpenSSL: DTLS cookie callback buffer overflow",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw is only exploitable when an application using the pyOpenSSL library provides a custom callback to the set_cookie_generate_callback function. For the buffer overflow to occur, the callback function must return a cookie string or byte sequence longer than 256 bytes, limiting the exposure of this issue. Due to these reasons, this vulnerability has been rated with an important severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:1f42a9088fd931804a16d6170c2d65a1a49b2433e906d3e3ac59f5169793ae8d_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:82890320e84c3be368d5f7e4b76fb99d6a20340cd5c3b2809e3e23cabc76bc7b_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:dcf424eb353016ba6d2751052099542b330f99ea8ee0540431e50a8df5628263_amd64"
],
"known_not_affected": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:0a65832e2056a4f317afc7aaffa870418a67a5c8216787469d5845e7b9e1da56_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:62c33fd8160ec9f5ca795496c302f9ab708167a784f56422705e42a73eaa69fc_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:77f795c922f07ccdb237e98bc0184c2b63e640bb9fb71c183b00ece2d4d423f7_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:a85190ee795f8fa1e9324af5e0af259ab69fa3a05272a5bb5f4076d372fd5fd1_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2aa45808282b59093c37870eee91e90f3ea0f5505a2c3081044426afc1b24c43_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:57a8db4bfcc0f507fc46e9e0f379bb85558431940861d5ccf7d67c28b4ce70d6_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:628fb2f45f9ae0a1f7ade369ddb11aaf19e849914df3e1602a72bbd747c39403_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:0349e3a25a20874671f34ded49ea0a692a4ccff726ae9a7c212134edd5684aa6_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:3ef001da349fb2880c5b4c7b2b480d84497d2d7b06d5f88b434a5867b15831ea_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:762a843c527f3eae162e4bedee20f88b2df2919499bc07ee156ed6e575673a2b_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d564610e1019680260e701955356a2fbd14de32a46506128208c1ebc6771e0e_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:db1bd588d96d3eff25fce96b0e6d78d042b6041b0bb31a64f4683df65b3af5e3_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5845f4f7c9d013682cf2605a766aeb698e41934f85e3cf4f40a39f95036d2778_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:7e32adf6e8872a6b867d64020b03c1ed4ecbb4079539c3f66e85a595704b008d_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a39cdaf818b6cc9fcb1c780a82c39b1f8d7f00dcb5f4ecdf5795cd7452f56203_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:77dbe735cb007c4cb31d0d01e26aa46f7014ea4089b72630d206526605b78e52_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:489446f0c5a57d9d6bcdb7b0ccba2db6c5f961693bc0c95cda02a6ee52a718ae_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:7c05bf2bab975c345fbb1f54c74ce00b512a7780262087ffeb5e18e39d357e2e_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:bf747665d8f980936633273351381207f0db7e5a920f6c1745dd1282f9a7a7a7_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-27459"
},
{
"category": "external",
"summary": "RHBZ#2448503",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448503"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-27459",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27459"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-27459",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27459"
},
{
"category": "external",
"summary": "https://github.com/pyca/pyopenssl/blob/358cbf29c4e364c59930e53a270116249581eaa3/CHANGELOG.rst",
"url": "https://github.com/pyca/pyopenssl/blob/358cbf29c4e364c59930e53a270116249581eaa3/CHANGELOG.rst"
},
{
"category": "external",
"summary": "https://github.com/pyca/pyopenssl/commit/57f09bb4bb051d3bc2a1abd36e9525313d5cd408",
"url": "https://github.com/pyca/pyopenssl/commit/57f09bb4bb051d3bc2a1abd36e9525313d5cd408"
},
{
"category": "external",
"summary": "https://github.com/pyca/pyopenssl/security/advisories/GHSA-5pwr-322w-8jr4",
"url": "https://github.com/pyca/pyopenssl/security/advisories/GHSA-5pwr-322w-8jr4"
}
],
"release_date": "2026-03-17T23:34:28.483000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-29T21:18:39+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:1f42a9088fd931804a16d6170c2d65a1a49b2433e906d3e3ac59f5169793ae8d_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:82890320e84c3be368d5f7e4b76fb99d6a20340cd5c3b2809e3e23cabc76bc7b_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:dcf424eb353016ba6d2751052099542b330f99ea8ee0540431e50a8df5628263_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:11916"
},
{
"category": "workaround",
"details": "To mitigate this flaw, ensure the callback provided to the set_cookie_generate_callback function strictly limits the returned cookie string or byte sequence to under 256 bytes.",
"product_ids": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:0a65832e2056a4f317afc7aaffa870418a67a5c8216787469d5845e7b9e1da56_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:62c33fd8160ec9f5ca795496c302f9ab708167a784f56422705e42a73eaa69fc_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:77f795c922f07ccdb237e98bc0184c2b63e640bb9fb71c183b00ece2d4d423f7_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:a85190ee795f8fa1e9324af5e0af259ab69fa3a05272a5bb5f4076d372fd5fd1_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2aa45808282b59093c37870eee91e90f3ea0f5505a2c3081044426afc1b24c43_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:57a8db4bfcc0f507fc46e9e0f379bb85558431940861d5ccf7d67c28b4ce70d6_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:628fb2f45f9ae0a1f7ade369ddb11aaf19e849914df3e1602a72bbd747c39403_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:0349e3a25a20874671f34ded49ea0a692a4ccff726ae9a7c212134edd5684aa6_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:3ef001da349fb2880c5b4c7b2b480d84497d2d7b06d5f88b434a5867b15831ea_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:762a843c527f3eae162e4bedee20f88b2df2919499bc07ee156ed6e575673a2b_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d564610e1019680260e701955356a2fbd14de32a46506128208c1ebc6771e0e_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:db1bd588d96d3eff25fce96b0e6d78d042b6041b0bb31a64f4683df65b3af5e3_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5845f4f7c9d013682cf2605a766aeb698e41934f85e3cf4f40a39f95036d2778_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:7e32adf6e8872a6b867d64020b03c1ed4ecbb4079539c3f66e85a595704b008d_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a39cdaf818b6cc9fcb1c780a82c39b1f8d7f00dcb5f4ecdf5795cd7452f56203_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:77dbe735cb007c4cb31d0d01e26aa46f7014ea4089b72630d206526605b78e52_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:489446f0c5a57d9d6bcdb7b0ccba2db6c5f961693bc0c95cda02a6ee52a718ae_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:7c05bf2bab975c345fbb1f54c74ce00b512a7780262087ffeb5e18e39d357e2e_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:bf747665d8f980936633273351381207f0db7e5a920f6c1745dd1282f9a7a7a7_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:1f42a9088fd931804a16d6170c2d65a1a49b2433e906d3e3ac59f5169793ae8d_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:82890320e84c3be368d5f7e4b76fb99d6a20340cd5c3b2809e3e23cabc76bc7b_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:dcf424eb353016ba6d2751052099542b330f99ea8ee0540431e50a8df5628263_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:0a65832e2056a4f317afc7aaffa870418a67a5c8216787469d5845e7b9e1da56_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:62c33fd8160ec9f5ca795496c302f9ab708167a784f56422705e42a73eaa69fc_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:77f795c922f07ccdb237e98bc0184c2b63e640bb9fb71c183b00ece2d4d423f7_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:a85190ee795f8fa1e9324af5e0af259ab69fa3a05272a5bb5f4076d372fd5fd1_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2aa45808282b59093c37870eee91e90f3ea0f5505a2c3081044426afc1b24c43_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:57a8db4bfcc0f507fc46e9e0f379bb85558431940861d5ccf7d67c28b4ce70d6_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:628fb2f45f9ae0a1f7ade369ddb11aaf19e849914df3e1602a72bbd747c39403_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:0349e3a25a20874671f34ded49ea0a692a4ccff726ae9a7c212134edd5684aa6_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:3ef001da349fb2880c5b4c7b2b480d84497d2d7b06d5f88b434a5867b15831ea_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:762a843c527f3eae162e4bedee20f88b2df2919499bc07ee156ed6e575673a2b_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d564610e1019680260e701955356a2fbd14de32a46506128208c1ebc6771e0e_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:db1bd588d96d3eff25fce96b0e6d78d042b6041b0bb31a64f4683df65b3af5e3_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5845f4f7c9d013682cf2605a766aeb698e41934f85e3cf4f40a39f95036d2778_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:7e32adf6e8872a6b867d64020b03c1ed4ecbb4079539c3f66e85a595704b008d_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a39cdaf818b6cc9fcb1c780a82c39b1f8d7f00dcb5f4ecdf5795cd7452f56203_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:77dbe735cb007c4cb31d0d01e26aa46f7014ea4089b72630d206526605b78e52_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:489446f0c5a57d9d6bcdb7b0ccba2db6c5f961693bc0c95cda02a6ee52a718ae_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:7c05bf2bab975c345fbb1f54c74ce00b512a7780262087ffeb5e18e39d357e2e_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:bf747665d8f980936633273351381207f0db7e5a920f6c1745dd1282f9a7a7a7_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:1f42a9088fd931804a16d6170c2d65a1a49b2433e906d3e3ac59f5169793ae8d_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:82890320e84c3be368d5f7e4b76fb99d6a20340cd5c3b2809e3e23cabc76bc7b_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:dcf424eb353016ba6d2751052099542b330f99ea8ee0540431e50a8df5628263_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "pyOpenSSL: DTLS cookie callback buffer overflow"
},
{
"cve": "CVE-2026-29063",
"cwe": {
"id": "CWE-915",
"name": "Improperly Controlled Modification of Dynamically-Determined Object Attributes"
},
"discovery_date": "2026-03-06T19:00:57.982727+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:0a65832e2056a4f317afc7aaffa870418a67a5c8216787469d5845e7b9e1da56_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:62c33fd8160ec9f5ca795496c302f9ab708167a784f56422705e42a73eaa69fc_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:77f795c922f07ccdb237e98bc0184c2b63e640bb9fb71c183b00ece2d4d423f7_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:a85190ee795f8fa1e9324af5e0af259ab69fa3a05272a5bb5f4076d372fd5fd1_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2aa45808282b59093c37870eee91e90f3ea0f5505a2c3081044426afc1b24c43_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:57a8db4bfcc0f507fc46e9e0f379bb85558431940861d5ccf7d67c28b4ce70d6_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:628fb2f45f9ae0a1f7ade369ddb11aaf19e849914df3e1602a72bbd747c39403_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:0349e3a25a20874671f34ded49ea0a692a4ccff726ae9a7c212134edd5684aa6_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:3ef001da349fb2880c5b4c7b2b480d84497d2d7b06d5f88b434a5867b15831ea_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:762a843c527f3eae162e4bedee20f88b2df2919499bc07ee156ed6e575673a2b_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d564610e1019680260e701955356a2fbd14de32a46506128208c1ebc6771e0e_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:db1bd588d96d3eff25fce96b0e6d78d042b6041b0bb31a64f4683df65b3af5e3_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5845f4f7c9d013682cf2605a766aeb698e41934f85e3cf4f40a39f95036d2778_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:7e32adf6e8872a6b867d64020b03c1ed4ecbb4079539c3f66e85a595704b008d_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a39cdaf818b6cc9fcb1c780a82c39b1f8d7f00dcb5f4ecdf5795cd7452f56203_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:77dbe735cb007c4cb31d0d01e26aa46f7014ea4089b72630d206526605b78e52_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:489446f0c5a57d9d6bcdb7b0ccba2db6c5f961693bc0c95cda02a6ee52a718ae_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:7c05bf2bab975c345fbb1f54c74ce00b512a7780262087ffeb5e18e39d357e2e_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:bf747665d8f980936633273351381207f0db7e5a920f6c1745dd1282f9a7a7a7_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2445291"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Immutable.js, a library for persistent immutable data structures. This vulnerability, known as Prototype Pollution, allows an attacker with low privileges to inject unwanted properties into core JavaScript object prototypes without user interaction. By manipulating specific APIs such as mergeDeep(), mergeDeepWith(), merge(), Map.toJS(), and Map.toObject(), a remote attacker could potentially execute arbitrary code or cause a denial of service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "immutable-js: Immutable.js: Arbitrary code execution via Prototype Pollution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Exploitation of this vulnerability requires that an attacker is able to provide arbitrary data to clients of this library in a way that calls the affected functions with data the attacker controls. In most deployments, the ability to provide data in this fashion requires that an attacker has some degree of privileges to access the affected applications.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:1f42a9088fd931804a16d6170c2d65a1a49b2433e906d3e3ac59f5169793ae8d_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:82890320e84c3be368d5f7e4b76fb99d6a20340cd5c3b2809e3e23cabc76bc7b_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:dcf424eb353016ba6d2751052099542b330f99ea8ee0540431e50a8df5628263_amd64"
],
"known_not_affected": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:0a65832e2056a4f317afc7aaffa870418a67a5c8216787469d5845e7b9e1da56_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:62c33fd8160ec9f5ca795496c302f9ab708167a784f56422705e42a73eaa69fc_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:77f795c922f07ccdb237e98bc0184c2b63e640bb9fb71c183b00ece2d4d423f7_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:a85190ee795f8fa1e9324af5e0af259ab69fa3a05272a5bb5f4076d372fd5fd1_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2aa45808282b59093c37870eee91e90f3ea0f5505a2c3081044426afc1b24c43_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:57a8db4bfcc0f507fc46e9e0f379bb85558431940861d5ccf7d67c28b4ce70d6_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:628fb2f45f9ae0a1f7ade369ddb11aaf19e849914df3e1602a72bbd747c39403_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:0349e3a25a20874671f34ded49ea0a692a4ccff726ae9a7c212134edd5684aa6_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:3ef001da349fb2880c5b4c7b2b480d84497d2d7b06d5f88b434a5867b15831ea_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:762a843c527f3eae162e4bedee20f88b2df2919499bc07ee156ed6e575673a2b_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d564610e1019680260e701955356a2fbd14de32a46506128208c1ebc6771e0e_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:db1bd588d96d3eff25fce96b0e6d78d042b6041b0bb31a64f4683df65b3af5e3_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5845f4f7c9d013682cf2605a766aeb698e41934f85e3cf4f40a39f95036d2778_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:7e32adf6e8872a6b867d64020b03c1ed4ecbb4079539c3f66e85a595704b008d_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a39cdaf818b6cc9fcb1c780a82c39b1f8d7f00dcb5f4ecdf5795cd7452f56203_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:77dbe735cb007c4cb31d0d01e26aa46f7014ea4089b72630d206526605b78e52_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:489446f0c5a57d9d6bcdb7b0ccba2db6c5f961693bc0c95cda02a6ee52a718ae_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:7c05bf2bab975c345fbb1f54c74ce00b512a7780262087ffeb5e18e39d357e2e_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:bf747665d8f980936633273351381207f0db7e5a920f6c1745dd1282f9a7a7a7_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-29063"
},
{
"category": "external",
"summary": "RHBZ#2445291",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445291"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-29063",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-29063"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-29063",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-29063"
},
{
"category": "external",
"summary": "https://github.com/immutable-js/immutable-js/releases/tag/v3.8.3",
"url": "https://github.com/immutable-js/immutable-js/releases/tag/v3.8.3"
},
{
"category": "external",
"summary": "https://github.com/immutable-js/immutable-js/releases/tag/v4.3.8",
"url": "https://github.com/immutable-js/immutable-js/releases/tag/v4.3.8"
},
{
"category": "external",
"summary": "https://github.com/immutable-js/immutable-js/releases/tag/v5.1.5",
"url": "https://github.com/immutable-js/immutable-js/releases/tag/v5.1.5"
},
{
"category": "external",
"summary": "https://github.com/immutable-js/immutable-js/security/advisories/GHSA-wf6x-7x77-mvgw",
"url": "https://github.com/immutable-js/immutable-js/security/advisories/GHSA-wf6x-7x77-mvgw"
}
],
"release_date": "2026-03-06T18:25:22.438000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-29T21:18:39+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:1f42a9088fd931804a16d6170c2d65a1a49b2433e906d3e3ac59f5169793ae8d_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:82890320e84c3be368d5f7e4b76fb99d6a20340cd5c3b2809e3e23cabc76bc7b_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:dcf424eb353016ba6d2751052099542b330f99ea8ee0540431e50a8df5628263_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:11916"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:0a65832e2056a4f317afc7aaffa870418a67a5c8216787469d5845e7b9e1da56_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:62c33fd8160ec9f5ca795496c302f9ab708167a784f56422705e42a73eaa69fc_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:77f795c922f07ccdb237e98bc0184c2b63e640bb9fb71c183b00ece2d4d423f7_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:a85190ee795f8fa1e9324af5e0af259ab69fa3a05272a5bb5f4076d372fd5fd1_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2aa45808282b59093c37870eee91e90f3ea0f5505a2c3081044426afc1b24c43_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:57a8db4bfcc0f507fc46e9e0f379bb85558431940861d5ccf7d67c28b4ce70d6_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:628fb2f45f9ae0a1f7ade369ddb11aaf19e849914df3e1602a72bbd747c39403_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:0349e3a25a20874671f34ded49ea0a692a4ccff726ae9a7c212134edd5684aa6_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:3ef001da349fb2880c5b4c7b2b480d84497d2d7b06d5f88b434a5867b15831ea_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:762a843c527f3eae162e4bedee20f88b2df2919499bc07ee156ed6e575673a2b_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d564610e1019680260e701955356a2fbd14de32a46506128208c1ebc6771e0e_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:db1bd588d96d3eff25fce96b0e6d78d042b6041b0bb31a64f4683df65b3af5e3_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5845f4f7c9d013682cf2605a766aeb698e41934f85e3cf4f40a39f95036d2778_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:7e32adf6e8872a6b867d64020b03c1ed4ecbb4079539c3f66e85a595704b008d_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a39cdaf818b6cc9fcb1c780a82c39b1f8d7f00dcb5f4ecdf5795cd7452f56203_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:77dbe735cb007c4cb31d0d01e26aa46f7014ea4089b72630d206526605b78e52_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:489446f0c5a57d9d6bcdb7b0ccba2db6c5f961693bc0c95cda02a6ee52a718ae_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:7c05bf2bab975c345fbb1f54c74ce00b512a7780262087ffeb5e18e39d357e2e_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:bf747665d8f980936633273351381207f0db7e5a920f6c1745dd1282f9a7a7a7_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:1f42a9088fd931804a16d6170c2d65a1a49b2433e906d3e3ac59f5169793ae8d_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:82890320e84c3be368d5f7e4b76fb99d6a20340cd5c3b2809e3e23cabc76bc7b_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:dcf424eb353016ba6d2751052099542b330f99ea8ee0540431e50a8df5628263_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "immutable-js: Immutable.js: Arbitrary code execution via Prototype Pollution"
},
{
"cve": "CVE-2026-29074",
"cwe": {
"id": "CWE-776",
"name": "Improper Restriction of Recursive Entity References in DTDs (\u0027XML Entity Expansion\u0027)"
},
"discovery_date": "2026-03-06T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:0a65832e2056a4f317afc7aaffa870418a67a5c8216787469d5845e7b9e1da56_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:62c33fd8160ec9f5ca795496c302f9ab708167a784f56422705e42a73eaa69fc_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:77f795c922f07ccdb237e98bc0184c2b63e640bb9fb71c183b00ece2d4d423f7_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:a85190ee795f8fa1e9324af5e0af259ab69fa3a05272a5bb5f4076d372fd5fd1_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2aa45808282b59093c37870eee91e90f3ea0f5505a2c3081044426afc1b24c43_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:57a8db4bfcc0f507fc46e9e0f379bb85558431940861d5ccf7d67c28b4ce70d6_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:628fb2f45f9ae0a1f7ade369ddb11aaf19e849914df3e1602a72bbd747c39403_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:0349e3a25a20874671f34ded49ea0a692a4ccff726ae9a7c212134edd5684aa6_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:3ef001da349fb2880c5b4c7b2b480d84497d2d7b06d5f88b434a5867b15831ea_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:762a843c527f3eae162e4bedee20f88b2df2919499bc07ee156ed6e575673a2b_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d564610e1019680260e701955356a2fbd14de32a46506128208c1ebc6771e0e_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:db1bd588d96d3eff25fce96b0e6d78d042b6041b0bb31a64f4683df65b3af5e3_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5845f4f7c9d013682cf2605a766aeb698e41934f85e3cf4f40a39f95036d2778_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:7e32adf6e8872a6b867d64020b03c1ed4ecbb4079539c3f66e85a595704b008d_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a39cdaf818b6cc9fcb1c780a82c39b1f8d7f00dcb5f4ecdf5795cd7452f56203_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:77dbe735cb007c4cb31d0d01e26aa46f7014ea4089b72630d206526605b78e52_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:489446f0c5a57d9d6bcdb7b0ccba2db6c5f961693bc0c95cda02a6ee52a718ae_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:7c05bf2bab975c345fbb1f54c74ce00b512a7780262087ffeb5e18e39d357e2e_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:bf747665d8f980936633273351381207f0db7e5a920f6c1745dd1282f9a7a7a7_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2445132"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in SVGO, an SVG (Scalable Vector Graphics) Optimizer. This vulnerability allows a remote attacker to cause a Denial of Service (DoS) by submitting a specially crafted XML file. The application\u0027s failure to properly guard against XML entity expansion or recursion can lead to the Node.js process consuming excessive memory and crashing.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "svgo: SVGO: Denial of Service via XML entity expansion",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:1f42a9088fd931804a16d6170c2d65a1a49b2433e906d3e3ac59f5169793ae8d_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:82890320e84c3be368d5f7e4b76fb99d6a20340cd5c3b2809e3e23cabc76bc7b_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:dcf424eb353016ba6d2751052099542b330f99ea8ee0540431e50a8df5628263_amd64"
],
"known_not_affected": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:0a65832e2056a4f317afc7aaffa870418a67a5c8216787469d5845e7b9e1da56_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:62c33fd8160ec9f5ca795496c302f9ab708167a784f56422705e42a73eaa69fc_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:77f795c922f07ccdb237e98bc0184c2b63e640bb9fb71c183b00ece2d4d423f7_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:a85190ee795f8fa1e9324af5e0af259ab69fa3a05272a5bb5f4076d372fd5fd1_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2aa45808282b59093c37870eee91e90f3ea0f5505a2c3081044426afc1b24c43_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:57a8db4bfcc0f507fc46e9e0f379bb85558431940861d5ccf7d67c28b4ce70d6_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:628fb2f45f9ae0a1f7ade369ddb11aaf19e849914df3e1602a72bbd747c39403_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:0349e3a25a20874671f34ded49ea0a692a4ccff726ae9a7c212134edd5684aa6_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:3ef001da349fb2880c5b4c7b2b480d84497d2d7b06d5f88b434a5867b15831ea_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:762a843c527f3eae162e4bedee20f88b2df2919499bc07ee156ed6e575673a2b_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d564610e1019680260e701955356a2fbd14de32a46506128208c1ebc6771e0e_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:db1bd588d96d3eff25fce96b0e6d78d042b6041b0bb31a64f4683df65b3af5e3_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5845f4f7c9d013682cf2605a766aeb698e41934f85e3cf4f40a39f95036d2778_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:7e32adf6e8872a6b867d64020b03c1ed4ecbb4079539c3f66e85a595704b008d_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a39cdaf818b6cc9fcb1c780a82c39b1f8d7f00dcb5f4ecdf5795cd7452f56203_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:77dbe735cb007c4cb31d0d01e26aa46f7014ea4089b72630d206526605b78e52_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:489446f0c5a57d9d6bcdb7b0ccba2db6c5f961693bc0c95cda02a6ee52a718ae_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:7c05bf2bab975c345fbb1f54c74ce00b512a7780262087ffeb5e18e39d357e2e_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:bf747665d8f980936633273351381207f0db7e5a920f6c1745dd1282f9a7a7a7_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-29074"
},
{
"category": "external",
"summary": "RHBZ#2445132",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445132"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-29074",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-29074"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-29074",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-29074"
},
{
"category": "external",
"summary": "https://github.com/svg/svgo/security/advisories/GHSA-xpqw-6gx7-v673",
"url": "https://github.com/svg/svgo/security/advisories/GHSA-xpqw-6gx7-v673"
}
],
"release_date": "2026-03-06T07:23:05.716000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-29T21:18:39+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:1f42a9088fd931804a16d6170c2d65a1a49b2433e906d3e3ac59f5169793ae8d_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:82890320e84c3be368d5f7e4b76fb99d6a20340cd5c3b2809e3e23cabc76bc7b_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:dcf424eb353016ba6d2751052099542b330f99ea8ee0540431e50a8df5628263_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:11916"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:0a65832e2056a4f317afc7aaffa870418a67a5c8216787469d5845e7b9e1da56_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:62c33fd8160ec9f5ca795496c302f9ab708167a784f56422705e42a73eaa69fc_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:77f795c922f07ccdb237e98bc0184c2b63e640bb9fb71c183b00ece2d4d423f7_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:a85190ee795f8fa1e9324af5e0af259ab69fa3a05272a5bb5f4076d372fd5fd1_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2aa45808282b59093c37870eee91e90f3ea0f5505a2c3081044426afc1b24c43_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:57a8db4bfcc0f507fc46e9e0f379bb85558431940861d5ccf7d67c28b4ce70d6_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:628fb2f45f9ae0a1f7ade369ddb11aaf19e849914df3e1602a72bbd747c39403_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:0349e3a25a20874671f34ded49ea0a692a4ccff726ae9a7c212134edd5684aa6_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:3ef001da349fb2880c5b4c7b2b480d84497d2d7b06d5f88b434a5867b15831ea_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:762a843c527f3eae162e4bedee20f88b2df2919499bc07ee156ed6e575673a2b_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d564610e1019680260e701955356a2fbd14de32a46506128208c1ebc6771e0e_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:db1bd588d96d3eff25fce96b0e6d78d042b6041b0bb31a64f4683df65b3af5e3_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5845f4f7c9d013682cf2605a766aeb698e41934f85e3cf4f40a39f95036d2778_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:7e32adf6e8872a6b867d64020b03c1ed4ecbb4079539c3f66e85a595704b008d_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a39cdaf818b6cc9fcb1c780a82c39b1f8d7f00dcb5f4ecdf5795cd7452f56203_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:77dbe735cb007c4cb31d0d01e26aa46f7014ea4089b72630d206526605b78e52_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:489446f0c5a57d9d6bcdb7b0ccba2db6c5f961693bc0c95cda02a6ee52a718ae_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:7c05bf2bab975c345fbb1f54c74ce00b512a7780262087ffeb5e18e39d357e2e_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:bf747665d8f980936633273351381207f0db7e5a920f6c1745dd1282f9a7a7a7_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:1f42a9088fd931804a16d6170c2d65a1a49b2433e906d3e3ac59f5169793ae8d_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:82890320e84c3be368d5f7e4b76fb99d6a20340cd5c3b2809e3e23cabc76bc7b_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:dcf424eb353016ba6d2751052099542b330f99ea8ee0540431e50a8df5628263_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:0a65832e2056a4f317afc7aaffa870418a67a5c8216787469d5845e7b9e1da56_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:62c33fd8160ec9f5ca795496c302f9ab708167a784f56422705e42a73eaa69fc_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:77f795c922f07ccdb237e98bc0184c2b63e640bb9fb71c183b00ece2d4d423f7_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:a85190ee795f8fa1e9324af5e0af259ab69fa3a05272a5bb5f4076d372fd5fd1_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2aa45808282b59093c37870eee91e90f3ea0f5505a2c3081044426afc1b24c43_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:57a8db4bfcc0f507fc46e9e0f379bb85558431940861d5ccf7d67c28b4ce70d6_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:628fb2f45f9ae0a1f7ade369ddb11aaf19e849914df3e1602a72bbd747c39403_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:0349e3a25a20874671f34ded49ea0a692a4ccff726ae9a7c212134edd5684aa6_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:3ef001da349fb2880c5b4c7b2b480d84497d2d7b06d5f88b434a5867b15831ea_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:762a843c527f3eae162e4bedee20f88b2df2919499bc07ee156ed6e575673a2b_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d564610e1019680260e701955356a2fbd14de32a46506128208c1ebc6771e0e_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:db1bd588d96d3eff25fce96b0e6d78d042b6041b0bb31a64f4683df65b3af5e3_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5845f4f7c9d013682cf2605a766aeb698e41934f85e3cf4f40a39f95036d2778_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:7e32adf6e8872a6b867d64020b03c1ed4ecbb4079539c3f66e85a595704b008d_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a39cdaf818b6cc9fcb1c780a82c39b1f8d7f00dcb5f4ecdf5795cd7452f56203_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:77dbe735cb007c4cb31d0d01e26aa46f7014ea4089b72630d206526605b78e52_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:489446f0c5a57d9d6bcdb7b0ccba2db6c5f961693bc0c95cda02a6ee52a718ae_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:7c05bf2bab975c345fbb1f54c74ce00b512a7780262087ffeb5e18e39d357e2e_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:bf747665d8f980936633273351381207f0db7e5a920f6c1745dd1282f9a7a7a7_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:1f42a9088fd931804a16d6170c2d65a1a49b2433e906d3e3ac59f5169793ae8d_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:82890320e84c3be368d5f7e4b76fb99d6a20340cd5c3b2809e3e23cabc76bc7b_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:dcf424eb353016ba6d2751052099542b330f99ea8ee0540431e50a8df5628263_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "svgo: SVGO: Denial of Service via XML entity expansion"
},
{
"cve": "CVE-2026-32286",
"cwe": {
"id": "CWE-1285",
"name": "Improper Validation of Specified Index, Position, or Offset in Input"
},
"discovery_date": "2026-03-26T20:01:59.226117+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:0a65832e2056a4f317afc7aaffa870418a67a5c8216787469d5845e7b9e1da56_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:62c33fd8160ec9f5ca795496c302f9ab708167a784f56422705e42a73eaa69fc_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:77f795c922f07ccdb237e98bc0184c2b63e640bb9fb71c183b00ece2d4d423f7_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:a85190ee795f8fa1e9324af5e0af259ab69fa3a05272a5bb5f4076d372fd5fd1_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2aa45808282b59093c37870eee91e90f3ea0f5505a2c3081044426afc1b24c43_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:57a8db4bfcc0f507fc46e9e0f379bb85558431940861d5ccf7d67c28b4ce70d6_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:628fb2f45f9ae0a1f7ade369ddb11aaf19e849914df3e1602a72bbd747c39403_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:0349e3a25a20874671f34ded49ea0a692a4ccff726ae9a7c212134edd5684aa6_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:3ef001da349fb2880c5b4c7b2b480d84497d2d7b06d5f88b434a5867b15831ea_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:762a843c527f3eae162e4bedee20f88b2df2919499bc07ee156ed6e575673a2b_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d564610e1019680260e701955356a2fbd14de32a46506128208c1ebc6771e0e_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:db1bd588d96d3eff25fce96b0e6d78d042b6041b0bb31a64f4683df65b3af5e3_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5845f4f7c9d013682cf2605a766aeb698e41934f85e3cf4f40a39f95036d2778_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:7e32adf6e8872a6b867d64020b03c1ed4ecbb4079539c3f66e85a595704b008d_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a39cdaf818b6cc9fcb1c780a82c39b1f8d7f00dcb5f4ecdf5795cd7452f56203_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:77dbe735cb007c4cb31d0d01e26aa46f7014ea4089b72630d206526605b78e52_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:489446f0c5a57d9d6bcdb7b0ccba2db6c5f961693bc0c95cda02a6ee52a718ae_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:7c05bf2bab975c345fbb1f54c74ce00b512a7780262087ffeb5e18e39d357e2e_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:bf747665d8f980936633273351381207f0db7e5a920f6c1745dd1282f9a7a7a7_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2451847"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the DataRow.Decode function within the github.com/jackc/pgproto3/v2 component. A malicious or compromised PostgreSQL server can exploit this by sending a DataRow message containing a negative field length. This improper validation of field lengths leads to a \"slice bounds out of range panic\", resulting in a Denial of Service (DoS) for the affected application.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "github.com/jackc/pgproto3/v2: github.com/jackc/pgproto3/v2: Denial of Service via malicious PostgreSQL server",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The PostgreSQL server multicluster-globalhub-manager connects to is either provisioned by the operator itself or specified by the admin managing the deployment. To successfully exploit the vulnerability in this context the attacker would need to compromise the operator-deployed PostgreSQL server to force a crafted malicious DataRow message or they would need to have the privileges required to modify the operator-provisioned deployment or configure globalhub-manager to use a compromised/malicious \u201cBYO Postgres\u201d server.\n\nThe first scenario (compromising a legitimate PostgreSQL server) would change Attack Complexity from Low to High resulting in an adjusted CVSS v3.1 score of 5.9 (Moderate)\nThe other scenarios (manipulating the operator provisioned-deployment or configuring the globalhub-manager to use a malicious server) would maintain AC:L but would require privileged access. This would change Privileges Required from None to High resulting in an adjusted CVSS v3.1 score of 4.9 (Moderate)\n\nBased on the above the Impact Rating for multicluster-globalhub-manager-rhel9 is Moderate.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:1f42a9088fd931804a16d6170c2d65a1a49b2433e906d3e3ac59f5169793ae8d_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:82890320e84c3be368d5f7e4b76fb99d6a20340cd5c3b2809e3e23cabc76bc7b_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:dcf424eb353016ba6d2751052099542b330f99ea8ee0540431e50a8df5628263_amd64"
],
"known_not_affected": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:0a65832e2056a4f317afc7aaffa870418a67a5c8216787469d5845e7b9e1da56_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:62c33fd8160ec9f5ca795496c302f9ab708167a784f56422705e42a73eaa69fc_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:77f795c922f07ccdb237e98bc0184c2b63e640bb9fb71c183b00ece2d4d423f7_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:a85190ee795f8fa1e9324af5e0af259ab69fa3a05272a5bb5f4076d372fd5fd1_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2aa45808282b59093c37870eee91e90f3ea0f5505a2c3081044426afc1b24c43_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:57a8db4bfcc0f507fc46e9e0f379bb85558431940861d5ccf7d67c28b4ce70d6_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:628fb2f45f9ae0a1f7ade369ddb11aaf19e849914df3e1602a72bbd747c39403_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:0349e3a25a20874671f34ded49ea0a692a4ccff726ae9a7c212134edd5684aa6_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:3ef001da349fb2880c5b4c7b2b480d84497d2d7b06d5f88b434a5867b15831ea_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:762a843c527f3eae162e4bedee20f88b2df2919499bc07ee156ed6e575673a2b_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d564610e1019680260e701955356a2fbd14de32a46506128208c1ebc6771e0e_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:db1bd588d96d3eff25fce96b0e6d78d042b6041b0bb31a64f4683df65b3af5e3_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5845f4f7c9d013682cf2605a766aeb698e41934f85e3cf4f40a39f95036d2778_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:7e32adf6e8872a6b867d64020b03c1ed4ecbb4079539c3f66e85a595704b008d_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a39cdaf818b6cc9fcb1c780a82c39b1f8d7f00dcb5f4ecdf5795cd7452f56203_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:77dbe735cb007c4cb31d0d01e26aa46f7014ea4089b72630d206526605b78e52_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:489446f0c5a57d9d6bcdb7b0ccba2db6c5f961693bc0c95cda02a6ee52a718ae_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:7c05bf2bab975c345fbb1f54c74ce00b512a7780262087ffeb5e18e39d357e2e_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:bf747665d8f980936633273351381207f0db7e5a920f6c1745dd1282f9a7a7a7_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-32286"
},
{
"category": "external",
"summary": "RHBZ#2451847",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451847"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-32286",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32286"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32286",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32286"
},
{
"category": "external",
"summary": "https://github.com/golang/vulndb/issues/4518",
"url": "https://github.com/golang/vulndb/issues/4518"
},
{
"category": "external",
"summary": "https://github.com/jackc/pgx/issues/2507",
"url": "https://github.com/jackc/pgx/issues/2507"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4518",
"url": "https://pkg.go.dev/vuln/GO-2026-4518"
}
],
"release_date": "2026-03-26T19:40:51.974000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-29T21:18:39+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:1f42a9088fd931804a16d6170c2d65a1a49b2433e906d3e3ac59f5169793ae8d_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:82890320e84c3be368d5f7e4b76fb99d6a20340cd5c3b2809e3e23cabc76bc7b_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:dcf424eb353016ba6d2751052099542b330f99ea8ee0540431e50a8df5628263_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:11916"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:0a65832e2056a4f317afc7aaffa870418a67a5c8216787469d5845e7b9e1da56_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:62c33fd8160ec9f5ca795496c302f9ab708167a784f56422705e42a73eaa69fc_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:77f795c922f07ccdb237e98bc0184c2b63e640bb9fb71c183b00ece2d4d423f7_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:a85190ee795f8fa1e9324af5e0af259ab69fa3a05272a5bb5f4076d372fd5fd1_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2aa45808282b59093c37870eee91e90f3ea0f5505a2c3081044426afc1b24c43_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:57a8db4bfcc0f507fc46e9e0f379bb85558431940861d5ccf7d67c28b4ce70d6_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:628fb2f45f9ae0a1f7ade369ddb11aaf19e849914df3e1602a72bbd747c39403_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:0349e3a25a20874671f34ded49ea0a692a4ccff726ae9a7c212134edd5684aa6_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:3ef001da349fb2880c5b4c7b2b480d84497d2d7b06d5f88b434a5867b15831ea_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:762a843c527f3eae162e4bedee20f88b2df2919499bc07ee156ed6e575673a2b_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d564610e1019680260e701955356a2fbd14de32a46506128208c1ebc6771e0e_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:db1bd588d96d3eff25fce96b0e6d78d042b6041b0bb31a64f4683df65b3af5e3_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5845f4f7c9d013682cf2605a766aeb698e41934f85e3cf4f40a39f95036d2778_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:7e32adf6e8872a6b867d64020b03c1ed4ecbb4079539c3f66e85a595704b008d_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a39cdaf818b6cc9fcb1c780a82c39b1f8d7f00dcb5f4ecdf5795cd7452f56203_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:77dbe735cb007c4cb31d0d01e26aa46f7014ea4089b72630d206526605b78e52_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:489446f0c5a57d9d6bcdb7b0ccba2db6c5f961693bc0c95cda02a6ee52a718ae_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:7c05bf2bab975c345fbb1f54c74ce00b512a7780262087ffeb5e18e39d357e2e_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:bf747665d8f980936633273351381207f0db7e5a920f6c1745dd1282f9a7a7a7_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:1f42a9088fd931804a16d6170c2d65a1a49b2433e906d3e3ac59f5169793ae8d_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:82890320e84c3be368d5f7e4b76fb99d6a20340cd5c3b2809e3e23cabc76bc7b_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:dcf424eb353016ba6d2751052099542b330f99ea8ee0540431e50a8df5628263_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:0a65832e2056a4f317afc7aaffa870418a67a5c8216787469d5845e7b9e1da56_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:62c33fd8160ec9f5ca795496c302f9ab708167a784f56422705e42a73eaa69fc_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:77f795c922f07ccdb237e98bc0184c2b63e640bb9fb71c183b00ece2d4d423f7_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:a85190ee795f8fa1e9324af5e0af259ab69fa3a05272a5bb5f4076d372fd5fd1_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2aa45808282b59093c37870eee91e90f3ea0f5505a2c3081044426afc1b24c43_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:57a8db4bfcc0f507fc46e9e0f379bb85558431940861d5ccf7d67c28b4ce70d6_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:628fb2f45f9ae0a1f7ade369ddb11aaf19e849914df3e1602a72bbd747c39403_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:0349e3a25a20874671f34ded49ea0a692a4ccff726ae9a7c212134edd5684aa6_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:3ef001da349fb2880c5b4c7b2b480d84497d2d7b06d5f88b434a5867b15831ea_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:762a843c527f3eae162e4bedee20f88b2df2919499bc07ee156ed6e575673a2b_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d564610e1019680260e701955356a2fbd14de32a46506128208c1ebc6771e0e_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:db1bd588d96d3eff25fce96b0e6d78d042b6041b0bb31a64f4683df65b3af5e3_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5845f4f7c9d013682cf2605a766aeb698e41934f85e3cf4f40a39f95036d2778_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:7e32adf6e8872a6b867d64020b03c1ed4ecbb4079539c3f66e85a595704b008d_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a39cdaf818b6cc9fcb1c780a82c39b1f8d7f00dcb5f4ecdf5795cd7452f56203_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:77dbe735cb007c4cb31d0d01e26aa46f7014ea4089b72630d206526605b78e52_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:489446f0c5a57d9d6bcdb7b0ccba2db6c5f961693bc0c95cda02a6ee52a718ae_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:7c05bf2bab975c345fbb1f54c74ce00b512a7780262087ffeb5e18e39d357e2e_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:bf747665d8f980936633273351381207f0db7e5a920f6c1745dd1282f9a7a7a7_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:1f42a9088fd931804a16d6170c2d65a1a49b2433e906d3e3ac59f5169793ae8d_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:82890320e84c3be368d5f7e4b76fb99d6a20340cd5c3b2809e3e23cabc76bc7b_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:dcf424eb353016ba6d2751052099542b330f99ea8ee0540431e50a8df5628263_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "github.com/jackc/pgproto3/v2: github.com/jackc/pgproto3/v2: Denial of Service via malicious PostgreSQL server"
},
{
"cve": "CVE-2026-33186",
"cwe": {
"id": "CWE-551",
"name": "Incorrect Behavior Order: Authorization Before Parsing and Canonicalization"
},
"discovery_date": "2026-03-20T23:02:27.802640+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:0a65832e2056a4f317afc7aaffa870418a67a5c8216787469d5845e7b9e1da56_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:62c33fd8160ec9f5ca795496c302f9ab708167a784f56422705e42a73eaa69fc_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:77f795c922f07ccdb237e98bc0184c2b63e640bb9fb71c183b00ece2d4d423f7_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:a85190ee795f8fa1e9324af5e0af259ab69fa3a05272a5bb5f4076d372fd5fd1_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2aa45808282b59093c37870eee91e90f3ea0f5505a2c3081044426afc1b24c43_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:57a8db4bfcc0f507fc46e9e0f379bb85558431940861d5ccf7d67c28b4ce70d6_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:628fb2f45f9ae0a1f7ade369ddb11aaf19e849914df3e1602a72bbd747c39403_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:0349e3a25a20874671f34ded49ea0a692a4ccff726ae9a7c212134edd5684aa6_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:3ef001da349fb2880c5b4c7b2b480d84497d2d7b06d5f88b434a5867b15831ea_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:762a843c527f3eae162e4bedee20f88b2df2919499bc07ee156ed6e575673a2b_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d564610e1019680260e701955356a2fbd14de32a46506128208c1ebc6771e0e_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:db1bd588d96d3eff25fce96b0e6d78d042b6041b0bb31a64f4683df65b3af5e3_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5845f4f7c9d013682cf2605a766aeb698e41934f85e3cf4f40a39f95036d2778_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:7e32adf6e8872a6b867d64020b03c1ed4ecbb4079539c3f66e85a595704b008d_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a39cdaf818b6cc9fcb1c780a82c39b1f8d7f00dcb5f4ecdf5795cd7452f56203_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:77dbe735cb007c4cb31d0d01e26aa46f7014ea4089b72630d206526605b78e52_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:489446f0c5a57d9d6bcdb7b0ccba2db6c5f961693bc0c95cda02a6ee52a718ae_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:7c05bf2bab975c345fbb1f54c74ce00b512a7780262087ffeb5e18e39d357e2e_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:bf747665d8f980936633273351381207f0db7e5a920f6c1745dd1282f9a7a7a7_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2449833"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in gRPC-Go, the Go language implementation of gRPC. This vulnerability, an authorization bypass, is caused by improper input validation of the HTTP/2 `:path` pseudo-header. A remote attacker can exploit this by sending raw HTTP/2 frames with a malformed `:path` that omits the mandatory leading slash. This allows the attacker to bypass defined security policies, potentially leading to unauthorized access to services or information disclosure.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "google.golang.org/grpc/grpc-go: google.golang.org/grpc/authz: gRPC-Go: Authorization bypass due to improper HTTP/2 path validation",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:1f42a9088fd931804a16d6170c2d65a1a49b2433e906d3e3ac59f5169793ae8d_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:82890320e84c3be368d5f7e4b76fb99d6a20340cd5c3b2809e3e23cabc76bc7b_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:dcf424eb353016ba6d2751052099542b330f99ea8ee0540431e50a8df5628263_amd64"
],
"known_not_affected": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:0a65832e2056a4f317afc7aaffa870418a67a5c8216787469d5845e7b9e1da56_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:62c33fd8160ec9f5ca795496c302f9ab708167a784f56422705e42a73eaa69fc_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:77f795c922f07ccdb237e98bc0184c2b63e640bb9fb71c183b00ece2d4d423f7_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:a85190ee795f8fa1e9324af5e0af259ab69fa3a05272a5bb5f4076d372fd5fd1_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2aa45808282b59093c37870eee91e90f3ea0f5505a2c3081044426afc1b24c43_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:57a8db4bfcc0f507fc46e9e0f379bb85558431940861d5ccf7d67c28b4ce70d6_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:628fb2f45f9ae0a1f7ade369ddb11aaf19e849914df3e1602a72bbd747c39403_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:0349e3a25a20874671f34ded49ea0a692a4ccff726ae9a7c212134edd5684aa6_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:3ef001da349fb2880c5b4c7b2b480d84497d2d7b06d5f88b434a5867b15831ea_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:762a843c527f3eae162e4bedee20f88b2df2919499bc07ee156ed6e575673a2b_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d564610e1019680260e701955356a2fbd14de32a46506128208c1ebc6771e0e_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:db1bd588d96d3eff25fce96b0e6d78d042b6041b0bb31a64f4683df65b3af5e3_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5845f4f7c9d013682cf2605a766aeb698e41934f85e3cf4f40a39f95036d2778_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:7e32adf6e8872a6b867d64020b03c1ed4ecbb4079539c3f66e85a595704b008d_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a39cdaf818b6cc9fcb1c780a82c39b1f8d7f00dcb5f4ecdf5795cd7452f56203_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:77dbe735cb007c4cb31d0d01e26aa46f7014ea4089b72630d206526605b78e52_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:489446f0c5a57d9d6bcdb7b0ccba2db6c5f961693bc0c95cda02a6ee52a718ae_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:7c05bf2bab975c345fbb1f54c74ce00b512a7780262087ffeb5e18e39d357e2e_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:bf747665d8f980936633273351381207f0db7e5a920f6c1745dd1282f9a7a7a7_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-33186"
},
{
"category": "external",
"summary": "RHBZ#2449833",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2449833"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-33186",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33186"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-33186",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33186"
},
{
"category": "external",
"summary": "https://github.com/grpc/grpc-go/security/advisories/GHSA-p77j-4mvh-x3m3",
"url": "https://github.com/grpc/grpc-go/security/advisories/GHSA-p77j-4mvh-x3m3"
}
],
"release_date": "2026-03-20T22:23:32.147000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-29T21:18:39+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:1f42a9088fd931804a16d6170c2d65a1a49b2433e906d3e3ac59f5169793ae8d_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:82890320e84c3be368d5f7e4b76fb99d6a20340cd5c3b2809e3e23cabc76bc7b_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:dcf424eb353016ba6d2751052099542b330f99ea8ee0540431e50a8df5628263_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:11916"
},
{
"category": "workaround",
"details": "To mitigate this issue, implement infrastructure-level normalization to ensure all incoming HTTP/2 `:path` headers are properly formatted with a leading slash before reaching the gRPC-Go server. This can be achieved by configuring a reverse proxy or API gateway to validate and normalize the `:path` header. Ensure that any such intermediary is properly configured and restarted to apply the changes, which may temporarily impact service availability.",
"product_ids": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:0a65832e2056a4f317afc7aaffa870418a67a5c8216787469d5845e7b9e1da56_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:62c33fd8160ec9f5ca795496c302f9ab708167a784f56422705e42a73eaa69fc_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:77f795c922f07ccdb237e98bc0184c2b63e640bb9fb71c183b00ece2d4d423f7_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:a85190ee795f8fa1e9324af5e0af259ab69fa3a05272a5bb5f4076d372fd5fd1_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2aa45808282b59093c37870eee91e90f3ea0f5505a2c3081044426afc1b24c43_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:57a8db4bfcc0f507fc46e9e0f379bb85558431940861d5ccf7d67c28b4ce70d6_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:628fb2f45f9ae0a1f7ade369ddb11aaf19e849914df3e1602a72bbd747c39403_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:0349e3a25a20874671f34ded49ea0a692a4ccff726ae9a7c212134edd5684aa6_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:3ef001da349fb2880c5b4c7b2b480d84497d2d7b06d5f88b434a5867b15831ea_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:762a843c527f3eae162e4bedee20f88b2df2919499bc07ee156ed6e575673a2b_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d564610e1019680260e701955356a2fbd14de32a46506128208c1ebc6771e0e_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:db1bd588d96d3eff25fce96b0e6d78d042b6041b0bb31a64f4683df65b3af5e3_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5845f4f7c9d013682cf2605a766aeb698e41934f85e3cf4f40a39f95036d2778_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:7e32adf6e8872a6b867d64020b03c1ed4ecbb4079539c3f66e85a595704b008d_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a39cdaf818b6cc9fcb1c780a82c39b1f8d7f00dcb5f4ecdf5795cd7452f56203_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:77dbe735cb007c4cb31d0d01e26aa46f7014ea4089b72630d206526605b78e52_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:489446f0c5a57d9d6bcdb7b0ccba2db6c5f961693bc0c95cda02a6ee52a718ae_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:7c05bf2bab975c345fbb1f54c74ce00b512a7780262087ffeb5e18e39d357e2e_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:bf747665d8f980936633273351381207f0db7e5a920f6c1745dd1282f9a7a7a7_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:1f42a9088fd931804a16d6170c2d65a1a49b2433e906d3e3ac59f5169793ae8d_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:82890320e84c3be368d5f7e4b76fb99d6a20340cd5c3b2809e3e23cabc76bc7b_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:dcf424eb353016ba6d2751052099542b330f99ea8ee0540431e50a8df5628263_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:0a65832e2056a4f317afc7aaffa870418a67a5c8216787469d5845e7b9e1da56_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:62c33fd8160ec9f5ca795496c302f9ab708167a784f56422705e42a73eaa69fc_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:77f795c922f07ccdb237e98bc0184c2b63e640bb9fb71c183b00ece2d4d423f7_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:a85190ee795f8fa1e9324af5e0af259ab69fa3a05272a5bb5f4076d372fd5fd1_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2aa45808282b59093c37870eee91e90f3ea0f5505a2c3081044426afc1b24c43_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:57a8db4bfcc0f507fc46e9e0f379bb85558431940861d5ccf7d67c28b4ce70d6_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:628fb2f45f9ae0a1f7ade369ddb11aaf19e849914df3e1602a72bbd747c39403_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:0349e3a25a20874671f34ded49ea0a692a4ccff726ae9a7c212134edd5684aa6_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:3ef001da349fb2880c5b4c7b2b480d84497d2d7b06d5f88b434a5867b15831ea_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:762a843c527f3eae162e4bedee20f88b2df2919499bc07ee156ed6e575673a2b_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d564610e1019680260e701955356a2fbd14de32a46506128208c1ebc6771e0e_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:db1bd588d96d3eff25fce96b0e6d78d042b6041b0bb31a64f4683df65b3af5e3_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5845f4f7c9d013682cf2605a766aeb698e41934f85e3cf4f40a39f95036d2778_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:7e32adf6e8872a6b867d64020b03c1ed4ecbb4079539c3f66e85a595704b008d_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a39cdaf818b6cc9fcb1c780a82c39b1f8d7f00dcb5f4ecdf5795cd7452f56203_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:77dbe735cb007c4cb31d0d01e26aa46f7014ea4089b72630d206526605b78e52_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:489446f0c5a57d9d6bcdb7b0ccba2db6c5f961693bc0c95cda02a6ee52a718ae_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:7c05bf2bab975c345fbb1f54c74ce00b512a7780262087ffeb5e18e39d357e2e_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:bf747665d8f980936633273351381207f0db7e5a920f6c1745dd1282f9a7a7a7_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:1f42a9088fd931804a16d6170c2d65a1a49b2433e906d3e3ac59f5169793ae8d_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:82890320e84c3be368d5f7e4b76fb99d6a20340cd5c3b2809e3e23cabc76bc7b_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:dcf424eb353016ba6d2751052099542b330f99ea8ee0540431e50a8df5628263_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "google.golang.org/grpc/grpc-go: google.golang.org/grpc/authz: gRPC-Go: Authorization bypass due to improper HTTP/2 path validation"
},
{
"cve": "CVE-2026-34986",
"cwe": {
"id": "CWE-131",
"name": "Incorrect Calculation of Buffer Size"
},
"discovery_date": "2026-04-06T17:01:34.639203+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:0a65832e2056a4f317afc7aaffa870418a67a5c8216787469d5845e7b9e1da56_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:62c33fd8160ec9f5ca795496c302f9ab708167a784f56422705e42a73eaa69fc_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:77f795c922f07ccdb237e98bc0184c2b63e640bb9fb71c183b00ece2d4d423f7_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:a85190ee795f8fa1e9324af5e0af259ab69fa3a05272a5bb5f4076d372fd5fd1_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2aa45808282b59093c37870eee91e90f3ea0f5505a2c3081044426afc1b24c43_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:57a8db4bfcc0f507fc46e9e0f379bb85558431940861d5ccf7d67c28b4ce70d6_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:628fb2f45f9ae0a1f7ade369ddb11aaf19e849914df3e1602a72bbd747c39403_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:0349e3a25a20874671f34ded49ea0a692a4ccff726ae9a7c212134edd5684aa6_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:3ef001da349fb2880c5b4c7b2b480d84497d2d7b06d5f88b434a5867b15831ea_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:762a843c527f3eae162e4bedee20f88b2df2919499bc07ee156ed6e575673a2b_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d564610e1019680260e701955356a2fbd14de32a46506128208c1ebc6771e0e_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:db1bd588d96d3eff25fce96b0e6d78d042b6041b0bb31a64f4683df65b3af5e3_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5845f4f7c9d013682cf2605a766aeb698e41934f85e3cf4f40a39f95036d2778_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:7e32adf6e8872a6b867d64020b03c1ed4ecbb4079539c3f66e85a595704b008d_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a39cdaf818b6cc9fcb1c780a82c39b1f8d7f00dcb5f4ecdf5795cd7452f56203_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:77dbe735cb007c4cb31d0d01e26aa46f7014ea4089b72630d206526605b78e52_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:489446f0c5a57d9d6bcdb7b0ccba2db6c5f961693bc0c95cda02a6ee52a718ae_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:7c05bf2bab975c345fbb1f54c74ce00b512a7780262087ffeb5e18e39d357e2e_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:bf747665d8f980936633273351381207f0db7e5a920f6c1745dd1282f9a7a7a7_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2455470"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Go JOSE, a library for handling JSON Web Encryption (JWE) objects. A remote attacker could exploit this vulnerability by providing a specially crafted JWE object. When decrypting such an object, if a key wrapping algorithm is specified but the encrypted key field is empty, the application can crash. This leads to a denial of service (DoS), making the affected service unavailable to legitimate users.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "github.com/go-jose/go-jose/v3: github.com/go-jose/go-jose/v4: Go JOSE: Denial of Service via crafted JSON Web Encryption (JWE) object",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:1f42a9088fd931804a16d6170c2d65a1a49b2433e906d3e3ac59f5169793ae8d_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:82890320e84c3be368d5f7e4b76fb99d6a20340cd5c3b2809e3e23cabc76bc7b_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:dcf424eb353016ba6d2751052099542b330f99ea8ee0540431e50a8df5628263_amd64"
],
"known_not_affected": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:0a65832e2056a4f317afc7aaffa870418a67a5c8216787469d5845e7b9e1da56_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:62c33fd8160ec9f5ca795496c302f9ab708167a784f56422705e42a73eaa69fc_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:77f795c922f07ccdb237e98bc0184c2b63e640bb9fb71c183b00ece2d4d423f7_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:a85190ee795f8fa1e9324af5e0af259ab69fa3a05272a5bb5f4076d372fd5fd1_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2aa45808282b59093c37870eee91e90f3ea0f5505a2c3081044426afc1b24c43_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:57a8db4bfcc0f507fc46e9e0f379bb85558431940861d5ccf7d67c28b4ce70d6_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:628fb2f45f9ae0a1f7ade369ddb11aaf19e849914df3e1602a72bbd747c39403_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:0349e3a25a20874671f34ded49ea0a692a4ccff726ae9a7c212134edd5684aa6_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:3ef001da349fb2880c5b4c7b2b480d84497d2d7b06d5f88b434a5867b15831ea_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:762a843c527f3eae162e4bedee20f88b2df2919499bc07ee156ed6e575673a2b_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d564610e1019680260e701955356a2fbd14de32a46506128208c1ebc6771e0e_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:db1bd588d96d3eff25fce96b0e6d78d042b6041b0bb31a64f4683df65b3af5e3_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5845f4f7c9d013682cf2605a766aeb698e41934f85e3cf4f40a39f95036d2778_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:7e32adf6e8872a6b867d64020b03c1ed4ecbb4079539c3f66e85a595704b008d_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a39cdaf818b6cc9fcb1c780a82c39b1f8d7f00dcb5f4ecdf5795cd7452f56203_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:77dbe735cb007c4cb31d0d01e26aa46f7014ea4089b72630d206526605b78e52_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:489446f0c5a57d9d6bcdb7b0ccba2db6c5f961693bc0c95cda02a6ee52a718ae_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:7c05bf2bab975c345fbb1f54c74ce00b512a7780262087ffeb5e18e39d357e2e_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:bf747665d8f980936633273351381207f0db7e5a920f6c1745dd1282f9a7a7a7_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-34986"
},
{
"category": "external",
"summary": "RHBZ#2455470",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2455470"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-34986",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34986"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-34986",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34986"
},
{
"category": "external",
"summary": "https://github.com/go-jose/go-jose/security/advisories/GHSA-78h2-9frx-2jm8",
"url": "https://github.com/go-jose/go-jose/security/advisories/GHSA-78h2-9frx-2jm8"
},
{
"category": "external",
"summary": "https://pkg.go.dev/github.com/go-jose/go-jose/v4#pkg-constants",
"url": "https://pkg.go.dev/github.com/go-jose/go-jose/v4#pkg-constants"
}
],
"release_date": "2026-04-06T16:22:45.353000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-29T21:18:39+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:1f42a9088fd931804a16d6170c2d65a1a49b2433e906d3e3ac59f5169793ae8d_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:82890320e84c3be368d5f7e4b76fb99d6a20340cd5c3b2809e3e23cabc76bc7b_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:dcf424eb353016ba6d2751052099542b330f99ea8ee0540431e50a8df5628263_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:11916"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:0a65832e2056a4f317afc7aaffa870418a67a5c8216787469d5845e7b9e1da56_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:62c33fd8160ec9f5ca795496c302f9ab708167a784f56422705e42a73eaa69fc_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:77f795c922f07ccdb237e98bc0184c2b63e640bb9fb71c183b00ece2d4d423f7_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:a85190ee795f8fa1e9324af5e0af259ab69fa3a05272a5bb5f4076d372fd5fd1_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2aa45808282b59093c37870eee91e90f3ea0f5505a2c3081044426afc1b24c43_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:57a8db4bfcc0f507fc46e9e0f379bb85558431940861d5ccf7d67c28b4ce70d6_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:628fb2f45f9ae0a1f7ade369ddb11aaf19e849914df3e1602a72bbd747c39403_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:0349e3a25a20874671f34ded49ea0a692a4ccff726ae9a7c212134edd5684aa6_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:3ef001da349fb2880c5b4c7b2b480d84497d2d7b06d5f88b434a5867b15831ea_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:762a843c527f3eae162e4bedee20f88b2df2919499bc07ee156ed6e575673a2b_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d564610e1019680260e701955356a2fbd14de32a46506128208c1ebc6771e0e_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:db1bd588d96d3eff25fce96b0e6d78d042b6041b0bb31a64f4683df65b3af5e3_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5845f4f7c9d013682cf2605a766aeb698e41934f85e3cf4f40a39f95036d2778_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:7e32adf6e8872a6b867d64020b03c1ed4ecbb4079539c3f66e85a595704b008d_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a39cdaf818b6cc9fcb1c780a82c39b1f8d7f00dcb5f4ecdf5795cd7452f56203_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:77dbe735cb007c4cb31d0d01e26aa46f7014ea4089b72630d206526605b78e52_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:489446f0c5a57d9d6bcdb7b0ccba2db6c5f961693bc0c95cda02a6ee52a718ae_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:7c05bf2bab975c345fbb1f54c74ce00b512a7780262087ffeb5e18e39d357e2e_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:bf747665d8f980936633273351381207f0db7e5a920f6c1745dd1282f9a7a7a7_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:1f42a9088fd931804a16d6170c2d65a1a49b2433e906d3e3ac59f5169793ae8d_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:82890320e84c3be368d5f7e4b76fb99d6a20340cd5c3b2809e3e23cabc76bc7b_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:dcf424eb353016ba6d2751052099542b330f99ea8ee0540431e50a8df5628263_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:0a65832e2056a4f317afc7aaffa870418a67a5c8216787469d5845e7b9e1da56_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:62c33fd8160ec9f5ca795496c302f9ab708167a784f56422705e42a73eaa69fc_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:77f795c922f07ccdb237e98bc0184c2b63e640bb9fb71c183b00ece2d4d423f7_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:a85190ee795f8fa1e9324af5e0af259ab69fa3a05272a5bb5f4076d372fd5fd1_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2aa45808282b59093c37870eee91e90f3ea0f5505a2c3081044426afc1b24c43_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:57a8db4bfcc0f507fc46e9e0f379bb85558431940861d5ccf7d67c28b4ce70d6_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:628fb2f45f9ae0a1f7ade369ddb11aaf19e849914df3e1602a72bbd747c39403_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:0349e3a25a20874671f34ded49ea0a692a4ccff726ae9a7c212134edd5684aa6_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:3ef001da349fb2880c5b4c7b2b480d84497d2d7b06d5f88b434a5867b15831ea_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:762a843c527f3eae162e4bedee20f88b2df2919499bc07ee156ed6e575673a2b_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d564610e1019680260e701955356a2fbd14de32a46506128208c1ebc6771e0e_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:db1bd588d96d3eff25fce96b0e6d78d042b6041b0bb31a64f4683df65b3af5e3_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5845f4f7c9d013682cf2605a766aeb698e41934f85e3cf4f40a39f95036d2778_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:7e32adf6e8872a6b867d64020b03c1ed4ecbb4079539c3f66e85a595704b008d_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a39cdaf818b6cc9fcb1c780a82c39b1f8d7f00dcb5f4ecdf5795cd7452f56203_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:77dbe735cb007c4cb31d0d01e26aa46f7014ea4089b72630d206526605b78e52_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:489446f0c5a57d9d6bcdb7b0ccba2db6c5f961693bc0c95cda02a6ee52a718ae_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:7c05bf2bab975c345fbb1f54c74ce00b512a7780262087ffeb5e18e39d357e2e_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:bf747665d8f980936633273351381207f0db7e5a920f6c1745dd1282f9a7a7a7_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:1f42a9088fd931804a16d6170c2d65a1a49b2433e906d3e3ac59f5169793ae8d_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:82890320e84c3be368d5f7e4b76fb99d6a20340cd5c3b2809e3e23cabc76bc7b_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:dcf424eb353016ba6d2751052099542b330f99ea8ee0540431e50a8df5628263_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "github.com/go-jose/go-jose/v3: github.com/go-jose/go-jose/v4: Go JOSE: Denial of Service via crafted JSON Web Encryption (JWE) object"
}
]
}
RHSA-2026:11996
Vulnerability from csaf_redhat - Published: 2026-04-30 01:20 - Updated: 2026-06-27 14:37Summary
Red Hat Security Advisory: Red Hat Quay 3.9.21
Severity
Important
Notes
Topic: Red Hat Quay 3.9.21 is now available with bug fixes.
Details: Quay 3.9.21
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
No description is available for this CVE.
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:2c3c6f149c673cfd68cb5cc62f75bb75480a8d4f4470a7de93191bca1cc0f253_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:593f1bf28190a411fde00fc5bedf5ca4059b0213b7c3e6455c205aa18ad7d7d5_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:9ad34f2c10bd76352bd771579118ffdcc2a2138a0d1aecae4867b5772cd56814_s390x | — |
Vendor Fix
fix
|
Known not affected
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:9830eae6b8589e5a4a2e50d201a33f6e9b64ac3b04d7d045d7fd812609fde97a_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:b8f34f08a7a695f6ccf9b88e6c2ce1f1cae76f98d9005588424b0ef8a58f4549_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:bad2d6be0381249da08576fc6e733dd51cb30a0997b17b512c19a39b0e30df08_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:d201aa07519a56ee384d8ce004ff97ff4dcade74fed273dd5e731a0ce249c021_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6a8c24949c45070e83a5d492e7235969b2a241a37649baea8d8af48d8444f0db_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:787fc4e689380b857b2a4e62d2950952f97117b65cd84d033f2e8e8e9b28ef19_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:78aeb71e263279f23deaacb546676aa3739365e6581b3a2d8f1846339ec68f6f_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8b22279c558993df180f6dce49f37a429804031963185415d70eafe4af1d5875_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:1b9ba50e0ed691c3f38bbfa1c979ad91ffbc618fea4ee91748412d941c53a5da_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:84a239c3762ffa42bde673f5e6715acabcafa67122ad8684b9c6672fc1300cea_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:c2d65b2417e8c05886b3cb50c7696ae83e04418aebc4dc6f6c96ecebe39991ac_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9b37a43bac0c38e9b7debf427890b9b664d93b2ccd8c4298e860b7ee89ee3c43_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6e0d179df39acec2ac05188366be788a84d35613145c24054a90656712108fe5_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a0d02b6a2c597aa278b5b512185ffc0dde7ea1769e1178907cd0dbe5b739309b_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d18d9c62d72faf3bf5388fa994dfe715a5f46d3a7ea5042952de7f1a750f297e_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:637054b16092a2f972f7da7c1d47c00f5f2ca670b464374d68cbeabd25db3889_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:048a42a26c19cbc973e36284a7a80018af580c97d7046bfc513e7cdfae45292f_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:132c4a7071f70729f971e7c258a60c8b2c6d6427adae3014acdb066fb3415cbb_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:3ae36f520f4560f23b7b4ecbe24fd9bfb6dc3199aaa0bed38dec7c381e5b4067_ppc64le | — |
The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid.
7.5 (High)
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:2c3c6f149c673cfd68cb5cc62f75bb75480a8d4f4470a7de93191bca1cc0f253_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:593f1bf28190a411fde00fc5bedf5ca4059b0213b7c3e6455c205aa18ad7d7d5_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:9ad34f2c10bd76352bd771579118ffdcc2a2138a0d1aecae4867b5772cd56814_s390x | — |
Vendor Fix
fix
Workaround
|
Known not affected
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:9830eae6b8589e5a4a2e50d201a33f6e9b64ac3b04d7d045d7fd812609fde97a_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:b8f34f08a7a695f6ccf9b88e6c2ce1f1cae76f98d9005588424b0ef8a58f4549_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:bad2d6be0381249da08576fc6e733dd51cb30a0997b17b512c19a39b0e30df08_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:d201aa07519a56ee384d8ce004ff97ff4dcade74fed273dd5e731a0ce249c021_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6a8c24949c45070e83a5d492e7235969b2a241a37649baea8d8af48d8444f0db_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:787fc4e689380b857b2a4e62d2950952f97117b65cd84d033f2e8e8e9b28ef19_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:78aeb71e263279f23deaacb546676aa3739365e6581b3a2d8f1846339ec68f6f_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8b22279c558993df180f6dce49f37a429804031963185415d70eafe4af1d5875_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:1b9ba50e0ed691c3f38bbfa1c979ad91ffbc618fea4ee91748412d941c53a5da_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:84a239c3762ffa42bde673f5e6715acabcafa67122ad8684b9c6672fc1300cea_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:c2d65b2417e8c05886b3cb50c7696ae83e04418aebc4dc6f6c96ecebe39991ac_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9b37a43bac0c38e9b7debf427890b9b664d93b2ccd8c4298e860b7ee89ee3c43_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6e0d179df39acec2ac05188366be788a84d35613145c24054a90656712108fe5_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a0d02b6a2c597aa278b5b512185ffc0dde7ea1769e1178907cd0dbe5b739309b_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d18d9c62d72faf3bf5388fa994dfe715a5f46d3a7ea5042952de7f1a750f297e_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:637054b16092a2f972f7da7c1d47c00f5f2ca670b464374d68cbeabd25db3889_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:048a42a26c19cbc973e36284a7a80018af580c97d7046bfc513e7cdfae45292f_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:132c4a7071f70729f971e7c258a60c8b2c6d6427adae3014acdb066fb3415cbb_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:3ae36f520f4560f23b7b4ecbe24fd9bfb6dc3199aaa0bed38dec7c381e5b4067_ppc64le | — |
Workaround
|
Threats
Impact
Important
A flaw was found in pyOpenSSL. The set_cookie_generate_callback callback function can be used to generate DTLS cookies. When the callback returns a cookie string or byte sequence longer than 256 bytes, a buffer overflow can be triggered due to a missing bounds checking before copying the data to a fixed-size buffer provided by the underlying OpenSSL library.
8.1 (High)
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:2c3c6f149c673cfd68cb5cc62f75bb75480a8d4f4470a7de93191bca1cc0f253_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:593f1bf28190a411fde00fc5bedf5ca4059b0213b7c3e6455c205aa18ad7d7d5_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:9ad34f2c10bd76352bd771579118ffdcc2a2138a0d1aecae4867b5772cd56814_s390x | — |
Vendor Fix
fix
Workaround
|
Known not affected
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:9830eae6b8589e5a4a2e50d201a33f6e9b64ac3b04d7d045d7fd812609fde97a_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:b8f34f08a7a695f6ccf9b88e6c2ce1f1cae76f98d9005588424b0ef8a58f4549_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:bad2d6be0381249da08576fc6e733dd51cb30a0997b17b512c19a39b0e30df08_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:d201aa07519a56ee384d8ce004ff97ff4dcade74fed273dd5e731a0ce249c021_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6a8c24949c45070e83a5d492e7235969b2a241a37649baea8d8af48d8444f0db_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:787fc4e689380b857b2a4e62d2950952f97117b65cd84d033f2e8e8e9b28ef19_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:78aeb71e263279f23deaacb546676aa3739365e6581b3a2d8f1846339ec68f6f_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8b22279c558993df180f6dce49f37a429804031963185415d70eafe4af1d5875_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:1b9ba50e0ed691c3f38bbfa1c979ad91ffbc618fea4ee91748412d941c53a5da_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:84a239c3762ffa42bde673f5e6715acabcafa67122ad8684b9c6672fc1300cea_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:c2d65b2417e8c05886b3cb50c7696ae83e04418aebc4dc6f6c96ecebe39991ac_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9b37a43bac0c38e9b7debf427890b9b664d93b2ccd8c4298e860b7ee89ee3c43_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6e0d179df39acec2ac05188366be788a84d35613145c24054a90656712108fe5_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a0d02b6a2c597aa278b5b512185ffc0dde7ea1769e1178907cd0dbe5b739309b_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d18d9c62d72faf3bf5388fa994dfe715a5f46d3a7ea5042952de7f1a750f297e_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:637054b16092a2f972f7da7c1d47c00f5f2ca670b464374d68cbeabd25db3889_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:048a42a26c19cbc973e36284a7a80018af580c97d7046bfc513e7cdfae45292f_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:132c4a7071f70729f971e7c258a60c8b2c6d6427adae3014acdb066fb3415cbb_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:3ae36f520f4560f23b7b4ecbe24fd9bfb6dc3199aaa0bed38dec7c381e5b4067_ppc64le | — |
Workaround
|
Threats
Impact
Important
A flaw was found in the DataRow.Decode function within the github.com/jackc/pgproto3/v2 component. A malicious or compromised PostgreSQL server can exploit this by sending a DataRow message containing a negative field length. This improper validation of field lengths leads to a "slice bounds out of range panic", resulting in a Denial of Service (DoS) for the affected application.
7.5 (High)
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:2c3c6f149c673cfd68cb5cc62f75bb75480a8d4f4470a7de93191bca1cc0f253_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:593f1bf28190a411fde00fc5bedf5ca4059b0213b7c3e6455c205aa18ad7d7d5_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:9ad34f2c10bd76352bd771579118ffdcc2a2138a0d1aecae4867b5772cd56814_s390x | — |
Vendor Fix
fix
Workaround
|
Known not affected
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:9830eae6b8589e5a4a2e50d201a33f6e9b64ac3b04d7d045d7fd812609fde97a_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:b8f34f08a7a695f6ccf9b88e6c2ce1f1cae76f98d9005588424b0ef8a58f4549_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:bad2d6be0381249da08576fc6e733dd51cb30a0997b17b512c19a39b0e30df08_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:d201aa07519a56ee384d8ce004ff97ff4dcade74fed273dd5e731a0ce249c021_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6a8c24949c45070e83a5d492e7235969b2a241a37649baea8d8af48d8444f0db_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:787fc4e689380b857b2a4e62d2950952f97117b65cd84d033f2e8e8e9b28ef19_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:78aeb71e263279f23deaacb546676aa3739365e6581b3a2d8f1846339ec68f6f_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8b22279c558993df180f6dce49f37a429804031963185415d70eafe4af1d5875_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:1b9ba50e0ed691c3f38bbfa1c979ad91ffbc618fea4ee91748412d941c53a5da_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:84a239c3762ffa42bde673f5e6715acabcafa67122ad8684b9c6672fc1300cea_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:c2d65b2417e8c05886b3cb50c7696ae83e04418aebc4dc6f6c96ecebe39991ac_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9b37a43bac0c38e9b7debf427890b9b664d93b2ccd8c4298e860b7ee89ee3c43_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6e0d179df39acec2ac05188366be788a84d35613145c24054a90656712108fe5_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a0d02b6a2c597aa278b5b512185ffc0dde7ea1769e1178907cd0dbe5b739309b_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d18d9c62d72faf3bf5388fa994dfe715a5f46d3a7ea5042952de7f1a750f297e_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:637054b16092a2f972f7da7c1d47c00f5f2ca670b464374d68cbeabd25db3889_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:048a42a26c19cbc973e36284a7a80018af580c97d7046bfc513e7cdfae45292f_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:132c4a7071f70729f971e7c258a60c8b2c6d6427adae3014acdb066fb3415cbb_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:3ae36f520f4560f23b7b4ecbe24fd9bfb6dc3199aaa0bed38dec7c381e5b4067_ppc64le | — |
Workaround
|
Threats
Impact
Important
A flaw was found in gRPC-Go, the Go language implementation of gRPC. This vulnerability, an authorization bypass, is caused by improper input validation of the HTTP/2 `:path` pseudo-header. A remote attacker can exploit this by sending raw HTTP/2 frames with a malformed `:path` that omits the mandatory leading slash. This allows the attacker to bypass defined security policies, potentially leading to unauthorized access to services or information disclosure.
9.1 (Critical)
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:2c3c6f149c673cfd68cb5cc62f75bb75480a8d4f4470a7de93191bca1cc0f253_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:593f1bf28190a411fde00fc5bedf5ca4059b0213b7c3e6455c205aa18ad7d7d5_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:9ad34f2c10bd76352bd771579118ffdcc2a2138a0d1aecae4867b5772cd56814_s390x | — |
Vendor Fix
fix
Workaround
|
Known not affected
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:9830eae6b8589e5a4a2e50d201a33f6e9b64ac3b04d7d045d7fd812609fde97a_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:b8f34f08a7a695f6ccf9b88e6c2ce1f1cae76f98d9005588424b0ef8a58f4549_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:bad2d6be0381249da08576fc6e733dd51cb30a0997b17b512c19a39b0e30df08_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:d201aa07519a56ee384d8ce004ff97ff4dcade74fed273dd5e731a0ce249c021_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6a8c24949c45070e83a5d492e7235969b2a241a37649baea8d8af48d8444f0db_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:787fc4e689380b857b2a4e62d2950952f97117b65cd84d033f2e8e8e9b28ef19_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:78aeb71e263279f23deaacb546676aa3739365e6581b3a2d8f1846339ec68f6f_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8b22279c558993df180f6dce49f37a429804031963185415d70eafe4af1d5875_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:1b9ba50e0ed691c3f38bbfa1c979ad91ffbc618fea4ee91748412d941c53a5da_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:84a239c3762ffa42bde673f5e6715acabcafa67122ad8684b9c6672fc1300cea_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:c2d65b2417e8c05886b3cb50c7696ae83e04418aebc4dc6f6c96ecebe39991ac_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9b37a43bac0c38e9b7debf427890b9b664d93b2ccd8c4298e860b7ee89ee3c43_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6e0d179df39acec2ac05188366be788a84d35613145c24054a90656712108fe5_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a0d02b6a2c597aa278b5b512185ffc0dde7ea1769e1178907cd0dbe5b739309b_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d18d9c62d72faf3bf5388fa994dfe715a5f46d3a7ea5042952de7f1a750f297e_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:637054b16092a2f972f7da7c1d47c00f5f2ca670b464374d68cbeabd25db3889_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:048a42a26c19cbc973e36284a7a80018af580c97d7046bfc513e7cdfae45292f_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:132c4a7071f70729f971e7c258a60c8b2c6d6427adae3014acdb066fb3415cbb_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:3ae36f520f4560f23b7b4ecbe24fd9bfb6dc3199aaa0bed38dec7c381e5b4067_ppc64le | — |
Workaround
|
Threats
Impact
Important
A flaw was found in Go JOSE, a library for handling JSON Web Encryption (JWE) objects. A remote attacker could exploit this vulnerability by providing a specially crafted JWE object. When decrypting such an object, if a key wrapping algorithm is specified but the encrypted key field is empty, the application can crash. This leads to a denial of service (DoS), making the affected service unavailable to legitimate users.
7.5 (High)
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:2c3c6f149c673cfd68cb5cc62f75bb75480a8d4f4470a7de93191bca1cc0f253_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:593f1bf28190a411fde00fc5bedf5ca4059b0213b7c3e6455c205aa18ad7d7d5_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:9ad34f2c10bd76352bd771579118ffdcc2a2138a0d1aecae4867b5772cd56814_s390x | — |
Vendor Fix
fix
Workaround
|
Known not affected
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:9830eae6b8589e5a4a2e50d201a33f6e9b64ac3b04d7d045d7fd812609fde97a_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:b8f34f08a7a695f6ccf9b88e6c2ce1f1cae76f98d9005588424b0ef8a58f4549_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:bad2d6be0381249da08576fc6e733dd51cb30a0997b17b512c19a39b0e30df08_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:d201aa07519a56ee384d8ce004ff97ff4dcade74fed273dd5e731a0ce249c021_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6a8c24949c45070e83a5d492e7235969b2a241a37649baea8d8af48d8444f0db_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:787fc4e689380b857b2a4e62d2950952f97117b65cd84d033f2e8e8e9b28ef19_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:78aeb71e263279f23deaacb546676aa3739365e6581b3a2d8f1846339ec68f6f_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8b22279c558993df180f6dce49f37a429804031963185415d70eafe4af1d5875_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:1b9ba50e0ed691c3f38bbfa1c979ad91ffbc618fea4ee91748412d941c53a5da_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:84a239c3762ffa42bde673f5e6715acabcafa67122ad8684b9c6672fc1300cea_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:c2d65b2417e8c05886b3cb50c7696ae83e04418aebc4dc6f6c96ecebe39991ac_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9b37a43bac0c38e9b7debf427890b9b664d93b2ccd8c4298e860b7ee89ee3c43_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6e0d179df39acec2ac05188366be788a84d35613145c24054a90656712108fe5_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a0d02b6a2c597aa278b5b512185ffc0dde7ea1769e1178907cd0dbe5b739309b_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d18d9c62d72faf3bf5388fa994dfe715a5f46d3a7ea5042952de7f1a750f297e_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:637054b16092a2f972f7da7c1d47c00f5f2ca670b464374d68cbeabd25db3889_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:048a42a26c19cbc973e36284a7a80018af580c97d7046bfc513e7cdfae45292f_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:132c4a7071f70729f971e7c258a60c8b2c6d6427adae3014acdb066fb3415cbb_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:3ae36f520f4560f23b7b4ecbe24fd9bfb6dc3199aaa0bed38dec7c381e5b4067_ppc64le | — |
Workaround
|
Threats
Impact
Important
References
44 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat Quay 3.9.21 is now available with bug fixes.",
"title": "Topic"
},
{
"category": "general",
"text": "Quay 3.9.21",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:11996",
"url": "https://access.redhat.com/errata/RHSA-2026:11996"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-25679",
"url": "https://access.redhat.com/security/cve/CVE-2026-25679"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-27459",
"url": "https://access.redhat.com/security/cve/CVE-2026-27459"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-32286",
"url": "https://access.redhat.com/security/cve/CVE-2026-32286"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-33186",
"url": "https://access.redhat.com/security/cve/CVE-2026-33186"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-34986",
"url": "https://access.redhat.com/security/cve/CVE-2026-34986"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-4427",
"url": "https://access.redhat.com/security/cve/CVE-2026-4427"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_11996.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Quay 3.9.21",
"tracking": {
"current_release_date": "2026-06-27T14:37:50+00:00",
"generator": {
"date": "2026-06-27T14:37:50+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.2.6"
}
},
"id": "RHSA-2026:11996",
"initial_release_date": "2026-04-30T01:20:06+00:00",
"revision_history": [
{
"date": "2026-04-30T01:20:06+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-04-30T01:20:15+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-27T14:37:50+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Quay 3.9",
"product": {
"name": "Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:quay:3.9::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat Quay"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9b37a43bac0c38e9b7debf427890b9b664d93b2ccd8c4298e860b7ee89ee3c43_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9b37a43bac0c38e9b7debf427890b9b664d93b2ccd8c4298e860b7ee89ee3c43_amd64",
"product_id": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9b37a43bac0c38e9b7debf427890b9b664d93b2ccd8c4298e860b7ee89ee3c43_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-bundle@sha256%3A9b37a43bac0c38e9b7debf427890b9b664d93b2ccd8c4298e860b7ee89ee3c43?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1776963375"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6e0d179df39acec2ac05188366be788a84d35613145c24054a90656712108fe5_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6e0d179df39acec2ac05188366be788a84d35613145c24054a90656712108fe5_amd64",
"product_id": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6e0d179df39acec2ac05188366be788a84d35613145c24054a90656712108fe5_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-rhel8@sha256%3A6e0d179df39acec2ac05188366be788a84d35613145c24054a90656712108fe5?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1776962931"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:d201aa07519a56ee384d8ce004ff97ff4dcade74fed273dd5e731a0ce249c021_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:d201aa07519a56ee384d8ce004ff97ff4dcade74fed273dd5e731a0ce249c021_amd64",
"product_id": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:d201aa07519a56ee384d8ce004ff97ff4dcade74fed273dd5e731a0ce249c021_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-bundle@sha256%3Ad201aa07519a56ee384d8ce004ff97ff4dcade74fed273dd5e731a0ce249c021?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1776956601"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:787fc4e689380b857b2a4e62d2950952f97117b65cd84d033f2e8e8e9b28ef19_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:787fc4e689380b857b2a4e62d2950952f97117b65cd84d033f2e8e8e9b28ef19_amd64",
"product_id": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:787fc4e689380b857b2a4e62d2950952f97117b65cd84d033f2e8e8e9b28ef19_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-rhel8@sha256%3A787fc4e689380b857b2a4e62d2950952f97117b65cd84d033f2e8e8e9b28ef19?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1776956008"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8b22279c558993df180f6dce49f37a429804031963185415d70eafe4af1d5875_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8b22279c558993df180f6dce49f37a429804031963185415d70eafe4af1d5875_amd64",
"product_id": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8b22279c558993df180f6dce49f37a429804031963185415d70eafe4af1d5875_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-qemu-rhcos-rhel8@sha256%3A8b22279c558993df180f6dce49f37a429804031963185415d70eafe4af1d5875?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1776705943"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:1b9ba50e0ed691c3f38bbfa1c979ad91ffbc618fea4ee91748412d941c53a5da_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:1b9ba50e0ed691c3f38bbfa1c979ad91ffbc618fea4ee91748412d941c53a5da_amd64",
"product_id": "registry.redhat.io/quay/quay-builder-rhel8@sha256:1b9ba50e0ed691c3f38bbfa1c979ad91ffbc618fea4ee91748412d941c53a5da_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-rhel8@sha256%3A1b9ba50e0ed691c3f38bbfa1c979ad91ffbc618fea4ee91748412d941c53a5da?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1777327525"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/clair-rhel8@sha256:9830eae6b8589e5a4a2e50d201a33f6e9b64ac3b04d7d045d7fd812609fde97a_amd64",
"product": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:9830eae6b8589e5a4a2e50d201a33f6e9b64ac3b04d7d045d7fd812609fde97a_amd64",
"product_id": "registry.redhat.io/quay/clair-rhel8@sha256:9830eae6b8589e5a4a2e50d201a33f6e9b64ac3b04d7d045d7fd812609fde97a_amd64",
"product_identification_helper": {
"purl": "pkg:oci/clair-rhel8@sha256%3A9830eae6b8589e5a4a2e50d201a33f6e9b64ac3b04d7d045d7fd812609fde97a?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1776705534"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-operator-bundle@sha256:637054b16092a2f972f7da7c1d47c00f5f2ca670b464374d68cbeabd25db3889_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-operator-bundle@sha256:637054b16092a2f972f7da7c1d47c00f5f2ca670b464374d68cbeabd25db3889_amd64",
"product_id": "registry.redhat.io/quay/quay-operator-bundle@sha256:637054b16092a2f972f7da7c1d47c00f5f2ca670b464374d68cbeabd25db3889_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-bundle@sha256%3A637054b16092a2f972f7da7c1d47c00f5f2ca670b464374d68cbeabd25db3889?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1777328140"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:132c4a7071f70729f971e7c258a60c8b2c6d6427adae3014acdb066fb3415cbb_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:132c4a7071f70729f971e7c258a60c8b2c6d6427adae3014acdb066fb3415cbb_amd64",
"product_id": "registry.redhat.io/quay/quay-operator-rhel8@sha256:132c4a7071f70729f971e7c258a60c8b2c6d6427adae3014acdb066fb3415cbb_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-rhel8@sha256%3A132c4a7071f70729f971e7c258a60c8b2c6d6427adae3014acdb066fb3415cbb?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1776908959"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-rhel8@sha256:593f1bf28190a411fde00fc5bedf5ca4059b0213b7c3e6455c205aa18ad7d7d5_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:593f1bf28190a411fde00fc5bedf5ca4059b0213b7c3e6455c205aa18ad7d7d5_amd64",
"product_id": "registry.redhat.io/quay/quay-rhel8@sha256:593f1bf28190a411fde00fc5bedf5ca4059b0213b7c3e6455c205aa18ad7d7d5_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-rhel8@sha256%3A593f1bf28190a411fde00fc5bedf5ca4059b0213b7c3e6455c205aa18ad7d7d5?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1776782369"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a0d02b6a2c597aa278b5b512185ffc0dde7ea1769e1178907cd0dbe5b739309b_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a0d02b6a2c597aa278b5b512185ffc0dde7ea1769e1178907cd0dbe5b739309b_ppc64le",
"product_id": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a0d02b6a2c597aa278b5b512185ffc0dde7ea1769e1178907cd0dbe5b739309b_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-rhel8@sha256%3Aa0d02b6a2c597aa278b5b512185ffc0dde7ea1769e1178907cd0dbe5b739309b?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=1776962931"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:78aeb71e263279f23deaacb546676aa3739365e6581b3a2d8f1846339ec68f6f_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:78aeb71e263279f23deaacb546676aa3739365e6581b3a2d8f1846339ec68f6f_ppc64le",
"product_id": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:78aeb71e263279f23deaacb546676aa3739365e6581b3a2d8f1846339ec68f6f_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-rhel8@sha256%3A78aeb71e263279f23deaacb546676aa3739365e6581b3a2d8f1846339ec68f6f?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=1776956008"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:84a239c3762ffa42bde673f5e6715acabcafa67122ad8684b9c6672fc1300cea_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:84a239c3762ffa42bde673f5e6715acabcafa67122ad8684b9c6672fc1300cea_ppc64le",
"product_id": "registry.redhat.io/quay/quay-builder-rhel8@sha256:84a239c3762ffa42bde673f5e6715acabcafa67122ad8684b9c6672fc1300cea_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-rhel8@sha256%3A84a239c3762ffa42bde673f5e6715acabcafa67122ad8684b9c6672fc1300cea?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=1777327525"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/clair-rhel8@sha256:b8f34f08a7a695f6ccf9b88e6c2ce1f1cae76f98d9005588424b0ef8a58f4549_ppc64le",
"product": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:b8f34f08a7a695f6ccf9b88e6c2ce1f1cae76f98d9005588424b0ef8a58f4549_ppc64le",
"product_id": "registry.redhat.io/quay/clair-rhel8@sha256:b8f34f08a7a695f6ccf9b88e6c2ce1f1cae76f98d9005588424b0ef8a58f4549_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/clair-rhel8@sha256%3Ab8f34f08a7a695f6ccf9b88e6c2ce1f1cae76f98d9005588424b0ef8a58f4549?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=1776705534"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:3ae36f520f4560f23b7b4ecbe24fd9bfb6dc3199aaa0bed38dec7c381e5b4067_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:3ae36f520f4560f23b7b4ecbe24fd9bfb6dc3199aaa0bed38dec7c381e5b4067_ppc64le",
"product_id": "registry.redhat.io/quay/quay-operator-rhel8@sha256:3ae36f520f4560f23b7b4ecbe24fd9bfb6dc3199aaa0bed38dec7c381e5b4067_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-rhel8@sha256%3A3ae36f520f4560f23b7b4ecbe24fd9bfb6dc3199aaa0bed38dec7c381e5b4067?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=1776908959"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-rhel8@sha256:2c3c6f149c673cfd68cb5cc62f75bb75480a8d4f4470a7de93191bca1cc0f253_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:2c3c6f149c673cfd68cb5cc62f75bb75480a8d4f4470a7de93191bca1cc0f253_ppc64le",
"product_id": "registry.redhat.io/quay/quay-rhel8@sha256:2c3c6f149c673cfd68cb5cc62f75bb75480a8d4f4470a7de93191bca1cc0f253_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-rhel8@sha256%3A2c3c6f149c673cfd68cb5cc62f75bb75480a8d4f4470a7de93191bca1cc0f253?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=1776782369"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d18d9c62d72faf3bf5388fa994dfe715a5f46d3a7ea5042952de7f1a750f297e_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d18d9c62d72faf3bf5388fa994dfe715a5f46d3a7ea5042952de7f1a750f297e_s390x",
"product_id": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d18d9c62d72faf3bf5388fa994dfe715a5f46d3a7ea5042952de7f1a750f297e_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-rhel8@sha256%3Ad18d9c62d72faf3bf5388fa994dfe715a5f46d3a7ea5042952de7f1a750f297e?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=1776962931"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6a8c24949c45070e83a5d492e7235969b2a241a37649baea8d8af48d8444f0db_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6a8c24949c45070e83a5d492e7235969b2a241a37649baea8d8af48d8444f0db_s390x",
"product_id": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6a8c24949c45070e83a5d492e7235969b2a241a37649baea8d8af48d8444f0db_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-rhel8@sha256%3A6a8c24949c45070e83a5d492e7235969b2a241a37649baea8d8af48d8444f0db?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=1776956008"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:c2d65b2417e8c05886b3cb50c7696ae83e04418aebc4dc6f6c96ecebe39991ac_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:c2d65b2417e8c05886b3cb50c7696ae83e04418aebc4dc6f6c96ecebe39991ac_s390x",
"product_id": "registry.redhat.io/quay/quay-builder-rhel8@sha256:c2d65b2417e8c05886b3cb50c7696ae83e04418aebc4dc6f6c96ecebe39991ac_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-rhel8@sha256%3Ac2d65b2417e8c05886b3cb50c7696ae83e04418aebc4dc6f6c96ecebe39991ac?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=1777327525"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/clair-rhel8@sha256:bad2d6be0381249da08576fc6e733dd51cb30a0997b17b512c19a39b0e30df08_s390x",
"product": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:bad2d6be0381249da08576fc6e733dd51cb30a0997b17b512c19a39b0e30df08_s390x",
"product_id": "registry.redhat.io/quay/clair-rhel8@sha256:bad2d6be0381249da08576fc6e733dd51cb30a0997b17b512c19a39b0e30df08_s390x",
"product_identification_helper": {
"purl": "pkg:oci/clair-rhel8@sha256%3Abad2d6be0381249da08576fc6e733dd51cb30a0997b17b512c19a39b0e30df08?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=1776705534"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:048a42a26c19cbc973e36284a7a80018af580c97d7046bfc513e7cdfae45292f_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:048a42a26c19cbc973e36284a7a80018af580c97d7046bfc513e7cdfae45292f_s390x",
"product_id": "registry.redhat.io/quay/quay-operator-rhel8@sha256:048a42a26c19cbc973e36284a7a80018af580c97d7046bfc513e7cdfae45292f_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-rhel8@sha256%3A048a42a26c19cbc973e36284a7a80018af580c97d7046bfc513e7cdfae45292f?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=1776908959"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-rhel8@sha256:9ad34f2c10bd76352bd771579118ffdcc2a2138a0d1aecae4867b5772cd56814_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:9ad34f2c10bd76352bd771579118ffdcc2a2138a0d1aecae4867b5772cd56814_s390x",
"product_id": "registry.redhat.io/quay/quay-rhel8@sha256:9ad34f2c10bd76352bd771579118ffdcc2a2138a0d1aecae4867b5772cd56814_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-rhel8@sha256%3A9ad34f2c10bd76352bd771579118ffdcc2a2138a0d1aecae4867b5772cd56814?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=1776782369"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:9830eae6b8589e5a4a2e50d201a33f6e9b64ac3b04d7d045d7fd812609fde97a_amd64 as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:9830eae6b8589e5a4a2e50d201a33f6e9b64ac3b04d7d045d7fd812609fde97a_amd64"
},
"product_reference": "registry.redhat.io/quay/clair-rhel8@sha256:9830eae6b8589e5a4a2e50d201a33f6e9b64ac3b04d7d045d7fd812609fde97a_amd64",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:b8f34f08a7a695f6ccf9b88e6c2ce1f1cae76f98d9005588424b0ef8a58f4549_ppc64le as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:b8f34f08a7a695f6ccf9b88e6c2ce1f1cae76f98d9005588424b0ef8a58f4549_ppc64le"
},
"product_reference": "registry.redhat.io/quay/clair-rhel8@sha256:b8f34f08a7a695f6ccf9b88e6c2ce1f1cae76f98d9005588424b0ef8a58f4549_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:bad2d6be0381249da08576fc6e733dd51cb30a0997b17b512c19a39b0e30df08_s390x as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:bad2d6be0381249da08576fc6e733dd51cb30a0997b17b512c19a39b0e30df08_s390x"
},
"product_reference": "registry.redhat.io/quay/clair-rhel8@sha256:bad2d6be0381249da08576fc6e733dd51cb30a0997b17b512c19a39b0e30df08_s390x",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:d201aa07519a56ee384d8ce004ff97ff4dcade74fed273dd5e731a0ce249c021_amd64 as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:d201aa07519a56ee384d8ce004ff97ff4dcade74fed273dd5e731a0ce249c021_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:d201aa07519a56ee384d8ce004ff97ff4dcade74fed273dd5e731a0ce249c021_amd64",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6a8c24949c45070e83a5d492e7235969b2a241a37649baea8d8af48d8444f0db_s390x as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6a8c24949c45070e83a5d492e7235969b2a241a37649baea8d8af48d8444f0db_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6a8c24949c45070e83a5d492e7235969b2a241a37649baea8d8af48d8444f0db_s390x",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:787fc4e689380b857b2a4e62d2950952f97117b65cd84d033f2e8e8e9b28ef19_amd64 as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:787fc4e689380b857b2a4e62d2950952f97117b65cd84d033f2e8e8e9b28ef19_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:787fc4e689380b857b2a4e62d2950952f97117b65cd84d033f2e8e8e9b28ef19_amd64",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:78aeb71e263279f23deaacb546676aa3739365e6581b3a2d8f1846339ec68f6f_ppc64le as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:78aeb71e263279f23deaacb546676aa3739365e6581b3a2d8f1846339ec68f6f_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:78aeb71e263279f23deaacb546676aa3739365e6581b3a2d8f1846339ec68f6f_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8b22279c558993df180f6dce49f37a429804031963185415d70eafe4af1d5875_amd64 as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8b22279c558993df180f6dce49f37a429804031963185415d70eafe4af1d5875_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8b22279c558993df180f6dce49f37a429804031963185415d70eafe4af1d5875_amd64",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:1b9ba50e0ed691c3f38bbfa1c979ad91ffbc618fea4ee91748412d941c53a5da_amd64 as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:1b9ba50e0ed691c3f38bbfa1c979ad91ffbc618fea4ee91748412d941c53a5da_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-builder-rhel8@sha256:1b9ba50e0ed691c3f38bbfa1c979ad91ffbc618fea4ee91748412d941c53a5da_amd64",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:84a239c3762ffa42bde673f5e6715acabcafa67122ad8684b9c6672fc1300cea_ppc64le as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:84a239c3762ffa42bde673f5e6715acabcafa67122ad8684b9c6672fc1300cea_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-builder-rhel8@sha256:84a239c3762ffa42bde673f5e6715acabcafa67122ad8684b9c6672fc1300cea_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:c2d65b2417e8c05886b3cb50c7696ae83e04418aebc4dc6f6c96ecebe39991ac_s390x as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:c2d65b2417e8c05886b3cb50c7696ae83e04418aebc4dc6f6c96ecebe39991ac_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-builder-rhel8@sha256:c2d65b2417e8c05886b3cb50c7696ae83e04418aebc4dc6f6c96ecebe39991ac_s390x",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9b37a43bac0c38e9b7debf427890b9b664d93b2ccd8c4298e860b7ee89ee3c43_amd64 as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9b37a43bac0c38e9b7debf427890b9b664d93b2ccd8c4298e860b7ee89ee3c43_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9b37a43bac0c38e9b7debf427890b9b664d93b2ccd8c4298e860b7ee89ee3c43_amd64",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6e0d179df39acec2ac05188366be788a84d35613145c24054a90656712108fe5_amd64 as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6e0d179df39acec2ac05188366be788a84d35613145c24054a90656712108fe5_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6e0d179df39acec2ac05188366be788a84d35613145c24054a90656712108fe5_amd64",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a0d02b6a2c597aa278b5b512185ffc0dde7ea1769e1178907cd0dbe5b739309b_ppc64le as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a0d02b6a2c597aa278b5b512185ffc0dde7ea1769e1178907cd0dbe5b739309b_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a0d02b6a2c597aa278b5b512185ffc0dde7ea1769e1178907cd0dbe5b739309b_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d18d9c62d72faf3bf5388fa994dfe715a5f46d3a7ea5042952de7f1a750f297e_s390x as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d18d9c62d72faf3bf5388fa994dfe715a5f46d3a7ea5042952de7f1a750f297e_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d18d9c62d72faf3bf5388fa994dfe715a5f46d3a7ea5042952de7f1a750f297e_s390x",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-operator-bundle@sha256:637054b16092a2f972f7da7c1d47c00f5f2ca670b464374d68cbeabd25db3889_amd64 as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:637054b16092a2f972f7da7c1d47c00f5f2ca670b464374d68cbeabd25db3889_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-operator-bundle@sha256:637054b16092a2f972f7da7c1d47c00f5f2ca670b464374d68cbeabd25db3889_amd64",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:048a42a26c19cbc973e36284a7a80018af580c97d7046bfc513e7cdfae45292f_s390x as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:048a42a26c19cbc973e36284a7a80018af580c97d7046bfc513e7cdfae45292f_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-operator-rhel8@sha256:048a42a26c19cbc973e36284a7a80018af580c97d7046bfc513e7cdfae45292f_s390x",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:132c4a7071f70729f971e7c258a60c8b2c6d6427adae3014acdb066fb3415cbb_amd64 as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:132c4a7071f70729f971e7c258a60c8b2c6d6427adae3014acdb066fb3415cbb_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-operator-rhel8@sha256:132c4a7071f70729f971e7c258a60c8b2c6d6427adae3014acdb066fb3415cbb_amd64",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:3ae36f520f4560f23b7b4ecbe24fd9bfb6dc3199aaa0bed38dec7c381e5b4067_ppc64le as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:3ae36f520f4560f23b7b4ecbe24fd9bfb6dc3199aaa0bed38dec7c381e5b4067_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-operator-rhel8@sha256:3ae36f520f4560f23b7b4ecbe24fd9bfb6dc3199aaa0bed38dec7c381e5b4067_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:2c3c6f149c673cfd68cb5cc62f75bb75480a8d4f4470a7de93191bca1cc0f253_ppc64le as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:2c3c6f149c673cfd68cb5cc62f75bb75480a8d4f4470a7de93191bca1cc0f253_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-rhel8@sha256:2c3c6f149c673cfd68cb5cc62f75bb75480a8d4f4470a7de93191bca1cc0f253_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:593f1bf28190a411fde00fc5bedf5ca4059b0213b7c3e6455c205aa18ad7d7d5_amd64 as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:593f1bf28190a411fde00fc5bedf5ca4059b0213b7c3e6455c205aa18ad7d7d5_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-rhel8@sha256:593f1bf28190a411fde00fc5bedf5ca4059b0213b7c3e6455c205aa18ad7d7d5_amd64",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:9ad34f2c10bd76352bd771579118ffdcc2a2138a0d1aecae4867b5772cd56814_s390x as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:9ad34f2c10bd76352bd771579118ffdcc2a2138a0d1aecae4867b5772cd56814_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-rhel8@sha256:9ad34f2c10bd76352bd771579118ffdcc2a2138a0d1aecae4867b5772cd56814_s390x",
"relates_to_product_reference": "Red Hat Quay 3.9"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-4427",
"discovery_date": "2026-03-18T14:02:19.414820+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:9830eae6b8589e5a4a2e50d201a33f6e9b64ac3b04d7d045d7fd812609fde97a_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:b8f34f08a7a695f6ccf9b88e6c2ce1f1cae76f98d9005588424b0ef8a58f4549_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:bad2d6be0381249da08576fc6e733dd51cb30a0997b17b512c19a39b0e30df08_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:d201aa07519a56ee384d8ce004ff97ff4dcade74fed273dd5e731a0ce249c021_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6a8c24949c45070e83a5d492e7235969b2a241a37649baea8d8af48d8444f0db_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:787fc4e689380b857b2a4e62d2950952f97117b65cd84d033f2e8e8e9b28ef19_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:78aeb71e263279f23deaacb546676aa3739365e6581b3a2d8f1846339ec68f6f_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8b22279c558993df180f6dce49f37a429804031963185415d70eafe4af1d5875_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:1b9ba50e0ed691c3f38bbfa1c979ad91ffbc618fea4ee91748412d941c53a5da_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:84a239c3762ffa42bde673f5e6715acabcafa67122ad8684b9c6672fc1300cea_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:c2d65b2417e8c05886b3cb50c7696ae83e04418aebc4dc6f6c96ecebe39991ac_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9b37a43bac0c38e9b7debf427890b9b664d93b2ccd8c4298e860b7ee89ee3c43_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6e0d179df39acec2ac05188366be788a84d35613145c24054a90656712108fe5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a0d02b6a2c597aa278b5b512185ffc0dde7ea1769e1178907cd0dbe5b739309b_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d18d9c62d72faf3bf5388fa994dfe715a5f46d3a7ea5042952de7f1a750f297e_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:637054b16092a2f972f7da7c1d47c00f5f2ca670b464374d68cbeabd25db3889_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:048a42a26c19cbc973e36284a7a80018af580c97d7046bfc513e7cdfae45292f_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:132c4a7071f70729f971e7c258a60c8b2c6d6427adae3014acdb066fb3415cbb_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:3ae36f520f4560f23b7b4ecbe24fd9bfb6dc3199aaa0bed38dec7c381e5b4067_ppc64le"
]
}
],
"notes": [
{
"category": "description",
"text": "No description is available for this CVE.",
"title": "Vulnerability description"
},
{
"category": "other",
"text": "This CVE has been marked as Rejected by the assigning CNA.",
"title": "Statement"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:2c3c6f149c673cfd68cb5cc62f75bb75480a8d4f4470a7de93191bca1cc0f253_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:593f1bf28190a411fde00fc5bedf5ca4059b0213b7c3e6455c205aa18ad7d7d5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:9ad34f2c10bd76352bd771579118ffdcc2a2138a0d1aecae4867b5772cd56814_s390x"
],
"known_not_affected": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:9830eae6b8589e5a4a2e50d201a33f6e9b64ac3b04d7d045d7fd812609fde97a_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:b8f34f08a7a695f6ccf9b88e6c2ce1f1cae76f98d9005588424b0ef8a58f4549_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:bad2d6be0381249da08576fc6e733dd51cb30a0997b17b512c19a39b0e30df08_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:d201aa07519a56ee384d8ce004ff97ff4dcade74fed273dd5e731a0ce249c021_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6a8c24949c45070e83a5d492e7235969b2a241a37649baea8d8af48d8444f0db_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:787fc4e689380b857b2a4e62d2950952f97117b65cd84d033f2e8e8e9b28ef19_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:78aeb71e263279f23deaacb546676aa3739365e6581b3a2d8f1846339ec68f6f_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8b22279c558993df180f6dce49f37a429804031963185415d70eafe4af1d5875_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:1b9ba50e0ed691c3f38bbfa1c979ad91ffbc618fea4ee91748412d941c53a5da_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:84a239c3762ffa42bde673f5e6715acabcafa67122ad8684b9c6672fc1300cea_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:c2d65b2417e8c05886b3cb50c7696ae83e04418aebc4dc6f6c96ecebe39991ac_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9b37a43bac0c38e9b7debf427890b9b664d93b2ccd8c4298e860b7ee89ee3c43_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6e0d179df39acec2ac05188366be788a84d35613145c24054a90656712108fe5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a0d02b6a2c597aa278b5b512185ffc0dde7ea1769e1178907cd0dbe5b739309b_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d18d9c62d72faf3bf5388fa994dfe715a5f46d3a7ea5042952de7f1a750f297e_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:637054b16092a2f972f7da7c1d47c00f5f2ca670b464374d68cbeabd25db3889_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:048a42a26c19cbc973e36284a7a80018af580c97d7046bfc513e7cdfae45292f_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:132c4a7071f70729f971e7c258a60c8b2c6d6427adae3014acdb066fb3415cbb_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:3ae36f520f4560f23b7b4ecbe24fd9bfb6dc3199aaa0bed38dec7c381e5b4067_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-4427"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-4427",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4427"
}
],
"release_date": "2026-03-18T13:00:31+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-30T01:20:06+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:2c3c6f149c673cfd68cb5cc62f75bb75480a8d4f4470a7de93191bca1cc0f253_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:593f1bf28190a411fde00fc5bedf5ca4059b0213b7c3e6455c205aa18ad7d7d5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:9ad34f2c10bd76352bd771579118ffdcc2a2138a0d1aecae4867b5772cd56814_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:11996"
}
],
"title": "github.com/jackc/pgproto3: pgproto3: Denial of Service via negative field length in DataRow message"
},
{
"cve": "CVE-2026-25679",
"cwe": {
"id": "CWE-1286",
"name": "Improper Validation of Syntactic Correctness of Input"
},
"discovery_date": "2026-03-06T22:02:11.567841+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:9830eae6b8589e5a4a2e50d201a33f6e9b64ac3b04d7d045d7fd812609fde97a_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:b8f34f08a7a695f6ccf9b88e6c2ce1f1cae76f98d9005588424b0ef8a58f4549_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:bad2d6be0381249da08576fc6e733dd51cb30a0997b17b512c19a39b0e30df08_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:d201aa07519a56ee384d8ce004ff97ff4dcade74fed273dd5e731a0ce249c021_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6a8c24949c45070e83a5d492e7235969b2a241a37649baea8d8af48d8444f0db_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:787fc4e689380b857b2a4e62d2950952f97117b65cd84d033f2e8e8e9b28ef19_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:78aeb71e263279f23deaacb546676aa3739365e6581b3a2d8f1846339ec68f6f_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8b22279c558993df180f6dce49f37a429804031963185415d70eafe4af1d5875_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:1b9ba50e0ed691c3f38bbfa1c979ad91ffbc618fea4ee91748412d941c53a5da_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:84a239c3762ffa42bde673f5e6715acabcafa67122ad8684b9c6672fc1300cea_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:c2d65b2417e8c05886b3cb50c7696ae83e04418aebc4dc6f6c96ecebe39991ac_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9b37a43bac0c38e9b7debf427890b9b664d93b2ccd8c4298e860b7ee89ee3c43_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6e0d179df39acec2ac05188366be788a84d35613145c24054a90656712108fe5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a0d02b6a2c597aa278b5b512185ffc0dde7ea1769e1178907cd0dbe5b739309b_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d18d9c62d72faf3bf5388fa994dfe715a5f46d3a7ea5042952de7f1a750f297e_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:637054b16092a2f972f7da7c1d47c00f5f2ca670b464374d68cbeabd25db3889_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:048a42a26c19cbc973e36284a7a80018af580c97d7046bfc513e7cdfae45292f_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:132c4a7071f70729f971e7c258a60c8b2c6d6427adae3014acdb066fb3415cbb_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:3ae36f520f4560f23b7b4ecbe24fd9bfb6dc3199aaa0bed38dec7c381e5b4067_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2445356"
}
],
"notes": [
{
"category": "description",
"text": "The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "net/url: Incorrect parsing of IPv6 host literals in net/url",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:2c3c6f149c673cfd68cb5cc62f75bb75480a8d4f4470a7de93191bca1cc0f253_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:593f1bf28190a411fde00fc5bedf5ca4059b0213b7c3e6455c205aa18ad7d7d5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:9ad34f2c10bd76352bd771579118ffdcc2a2138a0d1aecae4867b5772cd56814_s390x"
],
"known_not_affected": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:9830eae6b8589e5a4a2e50d201a33f6e9b64ac3b04d7d045d7fd812609fde97a_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:b8f34f08a7a695f6ccf9b88e6c2ce1f1cae76f98d9005588424b0ef8a58f4549_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:bad2d6be0381249da08576fc6e733dd51cb30a0997b17b512c19a39b0e30df08_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:d201aa07519a56ee384d8ce004ff97ff4dcade74fed273dd5e731a0ce249c021_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6a8c24949c45070e83a5d492e7235969b2a241a37649baea8d8af48d8444f0db_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:787fc4e689380b857b2a4e62d2950952f97117b65cd84d033f2e8e8e9b28ef19_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:78aeb71e263279f23deaacb546676aa3739365e6581b3a2d8f1846339ec68f6f_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8b22279c558993df180f6dce49f37a429804031963185415d70eafe4af1d5875_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:1b9ba50e0ed691c3f38bbfa1c979ad91ffbc618fea4ee91748412d941c53a5da_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:84a239c3762ffa42bde673f5e6715acabcafa67122ad8684b9c6672fc1300cea_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:c2d65b2417e8c05886b3cb50c7696ae83e04418aebc4dc6f6c96ecebe39991ac_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9b37a43bac0c38e9b7debf427890b9b664d93b2ccd8c4298e860b7ee89ee3c43_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6e0d179df39acec2ac05188366be788a84d35613145c24054a90656712108fe5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a0d02b6a2c597aa278b5b512185ffc0dde7ea1769e1178907cd0dbe5b739309b_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d18d9c62d72faf3bf5388fa994dfe715a5f46d3a7ea5042952de7f1a750f297e_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:637054b16092a2f972f7da7c1d47c00f5f2ca670b464374d68cbeabd25db3889_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:048a42a26c19cbc973e36284a7a80018af580c97d7046bfc513e7cdfae45292f_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:132c4a7071f70729f971e7c258a60c8b2c6d6427adae3014acdb066fb3415cbb_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:3ae36f520f4560f23b7b4ecbe24fd9bfb6dc3199aaa0bed38dec7c381e5b4067_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-25679"
},
{
"category": "external",
"summary": "RHBZ#2445356",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445356"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-25679",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25679"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-25679",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25679"
},
{
"category": "external",
"summary": "https://go.dev/cl/752180",
"url": "https://go.dev/cl/752180"
},
{
"category": "external",
"summary": "https://go.dev/issue/77578",
"url": "https://go.dev/issue/77578"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk",
"url": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4601",
"url": "https://pkg.go.dev/vuln/GO-2026-4601"
}
],
"release_date": "2026-03-06T21:28:14.211000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-30T01:20:06+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:2c3c6f149c673cfd68cb5cc62f75bb75480a8d4f4470a7de93191bca1cc0f253_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:593f1bf28190a411fde00fc5bedf5ca4059b0213b7c3e6455c205aa18ad7d7d5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:9ad34f2c10bd76352bd771579118ffdcc2a2138a0d1aecae4867b5772cd56814_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:11996"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:9830eae6b8589e5a4a2e50d201a33f6e9b64ac3b04d7d045d7fd812609fde97a_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:b8f34f08a7a695f6ccf9b88e6c2ce1f1cae76f98d9005588424b0ef8a58f4549_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:bad2d6be0381249da08576fc6e733dd51cb30a0997b17b512c19a39b0e30df08_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:d201aa07519a56ee384d8ce004ff97ff4dcade74fed273dd5e731a0ce249c021_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6a8c24949c45070e83a5d492e7235969b2a241a37649baea8d8af48d8444f0db_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:787fc4e689380b857b2a4e62d2950952f97117b65cd84d033f2e8e8e9b28ef19_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:78aeb71e263279f23deaacb546676aa3739365e6581b3a2d8f1846339ec68f6f_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8b22279c558993df180f6dce49f37a429804031963185415d70eafe4af1d5875_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:1b9ba50e0ed691c3f38bbfa1c979ad91ffbc618fea4ee91748412d941c53a5da_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:84a239c3762ffa42bde673f5e6715acabcafa67122ad8684b9c6672fc1300cea_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:c2d65b2417e8c05886b3cb50c7696ae83e04418aebc4dc6f6c96ecebe39991ac_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9b37a43bac0c38e9b7debf427890b9b664d93b2ccd8c4298e860b7ee89ee3c43_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6e0d179df39acec2ac05188366be788a84d35613145c24054a90656712108fe5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a0d02b6a2c597aa278b5b512185ffc0dde7ea1769e1178907cd0dbe5b739309b_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d18d9c62d72faf3bf5388fa994dfe715a5f46d3a7ea5042952de7f1a750f297e_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:637054b16092a2f972f7da7c1d47c00f5f2ca670b464374d68cbeabd25db3889_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:048a42a26c19cbc973e36284a7a80018af580c97d7046bfc513e7cdfae45292f_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:132c4a7071f70729f971e7c258a60c8b2c6d6427adae3014acdb066fb3415cbb_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:3ae36f520f4560f23b7b4ecbe24fd9bfb6dc3199aaa0bed38dec7c381e5b4067_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:2c3c6f149c673cfd68cb5cc62f75bb75480a8d4f4470a7de93191bca1cc0f253_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:593f1bf28190a411fde00fc5bedf5ca4059b0213b7c3e6455c205aa18ad7d7d5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:9ad34f2c10bd76352bd771579118ffdcc2a2138a0d1aecae4867b5772cd56814_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:9830eae6b8589e5a4a2e50d201a33f6e9b64ac3b04d7d045d7fd812609fde97a_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:b8f34f08a7a695f6ccf9b88e6c2ce1f1cae76f98d9005588424b0ef8a58f4549_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:bad2d6be0381249da08576fc6e733dd51cb30a0997b17b512c19a39b0e30df08_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:d201aa07519a56ee384d8ce004ff97ff4dcade74fed273dd5e731a0ce249c021_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6a8c24949c45070e83a5d492e7235969b2a241a37649baea8d8af48d8444f0db_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:787fc4e689380b857b2a4e62d2950952f97117b65cd84d033f2e8e8e9b28ef19_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:78aeb71e263279f23deaacb546676aa3739365e6581b3a2d8f1846339ec68f6f_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8b22279c558993df180f6dce49f37a429804031963185415d70eafe4af1d5875_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:1b9ba50e0ed691c3f38bbfa1c979ad91ffbc618fea4ee91748412d941c53a5da_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:84a239c3762ffa42bde673f5e6715acabcafa67122ad8684b9c6672fc1300cea_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:c2d65b2417e8c05886b3cb50c7696ae83e04418aebc4dc6f6c96ecebe39991ac_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9b37a43bac0c38e9b7debf427890b9b664d93b2ccd8c4298e860b7ee89ee3c43_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6e0d179df39acec2ac05188366be788a84d35613145c24054a90656712108fe5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a0d02b6a2c597aa278b5b512185ffc0dde7ea1769e1178907cd0dbe5b739309b_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d18d9c62d72faf3bf5388fa994dfe715a5f46d3a7ea5042952de7f1a750f297e_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:637054b16092a2f972f7da7c1d47c00f5f2ca670b464374d68cbeabd25db3889_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:048a42a26c19cbc973e36284a7a80018af580c97d7046bfc513e7cdfae45292f_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:132c4a7071f70729f971e7c258a60c8b2c6d6427adae3014acdb066fb3415cbb_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:3ae36f520f4560f23b7b4ecbe24fd9bfb6dc3199aaa0bed38dec7c381e5b4067_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:2c3c6f149c673cfd68cb5cc62f75bb75480a8d4f4470a7de93191bca1cc0f253_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:593f1bf28190a411fde00fc5bedf5ca4059b0213b7c3e6455c205aa18ad7d7d5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:9ad34f2c10bd76352bd771579118ffdcc2a2138a0d1aecae4867b5772cd56814_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "net/url: Incorrect parsing of IPv6 host literals in net/url"
},
{
"cve": "CVE-2026-27459",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"discovery_date": "2026-03-18T00:01:41.404915+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:9830eae6b8589e5a4a2e50d201a33f6e9b64ac3b04d7d045d7fd812609fde97a_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:b8f34f08a7a695f6ccf9b88e6c2ce1f1cae76f98d9005588424b0ef8a58f4549_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:bad2d6be0381249da08576fc6e733dd51cb30a0997b17b512c19a39b0e30df08_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:d201aa07519a56ee384d8ce004ff97ff4dcade74fed273dd5e731a0ce249c021_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6a8c24949c45070e83a5d492e7235969b2a241a37649baea8d8af48d8444f0db_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:787fc4e689380b857b2a4e62d2950952f97117b65cd84d033f2e8e8e9b28ef19_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:78aeb71e263279f23deaacb546676aa3739365e6581b3a2d8f1846339ec68f6f_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8b22279c558993df180f6dce49f37a429804031963185415d70eafe4af1d5875_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:1b9ba50e0ed691c3f38bbfa1c979ad91ffbc618fea4ee91748412d941c53a5da_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:84a239c3762ffa42bde673f5e6715acabcafa67122ad8684b9c6672fc1300cea_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:c2d65b2417e8c05886b3cb50c7696ae83e04418aebc4dc6f6c96ecebe39991ac_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9b37a43bac0c38e9b7debf427890b9b664d93b2ccd8c4298e860b7ee89ee3c43_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6e0d179df39acec2ac05188366be788a84d35613145c24054a90656712108fe5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a0d02b6a2c597aa278b5b512185ffc0dde7ea1769e1178907cd0dbe5b739309b_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d18d9c62d72faf3bf5388fa994dfe715a5f46d3a7ea5042952de7f1a750f297e_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:637054b16092a2f972f7da7c1d47c00f5f2ca670b464374d68cbeabd25db3889_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:048a42a26c19cbc973e36284a7a80018af580c97d7046bfc513e7cdfae45292f_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:132c4a7071f70729f971e7c258a60c8b2c6d6427adae3014acdb066fb3415cbb_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:3ae36f520f4560f23b7b4ecbe24fd9bfb6dc3199aaa0bed38dec7c381e5b4067_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2448503"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in pyOpenSSL. The set_cookie_generate_callback callback function can be used to generate DTLS cookies. When the callback returns a cookie string or byte sequence longer than 256 bytes, a buffer overflow can be triggered due to a missing bounds checking before copying the data to a fixed-size buffer provided by the underlying OpenSSL library.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "pyOpenSSL: DTLS cookie callback buffer overflow",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw is only exploitable when an application using the pyOpenSSL library provides a custom callback to the set_cookie_generate_callback function. For the buffer overflow to occur, the callback function must return a cookie string or byte sequence longer than 256 bytes, limiting the exposure of this issue. Due to these reasons, this vulnerability has been rated with an important severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:2c3c6f149c673cfd68cb5cc62f75bb75480a8d4f4470a7de93191bca1cc0f253_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:593f1bf28190a411fde00fc5bedf5ca4059b0213b7c3e6455c205aa18ad7d7d5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:9ad34f2c10bd76352bd771579118ffdcc2a2138a0d1aecae4867b5772cd56814_s390x"
],
"known_not_affected": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:9830eae6b8589e5a4a2e50d201a33f6e9b64ac3b04d7d045d7fd812609fde97a_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:b8f34f08a7a695f6ccf9b88e6c2ce1f1cae76f98d9005588424b0ef8a58f4549_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:bad2d6be0381249da08576fc6e733dd51cb30a0997b17b512c19a39b0e30df08_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:d201aa07519a56ee384d8ce004ff97ff4dcade74fed273dd5e731a0ce249c021_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6a8c24949c45070e83a5d492e7235969b2a241a37649baea8d8af48d8444f0db_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:787fc4e689380b857b2a4e62d2950952f97117b65cd84d033f2e8e8e9b28ef19_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:78aeb71e263279f23deaacb546676aa3739365e6581b3a2d8f1846339ec68f6f_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8b22279c558993df180f6dce49f37a429804031963185415d70eafe4af1d5875_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:1b9ba50e0ed691c3f38bbfa1c979ad91ffbc618fea4ee91748412d941c53a5da_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:84a239c3762ffa42bde673f5e6715acabcafa67122ad8684b9c6672fc1300cea_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:c2d65b2417e8c05886b3cb50c7696ae83e04418aebc4dc6f6c96ecebe39991ac_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9b37a43bac0c38e9b7debf427890b9b664d93b2ccd8c4298e860b7ee89ee3c43_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6e0d179df39acec2ac05188366be788a84d35613145c24054a90656712108fe5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a0d02b6a2c597aa278b5b512185ffc0dde7ea1769e1178907cd0dbe5b739309b_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d18d9c62d72faf3bf5388fa994dfe715a5f46d3a7ea5042952de7f1a750f297e_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:637054b16092a2f972f7da7c1d47c00f5f2ca670b464374d68cbeabd25db3889_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:048a42a26c19cbc973e36284a7a80018af580c97d7046bfc513e7cdfae45292f_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:132c4a7071f70729f971e7c258a60c8b2c6d6427adae3014acdb066fb3415cbb_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:3ae36f520f4560f23b7b4ecbe24fd9bfb6dc3199aaa0bed38dec7c381e5b4067_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-27459"
},
{
"category": "external",
"summary": "RHBZ#2448503",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448503"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-27459",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27459"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-27459",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27459"
},
{
"category": "external",
"summary": "https://github.com/pyca/pyopenssl/blob/358cbf29c4e364c59930e53a270116249581eaa3/CHANGELOG.rst",
"url": "https://github.com/pyca/pyopenssl/blob/358cbf29c4e364c59930e53a270116249581eaa3/CHANGELOG.rst"
},
{
"category": "external",
"summary": "https://github.com/pyca/pyopenssl/commit/57f09bb4bb051d3bc2a1abd36e9525313d5cd408",
"url": "https://github.com/pyca/pyopenssl/commit/57f09bb4bb051d3bc2a1abd36e9525313d5cd408"
},
{
"category": "external",
"summary": "https://github.com/pyca/pyopenssl/security/advisories/GHSA-5pwr-322w-8jr4",
"url": "https://github.com/pyca/pyopenssl/security/advisories/GHSA-5pwr-322w-8jr4"
}
],
"release_date": "2026-03-17T23:34:28.483000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-30T01:20:06+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:2c3c6f149c673cfd68cb5cc62f75bb75480a8d4f4470a7de93191bca1cc0f253_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:593f1bf28190a411fde00fc5bedf5ca4059b0213b7c3e6455c205aa18ad7d7d5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:9ad34f2c10bd76352bd771579118ffdcc2a2138a0d1aecae4867b5772cd56814_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:11996"
},
{
"category": "workaround",
"details": "To mitigate this flaw, ensure the callback provided to the set_cookie_generate_callback function strictly limits the returned cookie string or byte sequence to under 256 bytes.",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:9830eae6b8589e5a4a2e50d201a33f6e9b64ac3b04d7d045d7fd812609fde97a_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:b8f34f08a7a695f6ccf9b88e6c2ce1f1cae76f98d9005588424b0ef8a58f4549_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:bad2d6be0381249da08576fc6e733dd51cb30a0997b17b512c19a39b0e30df08_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:d201aa07519a56ee384d8ce004ff97ff4dcade74fed273dd5e731a0ce249c021_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6a8c24949c45070e83a5d492e7235969b2a241a37649baea8d8af48d8444f0db_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:787fc4e689380b857b2a4e62d2950952f97117b65cd84d033f2e8e8e9b28ef19_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:78aeb71e263279f23deaacb546676aa3739365e6581b3a2d8f1846339ec68f6f_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8b22279c558993df180f6dce49f37a429804031963185415d70eafe4af1d5875_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:1b9ba50e0ed691c3f38bbfa1c979ad91ffbc618fea4ee91748412d941c53a5da_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:84a239c3762ffa42bde673f5e6715acabcafa67122ad8684b9c6672fc1300cea_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:c2d65b2417e8c05886b3cb50c7696ae83e04418aebc4dc6f6c96ecebe39991ac_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9b37a43bac0c38e9b7debf427890b9b664d93b2ccd8c4298e860b7ee89ee3c43_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6e0d179df39acec2ac05188366be788a84d35613145c24054a90656712108fe5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a0d02b6a2c597aa278b5b512185ffc0dde7ea1769e1178907cd0dbe5b739309b_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d18d9c62d72faf3bf5388fa994dfe715a5f46d3a7ea5042952de7f1a750f297e_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:637054b16092a2f972f7da7c1d47c00f5f2ca670b464374d68cbeabd25db3889_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:048a42a26c19cbc973e36284a7a80018af580c97d7046bfc513e7cdfae45292f_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:132c4a7071f70729f971e7c258a60c8b2c6d6427adae3014acdb066fb3415cbb_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:3ae36f520f4560f23b7b4ecbe24fd9bfb6dc3199aaa0bed38dec7c381e5b4067_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:2c3c6f149c673cfd68cb5cc62f75bb75480a8d4f4470a7de93191bca1cc0f253_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:593f1bf28190a411fde00fc5bedf5ca4059b0213b7c3e6455c205aa18ad7d7d5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:9ad34f2c10bd76352bd771579118ffdcc2a2138a0d1aecae4867b5772cd56814_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:9830eae6b8589e5a4a2e50d201a33f6e9b64ac3b04d7d045d7fd812609fde97a_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:b8f34f08a7a695f6ccf9b88e6c2ce1f1cae76f98d9005588424b0ef8a58f4549_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:bad2d6be0381249da08576fc6e733dd51cb30a0997b17b512c19a39b0e30df08_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:d201aa07519a56ee384d8ce004ff97ff4dcade74fed273dd5e731a0ce249c021_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6a8c24949c45070e83a5d492e7235969b2a241a37649baea8d8af48d8444f0db_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:787fc4e689380b857b2a4e62d2950952f97117b65cd84d033f2e8e8e9b28ef19_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:78aeb71e263279f23deaacb546676aa3739365e6581b3a2d8f1846339ec68f6f_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8b22279c558993df180f6dce49f37a429804031963185415d70eafe4af1d5875_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:1b9ba50e0ed691c3f38bbfa1c979ad91ffbc618fea4ee91748412d941c53a5da_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:84a239c3762ffa42bde673f5e6715acabcafa67122ad8684b9c6672fc1300cea_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:c2d65b2417e8c05886b3cb50c7696ae83e04418aebc4dc6f6c96ecebe39991ac_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9b37a43bac0c38e9b7debf427890b9b664d93b2ccd8c4298e860b7ee89ee3c43_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6e0d179df39acec2ac05188366be788a84d35613145c24054a90656712108fe5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a0d02b6a2c597aa278b5b512185ffc0dde7ea1769e1178907cd0dbe5b739309b_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d18d9c62d72faf3bf5388fa994dfe715a5f46d3a7ea5042952de7f1a750f297e_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:637054b16092a2f972f7da7c1d47c00f5f2ca670b464374d68cbeabd25db3889_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:048a42a26c19cbc973e36284a7a80018af580c97d7046bfc513e7cdfae45292f_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:132c4a7071f70729f971e7c258a60c8b2c6d6427adae3014acdb066fb3415cbb_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:3ae36f520f4560f23b7b4ecbe24fd9bfb6dc3199aaa0bed38dec7c381e5b4067_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:2c3c6f149c673cfd68cb5cc62f75bb75480a8d4f4470a7de93191bca1cc0f253_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:593f1bf28190a411fde00fc5bedf5ca4059b0213b7c3e6455c205aa18ad7d7d5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:9ad34f2c10bd76352bd771579118ffdcc2a2138a0d1aecae4867b5772cd56814_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "pyOpenSSL: DTLS cookie callback buffer overflow"
},
{
"cve": "CVE-2026-32286",
"cwe": {
"id": "CWE-1285",
"name": "Improper Validation of Specified Index, Position, or Offset in Input"
},
"discovery_date": "2026-03-26T20:01:59.226117+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:9830eae6b8589e5a4a2e50d201a33f6e9b64ac3b04d7d045d7fd812609fde97a_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:b8f34f08a7a695f6ccf9b88e6c2ce1f1cae76f98d9005588424b0ef8a58f4549_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:bad2d6be0381249da08576fc6e733dd51cb30a0997b17b512c19a39b0e30df08_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:d201aa07519a56ee384d8ce004ff97ff4dcade74fed273dd5e731a0ce249c021_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6a8c24949c45070e83a5d492e7235969b2a241a37649baea8d8af48d8444f0db_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:787fc4e689380b857b2a4e62d2950952f97117b65cd84d033f2e8e8e9b28ef19_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:78aeb71e263279f23deaacb546676aa3739365e6581b3a2d8f1846339ec68f6f_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8b22279c558993df180f6dce49f37a429804031963185415d70eafe4af1d5875_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:1b9ba50e0ed691c3f38bbfa1c979ad91ffbc618fea4ee91748412d941c53a5da_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:84a239c3762ffa42bde673f5e6715acabcafa67122ad8684b9c6672fc1300cea_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:c2d65b2417e8c05886b3cb50c7696ae83e04418aebc4dc6f6c96ecebe39991ac_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9b37a43bac0c38e9b7debf427890b9b664d93b2ccd8c4298e860b7ee89ee3c43_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6e0d179df39acec2ac05188366be788a84d35613145c24054a90656712108fe5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a0d02b6a2c597aa278b5b512185ffc0dde7ea1769e1178907cd0dbe5b739309b_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d18d9c62d72faf3bf5388fa994dfe715a5f46d3a7ea5042952de7f1a750f297e_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:637054b16092a2f972f7da7c1d47c00f5f2ca670b464374d68cbeabd25db3889_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:048a42a26c19cbc973e36284a7a80018af580c97d7046bfc513e7cdfae45292f_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:132c4a7071f70729f971e7c258a60c8b2c6d6427adae3014acdb066fb3415cbb_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:3ae36f520f4560f23b7b4ecbe24fd9bfb6dc3199aaa0bed38dec7c381e5b4067_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2451847"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the DataRow.Decode function within the github.com/jackc/pgproto3/v2 component. A malicious or compromised PostgreSQL server can exploit this by sending a DataRow message containing a negative field length. This improper validation of field lengths leads to a \"slice bounds out of range panic\", resulting in a Denial of Service (DoS) for the affected application.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "github.com/jackc/pgproto3/v2: github.com/jackc/pgproto3/v2: Denial of Service via malicious PostgreSQL server",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The PostgreSQL server multicluster-globalhub-manager connects to is either provisioned by the operator itself or specified by the admin managing the deployment. To successfully exploit the vulnerability in this context the attacker would need to compromise the operator-deployed PostgreSQL server to force a crafted malicious DataRow message or they would need to have the privileges required to modify the operator-provisioned deployment or configure globalhub-manager to use a compromised/malicious \u201cBYO Postgres\u201d server.\n\nThe first scenario (compromising a legitimate PostgreSQL server) would change Attack Complexity from Low to High resulting in an adjusted CVSS v3.1 score of 5.9 (Moderate)\nThe other scenarios (manipulating the operator provisioned-deployment or configuring the globalhub-manager to use a malicious server) would maintain AC:L but would require privileged access. This would change Privileges Required from None to High resulting in an adjusted CVSS v3.1 score of 4.9 (Moderate)\n\nBased on the above the Impact Rating for multicluster-globalhub-manager-rhel9 is Moderate.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:2c3c6f149c673cfd68cb5cc62f75bb75480a8d4f4470a7de93191bca1cc0f253_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:593f1bf28190a411fde00fc5bedf5ca4059b0213b7c3e6455c205aa18ad7d7d5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:9ad34f2c10bd76352bd771579118ffdcc2a2138a0d1aecae4867b5772cd56814_s390x"
],
"known_not_affected": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:9830eae6b8589e5a4a2e50d201a33f6e9b64ac3b04d7d045d7fd812609fde97a_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:b8f34f08a7a695f6ccf9b88e6c2ce1f1cae76f98d9005588424b0ef8a58f4549_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:bad2d6be0381249da08576fc6e733dd51cb30a0997b17b512c19a39b0e30df08_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:d201aa07519a56ee384d8ce004ff97ff4dcade74fed273dd5e731a0ce249c021_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6a8c24949c45070e83a5d492e7235969b2a241a37649baea8d8af48d8444f0db_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:787fc4e689380b857b2a4e62d2950952f97117b65cd84d033f2e8e8e9b28ef19_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:78aeb71e263279f23deaacb546676aa3739365e6581b3a2d8f1846339ec68f6f_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8b22279c558993df180f6dce49f37a429804031963185415d70eafe4af1d5875_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:1b9ba50e0ed691c3f38bbfa1c979ad91ffbc618fea4ee91748412d941c53a5da_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:84a239c3762ffa42bde673f5e6715acabcafa67122ad8684b9c6672fc1300cea_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:c2d65b2417e8c05886b3cb50c7696ae83e04418aebc4dc6f6c96ecebe39991ac_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9b37a43bac0c38e9b7debf427890b9b664d93b2ccd8c4298e860b7ee89ee3c43_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6e0d179df39acec2ac05188366be788a84d35613145c24054a90656712108fe5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a0d02b6a2c597aa278b5b512185ffc0dde7ea1769e1178907cd0dbe5b739309b_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d18d9c62d72faf3bf5388fa994dfe715a5f46d3a7ea5042952de7f1a750f297e_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:637054b16092a2f972f7da7c1d47c00f5f2ca670b464374d68cbeabd25db3889_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:048a42a26c19cbc973e36284a7a80018af580c97d7046bfc513e7cdfae45292f_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:132c4a7071f70729f971e7c258a60c8b2c6d6427adae3014acdb066fb3415cbb_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:3ae36f520f4560f23b7b4ecbe24fd9bfb6dc3199aaa0bed38dec7c381e5b4067_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-32286"
},
{
"category": "external",
"summary": "RHBZ#2451847",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451847"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-32286",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32286"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32286",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32286"
},
{
"category": "external",
"summary": "https://github.com/golang/vulndb/issues/4518",
"url": "https://github.com/golang/vulndb/issues/4518"
},
{
"category": "external",
"summary": "https://github.com/jackc/pgx/issues/2507",
"url": "https://github.com/jackc/pgx/issues/2507"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4518",
"url": "https://pkg.go.dev/vuln/GO-2026-4518"
}
],
"release_date": "2026-03-26T19:40:51.974000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-30T01:20:06+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:2c3c6f149c673cfd68cb5cc62f75bb75480a8d4f4470a7de93191bca1cc0f253_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:593f1bf28190a411fde00fc5bedf5ca4059b0213b7c3e6455c205aa18ad7d7d5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:9ad34f2c10bd76352bd771579118ffdcc2a2138a0d1aecae4867b5772cd56814_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:11996"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:9830eae6b8589e5a4a2e50d201a33f6e9b64ac3b04d7d045d7fd812609fde97a_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:b8f34f08a7a695f6ccf9b88e6c2ce1f1cae76f98d9005588424b0ef8a58f4549_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:bad2d6be0381249da08576fc6e733dd51cb30a0997b17b512c19a39b0e30df08_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:d201aa07519a56ee384d8ce004ff97ff4dcade74fed273dd5e731a0ce249c021_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6a8c24949c45070e83a5d492e7235969b2a241a37649baea8d8af48d8444f0db_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:787fc4e689380b857b2a4e62d2950952f97117b65cd84d033f2e8e8e9b28ef19_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:78aeb71e263279f23deaacb546676aa3739365e6581b3a2d8f1846339ec68f6f_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8b22279c558993df180f6dce49f37a429804031963185415d70eafe4af1d5875_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:1b9ba50e0ed691c3f38bbfa1c979ad91ffbc618fea4ee91748412d941c53a5da_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:84a239c3762ffa42bde673f5e6715acabcafa67122ad8684b9c6672fc1300cea_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:c2d65b2417e8c05886b3cb50c7696ae83e04418aebc4dc6f6c96ecebe39991ac_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9b37a43bac0c38e9b7debf427890b9b664d93b2ccd8c4298e860b7ee89ee3c43_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6e0d179df39acec2ac05188366be788a84d35613145c24054a90656712108fe5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a0d02b6a2c597aa278b5b512185ffc0dde7ea1769e1178907cd0dbe5b739309b_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d18d9c62d72faf3bf5388fa994dfe715a5f46d3a7ea5042952de7f1a750f297e_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:637054b16092a2f972f7da7c1d47c00f5f2ca670b464374d68cbeabd25db3889_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:048a42a26c19cbc973e36284a7a80018af580c97d7046bfc513e7cdfae45292f_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:132c4a7071f70729f971e7c258a60c8b2c6d6427adae3014acdb066fb3415cbb_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:3ae36f520f4560f23b7b4ecbe24fd9bfb6dc3199aaa0bed38dec7c381e5b4067_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:2c3c6f149c673cfd68cb5cc62f75bb75480a8d4f4470a7de93191bca1cc0f253_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:593f1bf28190a411fde00fc5bedf5ca4059b0213b7c3e6455c205aa18ad7d7d5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:9ad34f2c10bd76352bd771579118ffdcc2a2138a0d1aecae4867b5772cd56814_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:9830eae6b8589e5a4a2e50d201a33f6e9b64ac3b04d7d045d7fd812609fde97a_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:b8f34f08a7a695f6ccf9b88e6c2ce1f1cae76f98d9005588424b0ef8a58f4549_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:bad2d6be0381249da08576fc6e733dd51cb30a0997b17b512c19a39b0e30df08_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:d201aa07519a56ee384d8ce004ff97ff4dcade74fed273dd5e731a0ce249c021_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6a8c24949c45070e83a5d492e7235969b2a241a37649baea8d8af48d8444f0db_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:787fc4e689380b857b2a4e62d2950952f97117b65cd84d033f2e8e8e9b28ef19_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:78aeb71e263279f23deaacb546676aa3739365e6581b3a2d8f1846339ec68f6f_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8b22279c558993df180f6dce49f37a429804031963185415d70eafe4af1d5875_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:1b9ba50e0ed691c3f38bbfa1c979ad91ffbc618fea4ee91748412d941c53a5da_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:84a239c3762ffa42bde673f5e6715acabcafa67122ad8684b9c6672fc1300cea_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:c2d65b2417e8c05886b3cb50c7696ae83e04418aebc4dc6f6c96ecebe39991ac_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9b37a43bac0c38e9b7debf427890b9b664d93b2ccd8c4298e860b7ee89ee3c43_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6e0d179df39acec2ac05188366be788a84d35613145c24054a90656712108fe5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a0d02b6a2c597aa278b5b512185ffc0dde7ea1769e1178907cd0dbe5b739309b_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d18d9c62d72faf3bf5388fa994dfe715a5f46d3a7ea5042952de7f1a750f297e_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:637054b16092a2f972f7da7c1d47c00f5f2ca670b464374d68cbeabd25db3889_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:048a42a26c19cbc973e36284a7a80018af580c97d7046bfc513e7cdfae45292f_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:132c4a7071f70729f971e7c258a60c8b2c6d6427adae3014acdb066fb3415cbb_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:3ae36f520f4560f23b7b4ecbe24fd9bfb6dc3199aaa0bed38dec7c381e5b4067_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:2c3c6f149c673cfd68cb5cc62f75bb75480a8d4f4470a7de93191bca1cc0f253_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:593f1bf28190a411fde00fc5bedf5ca4059b0213b7c3e6455c205aa18ad7d7d5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:9ad34f2c10bd76352bd771579118ffdcc2a2138a0d1aecae4867b5772cd56814_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "github.com/jackc/pgproto3/v2: github.com/jackc/pgproto3/v2: Denial of Service via malicious PostgreSQL server"
},
{
"cve": "CVE-2026-33186",
"cwe": {
"id": "CWE-551",
"name": "Incorrect Behavior Order: Authorization Before Parsing and Canonicalization"
},
"discovery_date": "2026-03-20T23:02:27.802640+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:9830eae6b8589e5a4a2e50d201a33f6e9b64ac3b04d7d045d7fd812609fde97a_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:b8f34f08a7a695f6ccf9b88e6c2ce1f1cae76f98d9005588424b0ef8a58f4549_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:bad2d6be0381249da08576fc6e733dd51cb30a0997b17b512c19a39b0e30df08_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:d201aa07519a56ee384d8ce004ff97ff4dcade74fed273dd5e731a0ce249c021_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6a8c24949c45070e83a5d492e7235969b2a241a37649baea8d8af48d8444f0db_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:787fc4e689380b857b2a4e62d2950952f97117b65cd84d033f2e8e8e9b28ef19_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:78aeb71e263279f23deaacb546676aa3739365e6581b3a2d8f1846339ec68f6f_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8b22279c558993df180f6dce49f37a429804031963185415d70eafe4af1d5875_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:1b9ba50e0ed691c3f38bbfa1c979ad91ffbc618fea4ee91748412d941c53a5da_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:84a239c3762ffa42bde673f5e6715acabcafa67122ad8684b9c6672fc1300cea_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:c2d65b2417e8c05886b3cb50c7696ae83e04418aebc4dc6f6c96ecebe39991ac_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9b37a43bac0c38e9b7debf427890b9b664d93b2ccd8c4298e860b7ee89ee3c43_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6e0d179df39acec2ac05188366be788a84d35613145c24054a90656712108fe5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a0d02b6a2c597aa278b5b512185ffc0dde7ea1769e1178907cd0dbe5b739309b_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d18d9c62d72faf3bf5388fa994dfe715a5f46d3a7ea5042952de7f1a750f297e_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:637054b16092a2f972f7da7c1d47c00f5f2ca670b464374d68cbeabd25db3889_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:048a42a26c19cbc973e36284a7a80018af580c97d7046bfc513e7cdfae45292f_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:132c4a7071f70729f971e7c258a60c8b2c6d6427adae3014acdb066fb3415cbb_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:3ae36f520f4560f23b7b4ecbe24fd9bfb6dc3199aaa0bed38dec7c381e5b4067_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2449833"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in gRPC-Go, the Go language implementation of gRPC. This vulnerability, an authorization bypass, is caused by improper input validation of the HTTP/2 `:path` pseudo-header. A remote attacker can exploit this by sending raw HTTP/2 frames with a malformed `:path` that omits the mandatory leading slash. This allows the attacker to bypass defined security policies, potentially leading to unauthorized access to services or information disclosure.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "google.golang.org/grpc/grpc-go: google.golang.org/grpc/authz: gRPC-Go: Authorization bypass due to improper HTTP/2 path validation",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:2c3c6f149c673cfd68cb5cc62f75bb75480a8d4f4470a7de93191bca1cc0f253_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:593f1bf28190a411fde00fc5bedf5ca4059b0213b7c3e6455c205aa18ad7d7d5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:9ad34f2c10bd76352bd771579118ffdcc2a2138a0d1aecae4867b5772cd56814_s390x"
],
"known_not_affected": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:9830eae6b8589e5a4a2e50d201a33f6e9b64ac3b04d7d045d7fd812609fde97a_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:b8f34f08a7a695f6ccf9b88e6c2ce1f1cae76f98d9005588424b0ef8a58f4549_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:bad2d6be0381249da08576fc6e733dd51cb30a0997b17b512c19a39b0e30df08_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:d201aa07519a56ee384d8ce004ff97ff4dcade74fed273dd5e731a0ce249c021_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6a8c24949c45070e83a5d492e7235969b2a241a37649baea8d8af48d8444f0db_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:787fc4e689380b857b2a4e62d2950952f97117b65cd84d033f2e8e8e9b28ef19_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:78aeb71e263279f23deaacb546676aa3739365e6581b3a2d8f1846339ec68f6f_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8b22279c558993df180f6dce49f37a429804031963185415d70eafe4af1d5875_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:1b9ba50e0ed691c3f38bbfa1c979ad91ffbc618fea4ee91748412d941c53a5da_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:84a239c3762ffa42bde673f5e6715acabcafa67122ad8684b9c6672fc1300cea_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:c2d65b2417e8c05886b3cb50c7696ae83e04418aebc4dc6f6c96ecebe39991ac_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9b37a43bac0c38e9b7debf427890b9b664d93b2ccd8c4298e860b7ee89ee3c43_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6e0d179df39acec2ac05188366be788a84d35613145c24054a90656712108fe5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a0d02b6a2c597aa278b5b512185ffc0dde7ea1769e1178907cd0dbe5b739309b_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d18d9c62d72faf3bf5388fa994dfe715a5f46d3a7ea5042952de7f1a750f297e_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:637054b16092a2f972f7da7c1d47c00f5f2ca670b464374d68cbeabd25db3889_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:048a42a26c19cbc973e36284a7a80018af580c97d7046bfc513e7cdfae45292f_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:132c4a7071f70729f971e7c258a60c8b2c6d6427adae3014acdb066fb3415cbb_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:3ae36f520f4560f23b7b4ecbe24fd9bfb6dc3199aaa0bed38dec7c381e5b4067_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-33186"
},
{
"category": "external",
"summary": "RHBZ#2449833",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2449833"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-33186",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33186"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-33186",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33186"
},
{
"category": "external",
"summary": "https://github.com/grpc/grpc-go/security/advisories/GHSA-p77j-4mvh-x3m3",
"url": "https://github.com/grpc/grpc-go/security/advisories/GHSA-p77j-4mvh-x3m3"
}
],
"release_date": "2026-03-20T22:23:32.147000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-30T01:20:06+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:2c3c6f149c673cfd68cb5cc62f75bb75480a8d4f4470a7de93191bca1cc0f253_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:593f1bf28190a411fde00fc5bedf5ca4059b0213b7c3e6455c205aa18ad7d7d5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:9ad34f2c10bd76352bd771579118ffdcc2a2138a0d1aecae4867b5772cd56814_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:11996"
},
{
"category": "workaround",
"details": "To mitigate this issue, implement infrastructure-level normalization to ensure all incoming HTTP/2 `:path` headers are properly formatted with a leading slash before reaching the gRPC-Go server. This can be achieved by configuring a reverse proxy or API gateway to validate and normalize the `:path` header. Ensure that any such intermediary is properly configured and restarted to apply the changes, which may temporarily impact service availability.",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:9830eae6b8589e5a4a2e50d201a33f6e9b64ac3b04d7d045d7fd812609fde97a_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:b8f34f08a7a695f6ccf9b88e6c2ce1f1cae76f98d9005588424b0ef8a58f4549_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:bad2d6be0381249da08576fc6e733dd51cb30a0997b17b512c19a39b0e30df08_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:d201aa07519a56ee384d8ce004ff97ff4dcade74fed273dd5e731a0ce249c021_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6a8c24949c45070e83a5d492e7235969b2a241a37649baea8d8af48d8444f0db_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:787fc4e689380b857b2a4e62d2950952f97117b65cd84d033f2e8e8e9b28ef19_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:78aeb71e263279f23deaacb546676aa3739365e6581b3a2d8f1846339ec68f6f_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8b22279c558993df180f6dce49f37a429804031963185415d70eafe4af1d5875_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:1b9ba50e0ed691c3f38bbfa1c979ad91ffbc618fea4ee91748412d941c53a5da_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:84a239c3762ffa42bde673f5e6715acabcafa67122ad8684b9c6672fc1300cea_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:c2d65b2417e8c05886b3cb50c7696ae83e04418aebc4dc6f6c96ecebe39991ac_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9b37a43bac0c38e9b7debf427890b9b664d93b2ccd8c4298e860b7ee89ee3c43_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6e0d179df39acec2ac05188366be788a84d35613145c24054a90656712108fe5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a0d02b6a2c597aa278b5b512185ffc0dde7ea1769e1178907cd0dbe5b739309b_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d18d9c62d72faf3bf5388fa994dfe715a5f46d3a7ea5042952de7f1a750f297e_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:637054b16092a2f972f7da7c1d47c00f5f2ca670b464374d68cbeabd25db3889_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:048a42a26c19cbc973e36284a7a80018af580c97d7046bfc513e7cdfae45292f_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:132c4a7071f70729f971e7c258a60c8b2c6d6427adae3014acdb066fb3415cbb_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:3ae36f520f4560f23b7b4ecbe24fd9bfb6dc3199aaa0bed38dec7c381e5b4067_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:2c3c6f149c673cfd68cb5cc62f75bb75480a8d4f4470a7de93191bca1cc0f253_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:593f1bf28190a411fde00fc5bedf5ca4059b0213b7c3e6455c205aa18ad7d7d5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:9ad34f2c10bd76352bd771579118ffdcc2a2138a0d1aecae4867b5772cd56814_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:9830eae6b8589e5a4a2e50d201a33f6e9b64ac3b04d7d045d7fd812609fde97a_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:b8f34f08a7a695f6ccf9b88e6c2ce1f1cae76f98d9005588424b0ef8a58f4549_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:bad2d6be0381249da08576fc6e733dd51cb30a0997b17b512c19a39b0e30df08_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:d201aa07519a56ee384d8ce004ff97ff4dcade74fed273dd5e731a0ce249c021_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6a8c24949c45070e83a5d492e7235969b2a241a37649baea8d8af48d8444f0db_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:787fc4e689380b857b2a4e62d2950952f97117b65cd84d033f2e8e8e9b28ef19_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:78aeb71e263279f23deaacb546676aa3739365e6581b3a2d8f1846339ec68f6f_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8b22279c558993df180f6dce49f37a429804031963185415d70eafe4af1d5875_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:1b9ba50e0ed691c3f38bbfa1c979ad91ffbc618fea4ee91748412d941c53a5da_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:84a239c3762ffa42bde673f5e6715acabcafa67122ad8684b9c6672fc1300cea_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:c2d65b2417e8c05886b3cb50c7696ae83e04418aebc4dc6f6c96ecebe39991ac_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9b37a43bac0c38e9b7debf427890b9b664d93b2ccd8c4298e860b7ee89ee3c43_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6e0d179df39acec2ac05188366be788a84d35613145c24054a90656712108fe5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a0d02b6a2c597aa278b5b512185ffc0dde7ea1769e1178907cd0dbe5b739309b_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d18d9c62d72faf3bf5388fa994dfe715a5f46d3a7ea5042952de7f1a750f297e_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:637054b16092a2f972f7da7c1d47c00f5f2ca670b464374d68cbeabd25db3889_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:048a42a26c19cbc973e36284a7a80018af580c97d7046bfc513e7cdfae45292f_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:132c4a7071f70729f971e7c258a60c8b2c6d6427adae3014acdb066fb3415cbb_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:3ae36f520f4560f23b7b4ecbe24fd9bfb6dc3199aaa0bed38dec7c381e5b4067_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:2c3c6f149c673cfd68cb5cc62f75bb75480a8d4f4470a7de93191bca1cc0f253_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:593f1bf28190a411fde00fc5bedf5ca4059b0213b7c3e6455c205aa18ad7d7d5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:9ad34f2c10bd76352bd771579118ffdcc2a2138a0d1aecae4867b5772cd56814_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "google.golang.org/grpc/grpc-go: google.golang.org/grpc/authz: gRPC-Go: Authorization bypass due to improper HTTP/2 path validation"
},
{
"cve": "CVE-2026-34986",
"cwe": {
"id": "CWE-131",
"name": "Incorrect Calculation of Buffer Size"
},
"discovery_date": "2026-04-06T17:01:34.639203+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:9830eae6b8589e5a4a2e50d201a33f6e9b64ac3b04d7d045d7fd812609fde97a_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:b8f34f08a7a695f6ccf9b88e6c2ce1f1cae76f98d9005588424b0ef8a58f4549_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:bad2d6be0381249da08576fc6e733dd51cb30a0997b17b512c19a39b0e30df08_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:d201aa07519a56ee384d8ce004ff97ff4dcade74fed273dd5e731a0ce249c021_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6a8c24949c45070e83a5d492e7235969b2a241a37649baea8d8af48d8444f0db_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:787fc4e689380b857b2a4e62d2950952f97117b65cd84d033f2e8e8e9b28ef19_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:78aeb71e263279f23deaacb546676aa3739365e6581b3a2d8f1846339ec68f6f_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8b22279c558993df180f6dce49f37a429804031963185415d70eafe4af1d5875_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:1b9ba50e0ed691c3f38bbfa1c979ad91ffbc618fea4ee91748412d941c53a5da_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:84a239c3762ffa42bde673f5e6715acabcafa67122ad8684b9c6672fc1300cea_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:c2d65b2417e8c05886b3cb50c7696ae83e04418aebc4dc6f6c96ecebe39991ac_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9b37a43bac0c38e9b7debf427890b9b664d93b2ccd8c4298e860b7ee89ee3c43_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6e0d179df39acec2ac05188366be788a84d35613145c24054a90656712108fe5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a0d02b6a2c597aa278b5b512185ffc0dde7ea1769e1178907cd0dbe5b739309b_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d18d9c62d72faf3bf5388fa994dfe715a5f46d3a7ea5042952de7f1a750f297e_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:637054b16092a2f972f7da7c1d47c00f5f2ca670b464374d68cbeabd25db3889_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:048a42a26c19cbc973e36284a7a80018af580c97d7046bfc513e7cdfae45292f_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:132c4a7071f70729f971e7c258a60c8b2c6d6427adae3014acdb066fb3415cbb_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:3ae36f520f4560f23b7b4ecbe24fd9bfb6dc3199aaa0bed38dec7c381e5b4067_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2455470"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Go JOSE, a library for handling JSON Web Encryption (JWE) objects. A remote attacker could exploit this vulnerability by providing a specially crafted JWE object. When decrypting such an object, if a key wrapping algorithm is specified but the encrypted key field is empty, the application can crash. This leads to a denial of service (DoS), making the affected service unavailable to legitimate users.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "github.com/go-jose/go-jose/v3: github.com/go-jose/go-jose/v4: Go JOSE: Denial of Service via crafted JSON Web Encryption (JWE) object",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:2c3c6f149c673cfd68cb5cc62f75bb75480a8d4f4470a7de93191bca1cc0f253_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:593f1bf28190a411fde00fc5bedf5ca4059b0213b7c3e6455c205aa18ad7d7d5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:9ad34f2c10bd76352bd771579118ffdcc2a2138a0d1aecae4867b5772cd56814_s390x"
],
"known_not_affected": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:9830eae6b8589e5a4a2e50d201a33f6e9b64ac3b04d7d045d7fd812609fde97a_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:b8f34f08a7a695f6ccf9b88e6c2ce1f1cae76f98d9005588424b0ef8a58f4549_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:bad2d6be0381249da08576fc6e733dd51cb30a0997b17b512c19a39b0e30df08_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:d201aa07519a56ee384d8ce004ff97ff4dcade74fed273dd5e731a0ce249c021_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6a8c24949c45070e83a5d492e7235969b2a241a37649baea8d8af48d8444f0db_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:787fc4e689380b857b2a4e62d2950952f97117b65cd84d033f2e8e8e9b28ef19_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:78aeb71e263279f23deaacb546676aa3739365e6581b3a2d8f1846339ec68f6f_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8b22279c558993df180f6dce49f37a429804031963185415d70eafe4af1d5875_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:1b9ba50e0ed691c3f38bbfa1c979ad91ffbc618fea4ee91748412d941c53a5da_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:84a239c3762ffa42bde673f5e6715acabcafa67122ad8684b9c6672fc1300cea_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:c2d65b2417e8c05886b3cb50c7696ae83e04418aebc4dc6f6c96ecebe39991ac_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9b37a43bac0c38e9b7debf427890b9b664d93b2ccd8c4298e860b7ee89ee3c43_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6e0d179df39acec2ac05188366be788a84d35613145c24054a90656712108fe5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a0d02b6a2c597aa278b5b512185ffc0dde7ea1769e1178907cd0dbe5b739309b_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d18d9c62d72faf3bf5388fa994dfe715a5f46d3a7ea5042952de7f1a750f297e_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:637054b16092a2f972f7da7c1d47c00f5f2ca670b464374d68cbeabd25db3889_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:048a42a26c19cbc973e36284a7a80018af580c97d7046bfc513e7cdfae45292f_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:132c4a7071f70729f971e7c258a60c8b2c6d6427adae3014acdb066fb3415cbb_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:3ae36f520f4560f23b7b4ecbe24fd9bfb6dc3199aaa0bed38dec7c381e5b4067_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-34986"
},
{
"category": "external",
"summary": "RHBZ#2455470",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2455470"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-34986",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34986"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-34986",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34986"
},
{
"category": "external",
"summary": "https://github.com/go-jose/go-jose/security/advisories/GHSA-78h2-9frx-2jm8",
"url": "https://github.com/go-jose/go-jose/security/advisories/GHSA-78h2-9frx-2jm8"
},
{
"category": "external",
"summary": "https://pkg.go.dev/github.com/go-jose/go-jose/v4#pkg-constants",
"url": "https://pkg.go.dev/github.com/go-jose/go-jose/v4#pkg-constants"
}
],
"release_date": "2026-04-06T16:22:45.353000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-30T01:20:06+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:2c3c6f149c673cfd68cb5cc62f75bb75480a8d4f4470a7de93191bca1cc0f253_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:593f1bf28190a411fde00fc5bedf5ca4059b0213b7c3e6455c205aa18ad7d7d5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:9ad34f2c10bd76352bd771579118ffdcc2a2138a0d1aecae4867b5772cd56814_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:11996"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:9830eae6b8589e5a4a2e50d201a33f6e9b64ac3b04d7d045d7fd812609fde97a_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:b8f34f08a7a695f6ccf9b88e6c2ce1f1cae76f98d9005588424b0ef8a58f4549_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:bad2d6be0381249da08576fc6e733dd51cb30a0997b17b512c19a39b0e30df08_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:d201aa07519a56ee384d8ce004ff97ff4dcade74fed273dd5e731a0ce249c021_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6a8c24949c45070e83a5d492e7235969b2a241a37649baea8d8af48d8444f0db_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:787fc4e689380b857b2a4e62d2950952f97117b65cd84d033f2e8e8e9b28ef19_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:78aeb71e263279f23deaacb546676aa3739365e6581b3a2d8f1846339ec68f6f_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8b22279c558993df180f6dce49f37a429804031963185415d70eafe4af1d5875_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:1b9ba50e0ed691c3f38bbfa1c979ad91ffbc618fea4ee91748412d941c53a5da_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:84a239c3762ffa42bde673f5e6715acabcafa67122ad8684b9c6672fc1300cea_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:c2d65b2417e8c05886b3cb50c7696ae83e04418aebc4dc6f6c96ecebe39991ac_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9b37a43bac0c38e9b7debf427890b9b664d93b2ccd8c4298e860b7ee89ee3c43_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6e0d179df39acec2ac05188366be788a84d35613145c24054a90656712108fe5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a0d02b6a2c597aa278b5b512185ffc0dde7ea1769e1178907cd0dbe5b739309b_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d18d9c62d72faf3bf5388fa994dfe715a5f46d3a7ea5042952de7f1a750f297e_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:637054b16092a2f972f7da7c1d47c00f5f2ca670b464374d68cbeabd25db3889_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:048a42a26c19cbc973e36284a7a80018af580c97d7046bfc513e7cdfae45292f_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:132c4a7071f70729f971e7c258a60c8b2c6d6427adae3014acdb066fb3415cbb_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:3ae36f520f4560f23b7b4ecbe24fd9bfb6dc3199aaa0bed38dec7c381e5b4067_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:2c3c6f149c673cfd68cb5cc62f75bb75480a8d4f4470a7de93191bca1cc0f253_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:593f1bf28190a411fde00fc5bedf5ca4059b0213b7c3e6455c205aa18ad7d7d5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:9ad34f2c10bd76352bd771579118ffdcc2a2138a0d1aecae4867b5772cd56814_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:9830eae6b8589e5a4a2e50d201a33f6e9b64ac3b04d7d045d7fd812609fde97a_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:b8f34f08a7a695f6ccf9b88e6c2ce1f1cae76f98d9005588424b0ef8a58f4549_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:bad2d6be0381249da08576fc6e733dd51cb30a0997b17b512c19a39b0e30df08_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:d201aa07519a56ee384d8ce004ff97ff4dcade74fed273dd5e731a0ce249c021_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6a8c24949c45070e83a5d492e7235969b2a241a37649baea8d8af48d8444f0db_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:787fc4e689380b857b2a4e62d2950952f97117b65cd84d033f2e8e8e9b28ef19_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:78aeb71e263279f23deaacb546676aa3739365e6581b3a2d8f1846339ec68f6f_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8b22279c558993df180f6dce49f37a429804031963185415d70eafe4af1d5875_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:1b9ba50e0ed691c3f38bbfa1c979ad91ffbc618fea4ee91748412d941c53a5da_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:84a239c3762ffa42bde673f5e6715acabcafa67122ad8684b9c6672fc1300cea_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:c2d65b2417e8c05886b3cb50c7696ae83e04418aebc4dc6f6c96ecebe39991ac_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9b37a43bac0c38e9b7debf427890b9b664d93b2ccd8c4298e860b7ee89ee3c43_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6e0d179df39acec2ac05188366be788a84d35613145c24054a90656712108fe5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a0d02b6a2c597aa278b5b512185ffc0dde7ea1769e1178907cd0dbe5b739309b_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d18d9c62d72faf3bf5388fa994dfe715a5f46d3a7ea5042952de7f1a750f297e_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:637054b16092a2f972f7da7c1d47c00f5f2ca670b464374d68cbeabd25db3889_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:048a42a26c19cbc973e36284a7a80018af580c97d7046bfc513e7cdfae45292f_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:132c4a7071f70729f971e7c258a60c8b2c6d6427adae3014acdb066fb3415cbb_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:3ae36f520f4560f23b7b4ecbe24fd9bfb6dc3199aaa0bed38dec7c381e5b4067_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:2c3c6f149c673cfd68cb5cc62f75bb75480a8d4f4470a7de93191bca1cc0f253_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:593f1bf28190a411fde00fc5bedf5ca4059b0213b7c3e6455c205aa18ad7d7d5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:9ad34f2c10bd76352bd771579118ffdcc2a2138a0d1aecae4867b5772cd56814_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "github.com/go-jose/go-jose/v3: github.com/go-jose/go-jose/v4: Go JOSE: Denial of Service via crafted JSON Web Encryption (JWE) object"
}
]
}
RHSA-2026:12028
Vulnerability from csaf_redhat - Published: 2026-04-30 03:03 - Updated: 2026-06-27 14:37Summary
Red Hat Security Advisory: podman security update
Severity
Important
Notes
Topic: An update for podman is now available for Red Hat Enterprise Linux 9.4 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use container pods. Container pods is a concept in Kubernetes.
Security Fix(es):
* crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate (CVE-2025-61729)
* golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip (CVE-2025-61728)
* golang: net/url: Memory exhaustion in query parameter parsing in net/url (CVE-2025-61726)
* crypto/tls: Unexpected session resumption in crypto/tls (CVE-2025-68121)
* net/url: Incorrect parsing of IPv6 host literals in net/url (CVE-2026-25679)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted HTTP request containing a massive number of query parameters will cause the application to consume an excessive amount of memory, eventually causing the application to crash or become unresponsive, resulting in a denial of service.
7.5 (High)
Affected products
Fixed
34 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.4.0.Z.EUS:podman-4:4.9.4-20.el9_4.2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:podman-4:4.9.4-20.el9_4.2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:podman-4:4.9.4-20.el9_4.2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:podman-4:4.9.4-20.el9_4.2.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:podman-4:4.9.4-20.el9_4.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:podman-debuginfo-4:4.9.4-20.el9_4.2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:podman-debuginfo-4:4.9.4-20.el9_4.2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:podman-debuginfo-4:4.9.4-20.el9_4.2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:podman-debuginfo-4:4.9.4-20.el9_4.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:podman-debugsource-4:4.9.4-20.el9_4.2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:podman-debugsource-4:4.9.4-20.el9_4.2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:podman-debugsource-4:4.9.4-20.el9_4.2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:podman-debugsource-4:4.9.4-20.el9_4.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:podman-docker-4:4.9.4-20.el9_4.2.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:podman-plugins-4:4.9.4-20.el9_4.2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:podman-plugins-4:4.9.4-20.el9_4.2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:podman-plugins-4:4.9.4-20.el9_4.2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:podman-plugins-4:4.9.4-20.el9_4.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:podman-plugins-debuginfo-4:4.9.4-20.el9_4.2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:podman-plugins-debuginfo-4:4.9.4-20.el9_4.2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:podman-plugins-debuginfo-4:4.9.4-20.el9_4.2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:podman-plugins-debuginfo-4:4.9.4-20.el9_4.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:podman-remote-4:4.9.4-20.el9_4.2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:podman-remote-4:4.9.4-20.el9_4.2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:podman-remote-4:4.9.4-20.el9_4.2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:podman-remote-4:4.9.4-20.el9_4.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:podman-remote-debuginfo-4:4.9.4-20.el9_4.2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:podman-remote-debuginfo-4:4.9.4-20.el9_4.2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:podman-remote-debuginfo-4:4.9.4-20.el9_4.2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:podman-remote-debuginfo-4:4.9.4-20.el9_4.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:podman-tests-4:4.9.4-20.el9_4.2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:podman-tests-4:4.9.4-20.el9_4.2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:podman-tests-4:4.9.4-20.el9_4.2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:podman-tests-4:4.9.4-20.el9_4.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in the archive/zip package in the Go standard library. A super-linear file name indexing algorithm is used in the first time a file in an archive is opened. A crafted zip archive containing a specific arrangement of file names can cause an excessive CPU and memory consumption. A Go application processing a malicious archive can become unresponsive or crash, resulting in a denial of service.
7.5 (High)
Affected products
Fixed
34 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.4.0.Z.EUS:podman-4:4.9.4-20.el9_4.2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:podman-4:4.9.4-20.el9_4.2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:podman-4:4.9.4-20.el9_4.2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:podman-4:4.9.4-20.el9_4.2.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:podman-4:4.9.4-20.el9_4.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:podman-debuginfo-4:4.9.4-20.el9_4.2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:podman-debuginfo-4:4.9.4-20.el9_4.2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:podman-debuginfo-4:4.9.4-20.el9_4.2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:podman-debuginfo-4:4.9.4-20.el9_4.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:podman-debugsource-4:4.9.4-20.el9_4.2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:podman-debugsource-4:4.9.4-20.el9_4.2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:podman-debugsource-4:4.9.4-20.el9_4.2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:podman-debugsource-4:4.9.4-20.el9_4.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:podman-docker-4:4.9.4-20.el9_4.2.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:podman-plugins-4:4.9.4-20.el9_4.2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:podman-plugins-4:4.9.4-20.el9_4.2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:podman-plugins-4:4.9.4-20.el9_4.2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:podman-plugins-4:4.9.4-20.el9_4.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:podman-plugins-debuginfo-4:4.9.4-20.el9_4.2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:podman-plugins-debuginfo-4:4.9.4-20.el9_4.2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:podman-plugins-debuginfo-4:4.9.4-20.el9_4.2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:podman-plugins-debuginfo-4:4.9.4-20.el9_4.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:podman-remote-4:4.9.4-20.el9_4.2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:podman-remote-4:4.9.4-20.el9_4.2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:podman-remote-4:4.9.4-20.el9_4.2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:podman-remote-4:4.9.4-20.el9_4.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:podman-remote-debuginfo-4:4.9.4-20.el9_4.2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:podman-remote-debuginfo-4:4.9.4-20.el9_4.2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:podman-remote-debuginfo-4:4.9.4-20.el9_4.2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:podman-remote-debuginfo-4:4.9.4-20.el9_4.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:podman-tests-4:4.9.4-20.el9_4.2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:podman-tests-4:4.9.4-20.el9_4.2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:podman-tests-4:4.9.4-20.el9_4.2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:podman-tests-4:4.9.4-20.el9_4.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the `HostnameError.Error()` function. This flaw, caused by unbounded string concatenation, leads to excessive resource consumption. Successful exploitation can result in a denial of service (DoS) for the affected system.
7.5 (High)
Affected products
Fixed
34 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.4.0.Z.EUS:podman-4:4.9.4-20.el9_4.2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:podman-4:4.9.4-20.el9_4.2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:podman-4:4.9.4-20.el9_4.2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:podman-4:4.9.4-20.el9_4.2.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:podman-4:4.9.4-20.el9_4.2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:podman-debuginfo-4:4.9.4-20.el9_4.2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:podman-debuginfo-4:4.9.4-20.el9_4.2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:podman-debuginfo-4:4.9.4-20.el9_4.2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:podman-debuginfo-4:4.9.4-20.el9_4.2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:podman-debugsource-4:4.9.4-20.el9_4.2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:podman-debugsource-4:4.9.4-20.el9_4.2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:podman-debugsource-4:4.9.4-20.el9_4.2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:podman-debugsource-4:4.9.4-20.el9_4.2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:podman-docker-4:4.9.4-20.el9_4.2.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:podman-plugins-4:4.9.4-20.el9_4.2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:podman-plugins-4:4.9.4-20.el9_4.2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:podman-plugins-4:4.9.4-20.el9_4.2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:podman-plugins-4:4.9.4-20.el9_4.2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:podman-plugins-debuginfo-4:4.9.4-20.el9_4.2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:podman-plugins-debuginfo-4:4.9.4-20.el9_4.2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:podman-plugins-debuginfo-4:4.9.4-20.el9_4.2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:podman-plugins-debuginfo-4:4.9.4-20.el9_4.2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:podman-remote-4:4.9.4-20.el9_4.2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:podman-remote-4:4.9.4-20.el9_4.2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:podman-remote-4:4.9.4-20.el9_4.2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:podman-remote-4:4.9.4-20.el9_4.2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:podman-remote-debuginfo-4:4.9.4-20.el9_4.2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:podman-remote-debuginfo-4:4.9.4-20.el9_4.2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:podman-remote-debuginfo-4:4.9.4-20.el9_4.2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:podman-remote-debuginfo-4:4.9.4-20.el9_4.2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:podman-tests-4:4.9.4-20.el9_4.2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:podman-tests-4:4.9.4-20.el9_4.2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:podman-tests-4:4.9.4-20.el9_4.2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:podman-tests-4:4.9.4-20.el9_4.2.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Important
A flaw was found in the crypto/tls component. This vulnerability occurs during Transport Layer Security (TLS) session resumption when certificate authority (CA) settings are modified between the initial and resumed handshakes. An attacker could exploit this to bypass certificate validation, allowing a client or server to establish a connection that should have been rejected. This could lead to an authentication bypass under specific conditions.
7.4 (High)
Affected products
Fixed
34 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.4.0.Z.EUS:podman-4:4.9.4-20.el9_4.2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:podman-4:4.9.4-20.el9_4.2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:podman-4:4.9.4-20.el9_4.2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:podman-4:4.9.4-20.el9_4.2.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:podman-4:4.9.4-20.el9_4.2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:podman-debuginfo-4:4.9.4-20.el9_4.2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:podman-debuginfo-4:4.9.4-20.el9_4.2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:podman-debuginfo-4:4.9.4-20.el9_4.2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:podman-debuginfo-4:4.9.4-20.el9_4.2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:podman-debugsource-4:4.9.4-20.el9_4.2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:podman-debugsource-4:4.9.4-20.el9_4.2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:podman-debugsource-4:4.9.4-20.el9_4.2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:podman-debugsource-4:4.9.4-20.el9_4.2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:podman-docker-4:4.9.4-20.el9_4.2.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:podman-plugins-4:4.9.4-20.el9_4.2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:podman-plugins-4:4.9.4-20.el9_4.2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:podman-plugins-4:4.9.4-20.el9_4.2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:podman-plugins-4:4.9.4-20.el9_4.2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:podman-plugins-debuginfo-4:4.9.4-20.el9_4.2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:podman-plugins-debuginfo-4:4.9.4-20.el9_4.2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:podman-plugins-debuginfo-4:4.9.4-20.el9_4.2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:podman-plugins-debuginfo-4:4.9.4-20.el9_4.2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:podman-remote-4:4.9.4-20.el9_4.2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:podman-remote-4:4.9.4-20.el9_4.2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:podman-remote-4:4.9.4-20.el9_4.2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:podman-remote-4:4.9.4-20.el9_4.2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:podman-remote-debuginfo-4:4.9.4-20.el9_4.2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:podman-remote-debuginfo-4:4.9.4-20.el9_4.2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:podman-remote-debuginfo-4:4.9.4-20.el9_4.2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:podman-remote-debuginfo-4:4.9.4-20.el9_4.2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:podman-tests-4:4.9.4-20.el9_4.2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:podman-tests-4:4.9.4-20.el9_4.2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:podman-tests-4:4.9.4-20.el9_4.2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:podman-tests-4:4.9.4-20.el9_4.2.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid.
7.5 (High)
Affected products
Fixed
34 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.4.0.Z.EUS:podman-4:4.9.4-20.el9_4.2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:podman-4:4.9.4-20.el9_4.2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:podman-4:4.9.4-20.el9_4.2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:podman-4:4.9.4-20.el9_4.2.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:podman-4:4.9.4-20.el9_4.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:podman-debuginfo-4:4.9.4-20.el9_4.2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:podman-debuginfo-4:4.9.4-20.el9_4.2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:podman-debuginfo-4:4.9.4-20.el9_4.2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:podman-debuginfo-4:4.9.4-20.el9_4.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:podman-debugsource-4:4.9.4-20.el9_4.2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:podman-debugsource-4:4.9.4-20.el9_4.2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:podman-debugsource-4:4.9.4-20.el9_4.2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:podman-debugsource-4:4.9.4-20.el9_4.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:podman-docker-4:4.9.4-20.el9_4.2.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:podman-plugins-4:4.9.4-20.el9_4.2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:podman-plugins-4:4.9.4-20.el9_4.2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:podman-plugins-4:4.9.4-20.el9_4.2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:podman-plugins-4:4.9.4-20.el9_4.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:podman-plugins-debuginfo-4:4.9.4-20.el9_4.2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:podman-plugins-debuginfo-4:4.9.4-20.el9_4.2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:podman-plugins-debuginfo-4:4.9.4-20.el9_4.2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:podman-plugins-debuginfo-4:4.9.4-20.el9_4.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:podman-remote-4:4.9.4-20.el9_4.2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:podman-remote-4:4.9.4-20.el9_4.2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:podman-remote-4:4.9.4-20.el9_4.2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:podman-remote-4:4.9.4-20.el9_4.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:podman-remote-debuginfo-4:4.9.4-20.el9_4.2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:podman-remote-debuginfo-4:4.9.4-20.el9_4.2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:podman-remote-debuginfo-4:4.9.4-20.el9_4.2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:podman-remote-debuginfo-4:4.9.4-20.el9_4.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:podman-tests-4:4.9.4-20.el9_4.2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:podman-tests-4:4.9.4-20.el9_4.2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:podman-tests-4:4.9.4-20.el9_4.2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:podman-tests-4:4.9.4-20.el9_4.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
References
47 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for podman is now available for Red Hat Enterprise Linux 9.4 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use container pods. Container pods is a concept in Kubernetes.\n\nSecurity Fix(es):\n\n* crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate (CVE-2025-61729)\n\n* golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip (CVE-2025-61728)\n\n* golang: net/url: Memory exhaustion in query parameter parsing in net/url (CVE-2025-61726)\n\n* crypto/tls: Unexpected session resumption in crypto/tls (CVE-2025-68121)\n\n* net/url: Incorrect parsing of IPv6 host literals in net/url (CVE-2026-25679)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:12028",
"url": "https://access.redhat.com/errata/RHSA-2026:12028"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2418462",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418462"
},
{
"category": "external",
"summary": "2434431",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2434431"
},
{
"category": "external",
"summary": "2434432",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2434432"
},
{
"category": "external",
"summary": "2437111",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2437111"
},
{
"category": "external",
"summary": "2445356",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445356"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_12028.json"
}
],
"title": "Red Hat Security Advisory: podman security update",
"tracking": {
"current_release_date": "2026-06-27T14:37:50+00:00",
"generator": {
"date": "2026-06-27T14:37:50+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.2.6"
}
},
"id": "RHSA-2026:12028",
"initial_release_date": "2026-04-30T03:03:35+00:00",
"revision_history": [
{
"date": "2026-04-30T03:03:35+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-04-30T03:03:35+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-27T14:37:50+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product": {
"name": "Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_eus:9.4::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "podman-4:4.9.4-20.el9_4.2.src",
"product": {
"name": "podman-4:4.9.4-20.el9_4.2.src",
"product_id": "podman-4:4.9.4-20.el9_4.2.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman@4.9.4-20.el9_4.2?arch=src\u0026epoch=4"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "podman-4:4.9.4-20.el9_4.2.aarch64",
"product": {
"name": "podman-4:4.9.4-20.el9_4.2.aarch64",
"product_id": "podman-4:4.9.4-20.el9_4.2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman@4.9.4-20.el9_4.2?arch=aarch64\u0026epoch=4"
}
}
},
{
"category": "product_version",
"name": "podman-plugins-4:4.9.4-20.el9_4.2.aarch64",
"product": {
"name": "podman-plugins-4:4.9.4-20.el9_4.2.aarch64",
"product_id": "podman-plugins-4:4.9.4-20.el9_4.2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-plugins@4.9.4-20.el9_4.2?arch=aarch64\u0026epoch=4"
}
}
},
{
"category": "product_version",
"name": "podman-remote-4:4.9.4-20.el9_4.2.aarch64",
"product": {
"name": "podman-remote-4:4.9.4-20.el9_4.2.aarch64",
"product_id": "podman-remote-4:4.9.4-20.el9_4.2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-remote@4.9.4-20.el9_4.2?arch=aarch64\u0026epoch=4"
}
}
},
{
"category": "product_version",
"name": "podman-tests-4:4.9.4-20.el9_4.2.aarch64",
"product": {
"name": "podman-tests-4:4.9.4-20.el9_4.2.aarch64",
"product_id": "podman-tests-4:4.9.4-20.el9_4.2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-tests@4.9.4-20.el9_4.2?arch=aarch64\u0026epoch=4"
}
}
},
{
"category": "product_version",
"name": "podman-debugsource-4:4.9.4-20.el9_4.2.aarch64",
"product": {
"name": "podman-debugsource-4:4.9.4-20.el9_4.2.aarch64",
"product_id": "podman-debugsource-4:4.9.4-20.el9_4.2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-debugsource@4.9.4-20.el9_4.2?arch=aarch64\u0026epoch=4"
}
}
},
{
"category": "product_version",
"name": "podman-debuginfo-4:4.9.4-20.el9_4.2.aarch64",
"product": {
"name": "podman-debuginfo-4:4.9.4-20.el9_4.2.aarch64",
"product_id": "podman-debuginfo-4:4.9.4-20.el9_4.2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-debuginfo@4.9.4-20.el9_4.2?arch=aarch64\u0026epoch=4"
}
}
},
{
"category": "product_version",
"name": "podman-plugins-debuginfo-4:4.9.4-20.el9_4.2.aarch64",
"product": {
"name": "podman-plugins-debuginfo-4:4.9.4-20.el9_4.2.aarch64",
"product_id": "podman-plugins-debuginfo-4:4.9.4-20.el9_4.2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-plugins-debuginfo@4.9.4-20.el9_4.2?arch=aarch64\u0026epoch=4"
}
}
},
{
"category": "product_version",
"name": "podman-remote-debuginfo-4:4.9.4-20.el9_4.2.aarch64",
"product": {
"name": "podman-remote-debuginfo-4:4.9.4-20.el9_4.2.aarch64",
"product_id": "podman-remote-debuginfo-4:4.9.4-20.el9_4.2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-remote-debuginfo@4.9.4-20.el9_4.2?arch=aarch64\u0026epoch=4"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "podman-4:4.9.4-20.el9_4.2.ppc64le",
"product": {
"name": "podman-4:4.9.4-20.el9_4.2.ppc64le",
"product_id": "podman-4:4.9.4-20.el9_4.2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman@4.9.4-20.el9_4.2?arch=ppc64le\u0026epoch=4"
}
}
},
{
"category": "product_version",
"name": "podman-plugins-4:4.9.4-20.el9_4.2.ppc64le",
"product": {
"name": "podman-plugins-4:4.9.4-20.el9_4.2.ppc64le",
"product_id": "podman-plugins-4:4.9.4-20.el9_4.2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-plugins@4.9.4-20.el9_4.2?arch=ppc64le\u0026epoch=4"
}
}
},
{
"category": "product_version",
"name": "podman-remote-4:4.9.4-20.el9_4.2.ppc64le",
"product": {
"name": "podman-remote-4:4.9.4-20.el9_4.2.ppc64le",
"product_id": "podman-remote-4:4.9.4-20.el9_4.2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-remote@4.9.4-20.el9_4.2?arch=ppc64le\u0026epoch=4"
}
}
},
{
"category": "product_version",
"name": "podman-tests-4:4.9.4-20.el9_4.2.ppc64le",
"product": {
"name": "podman-tests-4:4.9.4-20.el9_4.2.ppc64le",
"product_id": "podman-tests-4:4.9.4-20.el9_4.2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-tests@4.9.4-20.el9_4.2?arch=ppc64le\u0026epoch=4"
}
}
},
{
"category": "product_version",
"name": "podman-debugsource-4:4.9.4-20.el9_4.2.ppc64le",
"product": {
"name": "podman-debugsource-4:4.9.4-20.el9_4.2.ppc64le",
"product_id": "podman-debugsource-4:4.9.4-20.el9_4.2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-debugsource@4.9.4-20.el9_4.2?arch=ppc64le\u0026epoch=4"
}
}
},
{
"category": "product_version",
"name": "podman-debuginfo-4:4.9.4-20.el9_4.2.ppc64le",
"product": {
"name": "podman-debuginfo-4:4.9.4-20.el9_4.2.ppc64le",
"product_id": "podman-debuginfo-4:4.9.4-20.el9_4.2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-debuginfo@4.9.4-20.el9_4.2?arch=ppc64le\u0026epoch=4"
}
}
},
{
"category": "product_version",
"name": "podman-plugins-debuginfo-4:4.9.4-20.el9_4.2.ppc64le",
"product": {
"name": "podman-plugins-debuginfo-4:4.9.4-20.el9_4.2.ppc64le",
"product_id": "podman-plugins-debuginfo-4:4.9.4-20.el9_4.2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-plugins-debuginfo@4.9.4-20.el9_4.2?arch=ppc64le\u0026epoch=4"
}
}
},
{
"category": "product_version",
"name": "podman-remote-debuginfo-4:4.9.4-20.el9_4.2.ppc64le",
"product": {
"name": "podman-remote-debuginfo-4:4.9.4-20.el9_4.2.ppc64le",
"product_id": "podman-remote-debuginfo-4:4.9.4-20.el9_4.2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-remote-debuginfo@4.9.4-20.el9_4.2?arch=ppc64le\u0026epoch=4"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "podman-4:4.9.4-20.el9_4.2.x86_64",
"product": {
"name": "podman-4:4.9.4-20.el9_4.2.x86_64",
"product_id": "podman-4:4.9.4-20.el9_4.2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman@4.9.4-20.el9_4.2?arch=x86_64\u0026epoch=4"
}
}
},
{
"category": "product_version",
"name": "podman-plugins-4:4.9.4-20.el9_4.2.x86_64",
"product": {
"name": "podman-plugins-4:4.9.4-20.el9_4.2.x86_64",
"product_id": "podman-plugins-4:4.9.4-20.el9_4.2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-plugins@4.9.4-20.el9_4.2?arch=x86_64\u0026epoch=4"
}
}
},
{
"category": "product_version",
"name": "podman-remote-4:4.9.4-20.el9_4.2.x86_64",
"product": {
"name": "podman-remote-4:4.9.4-20.el9_4.2.x86_64",
"product_id": "podman-remote-4:4.9.4-20.el9_4.2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-remote@4.9.4-20.el9_4.2?arch=x86_64\u0026epoch=4"
}
}
},
{
"category": "product_version",
"name": "podman-tests-4:4.9.4-20.el9_4.2.x86_64",
"product": {
"name": "podman-tests-4:4.9.4-20.el9_4.2.x86_64",
"product_id": "podman-tests-4:4.9.4-20.el9_4.2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-tests@4.9.4-20.el9_4.2?arch=x86_64\u0026epoch=4"
}
}
},
{
"category": "product_version",
"name": "podman-debugsource-4:4.9.4-20.el9_4.2.x86_64",
"product": {
"name": "podman-debugsource-4:4.9.4-20.el9_4.2.x86_64",
"product_id": "podman-debugsource-4:4.9.4-20.el9_4.2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-debugsource@4.9.4-20.el9_4.2?arch=x86_64\u0026epoch=4"
}
}
},
{
"category": "product_version",
"name": "podman-debuginfo-4:4.9.4-20.el9_4.2.x86_64",
"product": {
"name": "podman-debuginfo-4:4.9.4-20.el9_4.2.x86_64",
"product_id": "podman-debuginfo-4:4.9.4-20.el9_4.2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-debuginfo@4.9.4-20.el9_4.2?arch=x86_64\u0026epoch=4"
}
}
},
{
"category": "product_version",
"name": "podman-plugins-debuginfo-4:4.9.4-20.el9_4.2.x86_64",
"product": {
"name": "podman-plugins-debuginfo-4:4.9.4-20.el9_4.2.x86_64",
"product_id": "podman-plugins-debuginfo-4:4.9.4-20.el9_4.2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-plugins-debuginfo@4.9.4-20.el9_4.2?arch=x86_64\u0026epoch=4"
}
}
},
{
"category": "product_version",
"name": "podman-remote-debuginfo-4:4.9.4-20.el9_4.2.x86_64",
"product": {
"name": "podman-remote-debuginfo-4:4.9.4-20.el9_4.2.x86_64",
"product_id": "podman-remote-debuginfo-4:4.9.4-20.el9_4.2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-remote-debuginfo@4.9.4-20.el9_4.2?arch=x86_64\u0026epoch=4"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "podman-4:4.9.4-20.el9_4.2.s390x",
"product": {
"name": "podman-4:4.9.4-20.el9_4.2.s390x",
"product_id": "podman-4:4.9.4-20.el9_4.2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman@4.9.4-20.el9_4.2?arch=s390x\u0026epoch=4"
}
}
},
{
"category": "product_version",
"name": "podman-plugins-4:4.9.4-20.el9_4.2.s390x",
"product": {
"name": "podman-plugins-4:4.9.4-20.el9_4.2.s390x",
"product_id": "podman-plugins-4:4.9.4-20.el9_4.2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-plugins@4.9.4-20.el9_4.2?arch=s390x\u0026epoch=4"
}
}
},
{
"category": "product_version",
"name": "podman-remote-4:4.9.4-20.el9_4.2.s390x",
"product": {
"name": "podman-remote-4:4.9.4-20.el9_4.2.s390x",
"product_id": "podman-remote-4:4.9.4-20.el9_4.2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-remote@4.9.4-20.el9_4.2?arch=s390x\u0026epoch=4"
}
}
},
{
"category": "product_version",
"name": "podman-tests-4:4.9.4-20.el9_4.2.s390x",
"product": {
"name": "podman-tests-4:4.9.4-20.el9_4.2.s390x",
"product_id": "podman-tests-4:4.9.4-20.el9_4.2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-tests@4.9.4-20.el9_4.2?arch=s390x\u0026epoch=4"
}
}
},
{
"category": "product_version",
"name": "podman-debugsource-4:4.9.4-20.el9_4.2.s390x",
"product": {
"name": "podman-debugsource-4:4.9.4-20.el9_4.2.s390x",
"product_id": "podman-debugsource-4:4.9.4-20.el9_4.2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-debugsource@4.9.4-20.el9_4.2?arch=s390x\u0026epoch=4"
}
}
},
{
"category": "product_version",
"name": "podman-debuginfo-4:4.9.4-20.el9_4.2.s390x",
"product": {
"name": "podman-debuginfo-4:4.9.4-20.el9_4.2.s390x",
"product_id": "podman-debuginfo-4:4.9.4-20.el9_4.2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-debuginfo@4.9.4-20.el9_4.2?arch=s390x\u0026epoch=4"
}
}
},
{
"category": "product_version",
"name": "podman-plugins-debuginfo-4:4.9.4-20.el9_4.2.s390x",
"product": {
"name": "podman-plugins-debuginfo-4:4.9.4-20.el9_4.2.s390x",
"product_id": "podman-plugins-debuginfo-4:4.9.4-20.el9_4.2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-plugins-debuginfo@4.9.4-20.el9_4.2?arch=s390x\u0026epoch=4"
}
}
},
{
"category": "product_version",
"name": "podman-remote-debuginfo-4:4.9.4-20.el9_4.2.s390x",
"product": {
"name": "podman-remote-debuginfo-4:4.9.4-20.el9_4.2.s390x",
"product_id": "podman-remote-debuginfo-4:4.9.4-20.el9_4.2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-remote-debuginfo@4.9.4-20.el9_4.2?arch=s390x\u0026epoch=4"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "podman-docker-4:4.9.4-20.el9_4.2.noarch",
"product": {
"name": "podman-docker-4:4.9.4-20.el9_4.2.noarch",
"product_id": "podman-docker-4:4.9.4-20.el9_4.2.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-docker@4.9.4-20.el9_4.2?arch=noarch\u0026epoch=4"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-4:4.9.4-20.el9_4.2.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:podman-4:4.9.4-20.el9_4.2.aarch64"
},
"product_reference": "podman-4:4.9.4-20.el9_4.2.aarch64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-4:4.9.4-20.el9_4.2.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:podman-4:4.9.4-20.el9_4.2.ppc64le"
},
"product_reference": "podman-4:4.9.4-20.el9_4.2.ppc64le",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-4:4.9.4-20.el9_4.2.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:podman-4:4.9.4-20.el9_4.2.s390x"
},
"product_reference": "podman-4:4.9.4-20.el9_4.2.s390x",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-4:4.9.4-20.el9_4.2.src as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:podman-4:4.9.4-20.el9_4.2.src"
},
"product_reference": "podman-4:4.9.4-20.el9_4.2.src",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-4:4.9.4-20.el9_4.2.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:podman-4:4.9.4-20.el9_4.2.x86_64"
},
"product_reference": "podman-4:4.9.4-20.el9_4.2.x86_64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-debuginfo-4:4.9.4-20.el9_4.2.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:podman-debuginfo-4:4.9.4-20.el9_4.2.aarch64"
},
"product_reference": "podman-debuginfo-4:4.9.4-20.el9_4.2.aarch64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-debuginfo-4:4.9.4-20.el9_4.2.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:podman-debuginfo-4:4.9.4-20.el9_4.2.ppc64le"
},
"product_reference": "podman-debuginfo-4:4.9.4-20.el9_4.2.ppc64le",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-debuginfo-4:4.9.4-20.el9_4.2.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:podman-debuginfo-4:4.9.4-20.el9_4.2.s390x"
},
"product_reference": "podman-debuginfo-4:4.9.4-20.el9_4.2.s390x",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-debuginfo-4:4.9.4-20.el9_4.2.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:podman-debuginfo-4:4.9.4-20.el9_4.2.x86_64"
},
"product_reference": "podman-debuginfo-4:4.9.4-20.el9_4.2.x86_64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-debugsource-4:4.9.4-20.el9_4.2.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:podman-debugsource-4:4.9.4-20.el9_4.2.aarch64"
},
"product_reference": "podman-debugsource-4:4.9.4-20.el9_4.2.aarch64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-debugsource-4:4.9.4-20.el9_4.2.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:podman-debugsource-4:4.9.4-20.el9_4.2.ppc64le"
},
"product_reference": "podman-debugsource-4:4.9.4-20.el9_4.2.ppc64le",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-debugsource-4:4.9.4-20.el9_4.2.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:podman-debugsource-4:4.9.4-20.el9_4.2.s390x"
},
"product_reference": "podman-debugsource-4:4.9.4-20.el9_4.2.s390x",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-debugsource-4:4.9.4-20.el9_4.2.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:podman-debugsource-4:4.9.4-20.el9_4.2.x86_64"
},
"product_reference": "podman-debugsource-4:4.9.4-20.el9_4.2.x86_64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-docker-4:4.9.4-20.el9_4.2.noarch as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:podman-docker-4:4.9.4-20.el9_4.2.noarch"
},
"product_reference": "podman-docker-4:4.9.4-20.el9_4.2.noarch",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-plugins-4:4.9.4-20.el9_4.2.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:podman-plugins-4:4.9.4-20.el9_4.2.aarch64"
},
"product_reference": "podman-plugins-4:4.9.4-20.el9_4.2.aarch64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-plugins-4:4.9.4-20.el9_4.2.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:podman-plugins-4:4.9.4-20.el9_4.2.ppc64le"
},
"product_reference": "podman-plugins-4:4.9.4-20.el9_4.2.ppc64le",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-plugins-4:4.9.4-20.el9_4.2.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:podman-plugins-4:4.9.4-20.el9_4.2.s390x"
},
"product_reference": "podman-plugins-4:4.9.4-20.el9_4.2.s390x",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-plugins-4:4.9.4-20.el9_4.2.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:podman-plugins-4:4.9.4-20.el9_4.2.x86_64"
},
"product_reference": "podman-plugins-4:4.9.4-20.el9_4.2.x86_64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-plugins-debuginfo-4:4.9.4-20.el9_4.2.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:podman-plugins-debuginfo-4:4.9.4-20.el9_4.2.aarch64"
},
"product_reference": "podman-plugins-debuginfo-4:4.9.4-20.el9_4.2.aarch64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-plugins-debuginfo-4:4.9.4-20.el9_4.2.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:podman-plugins-debuginfo-4:4.9.4-20.el9_4.2.ppc64le"
},
"product_reference": "podman-plugins-debuginfo-4:4.9.4-20.el9_4.2.ppc64le",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-plugins-debuginfo-4:4.9.4-20.el9_4.2.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:podman-plugins-debuginfo-4:4.9.4-20.el9_4.2.s390x"
},
"product_reference": "podman-plugins-debuginfo-4:4.9.4-20.el9_4.2.s390x",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-plugins-debuginfo-4:4.9.4-20.el9_4.2.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:podman-plugins-debuginfo-4:4.9.4-20.el9_4.2.x86_64"
},
"product_reference": "podman-plugins-debuginfo-4:4.9.4-20.el9_4.2.x86_64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-remote-4:4.9.4-20.el9_4.2.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:podman-remote-4:4.9.4-20.el9_4.2.aarch64"
},
"product_reference": "podman-remote-4:4.9.4-20.el9_4.2.aarch64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-remote-4:4.9.4-20.el9_4.2.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:podman-remote-4:4.9.4-20.el9_4.2.ppc64le"
},
"product_reference": "podman-remote-4:4.9.4-20.el9_4.2.ppc64le",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-remote-4:4.9.4-20.el9_4.2.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:podman-remote-4:4.9.4-20.el9_4.2.s390x"
},
"product_reference": "podman-remote-4:4.9.4-20.el9_4.2.s390x",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-remote-4:4.9.4-20.el9_4.2.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:podman-remote-4:4.9.4-20.el9_4.2.x86_64"
},
"product_reference": "podman-remote-4:4.9.4-20.el9_4.2.x86_64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-remote-debuginfo-4:4.9.4-20.el9_4.2.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:podman-remote-debuginfo-4:4.9.4-20.el9_4.2.aarch64"
},
"product_reference": "podman-remote-debuginfo-4:4.9.4-20.el9_4.2.aarch64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-remote-debuginfo-4:4.9.4-20.el9_4.2.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:podman-remote-debuginfo-4:4.9.4-20.el9_4.2.ppc64le"
},
"product_reference": "podman-remote-debuginfo-4:4.9.4-20.el9_4.2.ppc64le",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-remote-debuginfo-4:4.9.4-20.el9_4.2.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:podman-remote-debuginfo-4:4.9.4-20.el9_4.2.s390x"
},
"product_reference": "podman-remote-debuginfo-4:4.9.4-20.el9_4.2.s390x",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-remote-debuginfo-4:4.9.4-20.el9_4.2.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:podman-remote-debuginfo-4:4.9.4-20.el9_4.2.x86_64"
},
"product_reference": "podman-remote-debuginfo-4:4.9.4-20.el9_4.2.x86_64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-tests-4:4.9.4-20.el9_4.2.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:podman-tests-4:4.9.4-20.el9_4.2.aarch64"
},
"product_reference": "podman-tests-4:4.9.4-20.el9_4.2.aarch64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-tests-4:4.9.4-20.el9_4.2.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:podman-tests-4:4.9.4-20.el9_4.2.ppc64le"
},
"product_reference": "podman-tests-4:4.9.4-20.el9_4.2.ppc64le",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-tests-4:4.9.4-20.el9_4.2.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:podman-tests-4:4.9.4-20.el9_4.2.s390x"
},
"product_reference": "podman-tests-4:4.9.4-20.el9_4.2.s390x",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-tests-4:4.9.4-20.el9_4.2.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:podman-tests-4:4.9.4-20.el9_4.2.x86_64"
},
"product_reference": "podman-tests-4:4.9.4-20.el9_4.2.x86_64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-61726",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-01-28T20:01:42.791305+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2434432"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted HTTP request containing a massive number of query parameters will cause the application to consume an excessive amount of memory, eventually causing the application to crash or become unresponsive, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/url: Memory exhaustion in query parameter parsing in net/url",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker must be able to send a specially crafted HTTP request to an application parsing URL-encoded forms with net/url, specifically a request containing a large number of unique query parameters. The request will cause the application to consume an excessive amount of memory and eventually result in a denial of service, with no impact to confidentiality or integrity. Due to this reason, this vulnerability has been rated with an important severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.4.0.Z.EUS:podman-4:4.9.4-20.el9_4.2.aarch64",
"AppStream-9.4.0.Z.EUS:podman-4:4.9.4-20.el9_4.2.ppc64le",
"AppStream-9.4.0.Z.EUS:podman-4:4.9.4-20.el9_4.2.s390x",
"AppStream-9.4.0.Z.EUS:podman-4:4.9.4-20.el9_4.2.src",
"AppStream-9.4.0.Z.EUS:podman-4:4.9.4-20.el9_4.2.x86_64",
"AppStream-9.4.0.Z.EUS:podman-debuginfo-4:4.9.4-20.el9_4.2.aarch64",
"AppStream-9.4.0.Z.EUS:podman-debuginfo-4:4.9.4-20.el9_4.2.ppc64le",
"AppStream-9.4.0.Z.EUS:podman-debuginfo-4:4.9.4-20.el9_4.2.s390x",
"AppStream-9.4.0.Z.EUS:podman-debuginfo-4:4.9.4-20.el9_4.2.x86_64",
"AppStream-9.4.0.Z.EUS:podman-debugsource-4:4.9.4-20.el9_4.2.aarch64",
"AppStream-9.4.0.Z.EUS:podman-debugsource-4:4.9.4-20.el9_4.2.ppc64le",
"AppStream-9.4.0.Z.EUS:podman-debugsource-4:4.9.4-20.el9_4.2.s390x",
"AppStream-9.4.0.Z.EUS:podman-debugsource-4:4.9.4-20.el9_4.2.x86_64",
"AppStream-9.4.0.Z.EUS:podman-docker-4:4.9.4-20.el9_4.2.noarch",
"AppStream-9.4.0.Z.EUS:podman-plugins-4:4.9.4-20.el9_4.2.aarch64",
"AppStream-9.4.0.Z.EUS:podman-plugins-4:4.9.4-20.el9_4.2.ppc64le",
"AppStream-9.4.0.Z.EUS:podman-plugins-4:4.9.4-20.el9_4.2.s390x",
"AppStream-9.4.0.Z.EUS:podman-plugins-4:4.9.4-20.el9_4.2.x86_64",
"AppStream-9.4.0.Z.EUS:podman-plugins-debuginfo-4:4.9.4-20.el9_4.2.aarch64",
"AppStream-9.4.0.Z.EUS:podman-plugins-debuginfo-4:4.9.4-20.el9_4.2.ppc64le",
"AppStream-9.4.0.Z.EUS:podman-plugins-debuginfo-4:4.9.4-20.el9_4.2.s390x",
"AppStream-9.4.0.Z.EUS:podman-plugins-debuginfo-4:4.9.4-20.el9_4.2.x86_64",
"AppStream-9.4.0.Z.EUS:podman-remote-4:4.9.4-20.el9_4.2.aarch64",
"AppStream-9.4.0.Z.EUS:podman-remote-4:4.9.4-20.el9_4.2.ppc64le",
"AppStream-9.4.0.Z.EUS:podman-remote-4:4.9.4-20.el9_4.2.s390x",
"AppStream-9.4.0.Z.EUS:podman-remote-4:4.9.4-20.el9_4.2.x86_64",
"AppStream-9.4.0.Z.EUS:podman-remote-debuginfo-4:4.9.4-20.el9_4.2.aarch64",
"AppStream-9.4.0.Z.EUS:podman-remote-debuginfo-4:4.9.4-20.el9_4.2.ppc64le",
"AppStream-9.4.0.Z.EUS:podman-remote-debuginfo-4:4.9.4-20.el9_4.2.s390x",
"AppStream-9.4.0.Z.EUS:podman-remote-debuginfo-4:4.9.4-20.el9_4.2.x86_64",
"AppStream-9.4.0.Z.EUS:podman-tests-4:4.9.4-20.el9_4.2.aarch64",
"AppStream-9.4.0.Z.EUS:podman-tests-4:4.9.4-20.el9_4.2.ppc64le",
"AppStream-9.4.0.Z.EUS:podman-tests-4:4.9.4-20.el9_4.2.s390x",
"AppStream-9.4.0.Z.EUS:podman-tests-4:4.9.4-20.el9_4.2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61726"
},
{
"category": "external",
"summary": "RHBZ#2434432",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2434432"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61726",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61726"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726"
},
{
"category": "external",
"summary": "https://go.dev/cl/736712",
"url": "https://go.dev/cl/736712"
},
{
"category": "external",
"summary": "https://go.dev/issue/77101",
"url": "https://go.dev/issue/77101"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc",
"url": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4341",
"url": "https://pkg.go.dev/vuln/GO-2026-4341"
}
],
"release_date": "2026-01-28T19:30:31.215000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-30T03:03:35+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.4.0.Z.EUS:podman-4:4.9.4-20.el9_4.2.aarch64",
"AppStream-9.4.0.Z.EUS:podman-4:4.9.4-20.el9_4.2.ppc64le",
"AppStream-9.4.0.Z.EUS:podman-4:4.9.4-20.el9_4.2.s390x",
"AppStream-9.4.0.Z.EUS:podman-4:4.9.4-20.el9_4.2.src",
"AppStream-9.4.0.Z.EUS:podman-4:4.9.4-20.el9_4.2.x86_64",
"AppStream-9.4.0.Z.EUS:podman-debuginfo-4:4.9.4-20.el9_4.2.aarch64",
"AppStream-9.4.0.Z.EUS:podman-debuginfo-4:4.9.4-20.el9_4.2.ppc64le",
"AppStream-9.4.0.Z.EUS:podman-debuginfo-4:4.9.4-20.el9_4.2.s390x",
"AppStream-9.4.0.Z.EUS:podman-debuginfo-4:4.9.4-20.el9_4.2.x86_64",
"AppStream-9.4.0.Z.EUS:podman-debugsource-4:4.9.4-20.el9_4.2.aarch64",
"AppStream-9.4.0.Z.EUS:podman-debugsource-4:4.9.4-20.el9_4.2.ppc64le",
"AppStream-9.4.0.Z.EUS:podman-debugsource-4:4.9.4-20.el9_4.2.s390x",
"AppStream-9.4.0.Z.EUS:podman-debugsource-4:4.9.4-20.el9_4.2.x86_64",
"AppStream-9.4.0.Z.EUS:podman-docker-4:4.9.4-20.el9_4.2.noarch",
"AppStream-9.4.0.Z.EUS:podman-plugins-4:4.9.4-20.el9_4.2.aarch64",
"AppStream-9.4.0.Z.EUS:podman-plugins-4:4.9.4-20.el9_4.2.ppc64le",
"AppStream-9.4.0.Z.EUS:podman-plugins-4:4.9.4-20.el9_4.2.s390x",
"AppStream-9.4.0.Z.EUS:podman-plugins-4:4.9.4-20.el9_4.2.x86_64",
"AppStream-9.4.0.Z.EUS:podman-plugins-debuginfo-4:4.9.4-20.el9_4.2.aarch64",
"AppStream-9.4.0.Z.EUS:podman-plugins-debuginfo-4:4.9.4-20.el9_4.2.ppc64le",
"AppStream-9.4.0.Z.EUS:podman-plugins-debuginfo-4:4.9.4-20.el9_4.2.s390x",
"AppStream-9.4.0.Z.EUS:podman-plugins-debuginfo-4:4.9.4-20.el9_4.2.x86_64",
"AppStream-9.4.0.Z.EUS:podman-remote-4:4.9.4-20.el9_4.2.aarch64",
"AppStream-9.4.0.Z.EUS:podman-remote-4:4.9.4-20.el9_4.2.ppc64le",
"AppStream-9.4.0.Z.EUS:podman-remote-4:4.9.4-20.el9_4.2.s390x",
"AppStream-9.4.0.Z.EUS:podman-remote-4:4.9.4-20.el9_4.2.x86_64",
"AppStream-9.4.0.Z.EUS:podman-remote-debuginfo-4:4.9.4-20.el9_4.2.aarch64",
"AppStream-9.4.0.Z.EUS:podman-remote-debuginfo-4:4.9.4-20.el9_4.2.ppc64le",
"AppStream-9.4.0.Z.EUS:podman-remote-debuginfo-4:4.9.4-20.el9_4.2.s390x",
"AppStream-9.4.0.Z.EUS:podman-remote-debuginfo-4:4.9.4-20.el9_4.2.x86_64",
"AppStream-9.4.0.Z.EUS:podman-tests-4:4.9.4-20.el9_4.2.aarch64",
"AppStream-9.4.0.Z.EUS:podman-tests-4:4.9.4-20.el9_4.2.ppc64le",
"AppStream-9.4.0.Z.EUS:podman-tests-4:4.9.4-20.el9_4.2.s390x",
"AppStream-9.4.0.Z.EUS:podman-tests-4:4.9.4-20.el9_4.2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:12028"
},
{
"category": "workaround",
"details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.",
"product_ids": [
"AppStream-9.4.0.Z.EUS:podman-4:4.9.4-20.el9_4.2.aarch64",
"AppStream-9.4.0.Z.EUS:podman-4:4.9.4-20.el9_4.2.ppc64le",
"AppStream-9.4.0.Z.EUS:podman-4:4.9.4-20.el9_4.2.s390x",
"AppStream-9.4.0.Z.EUS:podman-4:4.9.4-20.el9_4.2.src",
"AppStream-9.4.0.Z.EUS:podman-4:4.9.4-20.el9_4.2.x86_64",
"AppStream-9.4.0.Z.EUS:podman-debuginfo-4:4.9.4-20.el9_4.2.aarch64",
"AppStream-9.4.0.Z.EUS:podman-debuginfo-4:4.9.4-20.el9_4.2.ppc64le",
"AppStream-9.4.0.Z.EUS:podman-debuginfo-4:4.9.4-20.el9_4.2.s390x",
"AppStream-9.4.0.Z.EUS:podman-debuginfo-4:4.9.4-20.el9_4.2.x86_64",
"AppStream-9.4.0.Z.EUS:podman-debugsource-4:4.9.4-20.el9_4.2.aarch64",
"AppStream-9.4.0.Z.EUS:podman-debugsource-4:4.9.4-20.el9_4.2.ppc64le",
"AppStream-9.4.0.Z.EUS:podman-debugsource-4:4.9.4-20.el9_4.2.s390x",
"AppStream-9.4.0.Z.EUS:podman-debugsource-4:4.9.4-20.el9_4.2.x86_64",
"AppStream-9.4.0.Z.EUS:podman-docker-4:4.9.4-20.el9_4.2.noarch",
"AppStream-9.4.0.Z.EUS:podman-plugins-4:4.9.4-20.el9_4.2.aarch64",
"AppStream-9.4.0.Z.EUS:podman-plugins-4:4.9.4-20.el9_4.2.ppc64le",
"AppStream-9.4.0.Z.EUS:podman-plugins-4:4.9.4-20.el9_4.2.s390x",
"AppStream-9.4.0.Z.EUS:podman-plugins-4:4.9.4-20.el9_4.2.x86_64",
"AppStream-9.4.0.Z.EUS:podman-plugins-debuginfo-4:4.9.4-20.el9_4.2.aarch64",
"AppStream-9.4.0.Z.EUS:podman-plugins-debuginfo-4:4.9.4-20.el9_4.2.ppc64le",
"AppStream-9.4.0.Z.EUS:podman-plugins-debuginfo-4:4.9.4-20.el9_4.2.s390x",
"AppStream-9.4.0.Z.EUS:podman-plugins-debuginfo-4:4.9.4-20.el9_4.2.x86_64",
"AppStream-9.4.0.Z.EUS:podman-remote-4:4.9.4-20.el9_4.2.aarch64",
"AppStream-9.4.0.Z.EUS:podman-remote-4:4.9.4-20.el9_4.2.ppc64le",
"AppStream-9.4.0.Z.EUS:podman-remote-4:4.9.4-20.el9_4.2.s390x",
"AppStream-9.4.0.Z.EUS:podman-remote-4:4.9.4-20.el9_4.2.x86_64",
"AppStream-9.4.0.Z.EUS:podman-remote-debuginfo-4:4.9.4-20.el9_4.2.aarch64",
"AppStream-9.4.0.Z.EUS:podman-remote-debuginfo-4:4.9.4-20.el9_4.2.ppc64le",
"AppStream-9.4.0.Z.EUS:podman-remote-debuginfo-4:4.9.4-20.el9_4.2.s390x",
"AppStream-9.4.0.Z.EUS:podman-remote-debuginfo-4:4.9.4-20.el9_4.2.x86_64",
"AppStream-9.4.0.Z.EUS:podman-tests-4:4.9.4-20.el9_4.2.aarch64",
"AppStream-9.4.0.Z.EUS:podman-tests-4:4.9.4-20.el9_4.2.ppc64le",
"AppStream-9.4.0.Z.EUS:podman-tests-4:4.9.4-20.el9_4.2.s390x",
"AppStream-9.4.0.Z.EUS:podman-tests-4:4.9.4-20.el9_4.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.4.0.Z.EUS:podman-4:4.9.4-20.el9_4.2.aarch64",
"AppStream-9.4.0.Z.EUS:podman-4:4.9.4-20.el9_4.2.ppc64le",
"AppStream-9.4.0.Z.EUS:podman-4:4.9.4-20.el9_4.2.s390x",
"AppStream-9.4.0.Z.EUS:podman-4:4.9.4-20.el9_4.2.src",
"AppStream-9.4.0.Z.EUS:podman-4:4.9.4-20.el9_4.2.x86_64",
"AppStream-9.4.0.Z.EUS:podman-debuginfo-4:4.9.4-20.el9_4.2.aarch64",
"AppStream-9.4.0.Z.EUS:podman-debuginfo-4:4.9.4-20.el9_4.2.ppc64le",
"AppStream-9.4.0.Z.EUS:podman-debuginfo-4:4.9.4-20.el9_4.2.s390x",
"AppStream-9.4.0.Z.EUS:podman-debuginfo-4:4.9.4-20.el9_4.2.x86_64",
"AppStream-9.4.0.Z.EUS:podman-debugsource-4:4.9.4-20.el9_4.2.aarch64",
"AppStream-9.4.0.Z.EUS:podman-debugsource-4:4.9.4-20.el9_4.2.ppc64le",
"AppStream-9.4.0.Z.EUS:podman-debugsource-4:4.9.4-20.el9_4.2.s390x",
"AppStream-9.4.0.Z.EUS:podman-debugsource-4:4.9.4-20.el9_4.2.x86_64",
"AppStream-9.4.0.Z.EUS:podman-docker-4:4.9.4-20.el9_4.2.noarch",
"AppStream-9.4.0.Z.EUS:podman-plugins-4:4.9.4-20.el9_4.2.aarch64",
"AppStream-9.4.0.Z.EUS:podman-plugins-4:4.9.4-20.el9_4.2.ppc64le",
"AppStream-9.4.0.Z.EUS:podman-plugins-4:4.9.4-20.el9_4.2.s390x",
"AppStream-9.4.0.Z.EUS:podman-plugins-4:4.9.4-20.el9_4.2.x86_64",
"AppStream-9.4.0.Z.EUS:podman-plugins-debuginfo-4:4.9.4-20.el9_4.2.aarch64",
"AppStream-9.4.0.Z.EUS:podman-plugins-debuginfo-4:4.9.4-20.el9_4.2.ppc64le",
"AppStream-9.4.0.Z.EUS:podman-plugins-debuginfo-4:4.9.4-20.el9_4.2.s390x",
"AppStream-9.4.0.Z.EUS:podman-plugins-debuginfo-4:4.9.4-20.el9_4.2.x86_64",
"AppStream-9.4.0.Z.EUS:podman-remote-4:4.9.4-20.el9_4.2.aarch64",
"AppStream-9.4.0.Z.EUS:podman-remote-4:4.9.4-20.el9_4.2.ppc64le",
"AppStream-9.4.0.Z.EUS:podman-remote-4:4.9.4-20.el9_4.2.s390x",
"AppStream-9.4.0.Z.EUS:podman-remote-4:4.9.4-20.el9_4.2.x86_64",
"AppStream-9.4.0.Z.EUS:podman-remote-debuginfo-4:4.9.4-20.el9_4.2.aarch64",
"AppStream-9.4.0.Z.EUS:podman-remote-debuginfo-4:4.9.4-20.el9_4.2.ppc64le",
"AppStream-9.4.0.Z.EUS:podman-remote-debuginfo-4:4.9.4-20.el9_4.2.s390x",
"AppStream-9.4.0.Z.EUS:podman-remote-debuginfo-4:4.9.4-20.el9_4.2.x86_64",
"AppStream-9.4.0.Z.EUS:podman-tests-4:4.9.4-20.el9_4.2.aarch64",
"AppStream-9.4.0.Z.EUS:podman-tests-4:4.9.4-20.el9_4.2.ppc64le",
"AppStream-9.4.0.Z.EUS:podman-tests-4:4.9.4-20.el9_4.2.s390x",
"AppStream-9.4.0.Z.EUS:podman-tests-4:4.9.4-20.el9_4.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang: net/url: Memory exhaustion in query parameter parsing in net/url"
},
{
"cve": "CVE-2025-61728",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-01-28T20:01:39.965024+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2434431"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the archive/zip package in the Go standard library. A super-linear file name indexing algorithm is used in the first time a file in an archive is opened. A crafted zip archive containing a specific arrangement of file names can cause an excessive CPU and memory consumption. A Go application processing a malicious archive can become unresponsive or crash, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker needs to be able to process a malicious zip archive with an application using the archive/zip package. Additionally, this vulnerability can cause a Go application to consume an excessive amount of CPU and memory, eventually resulting in a denial of service with no other security impact. Due to these reasons, this flaw has been rated with a moderate severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.4.0.Z.EUS:podman-4:4.9.4-20.el9_4.2.aarch64",
"AppStream-9.4.0.Z.EUS:podman-4:4.9.4-20.el9_4.2.ppc64le",
"AppStream-9.4.0.Z.EUS:podman-4:4.9.4-20.el9_4.2.s390x",
"AppStream-9.4.0.Z.EUS:podman-4:4.9.4-20.el9_4.2.src",
"AppStream-9.4.0.Z.EUS:podman-4:4.9.4-20.el9_4.2.x86_64",
"AppStream-9.4.0.Z.EUS:podman-debuginfo-4:4.9.4-20.el9_4.2.aarch64",
"AppStream-9.4.0.Z.EUS:podman-debuginfo-4:4.9.4-20.el9_4.2.ppc64le",
"AppStream-9.4.0.Z.EUS:podman-debuginfo-4:4.9.4-20.el9_4.2.s390x",
"AppStream-9.4.0.Z.EUS:podman-debuginfo-4:4.9.4-20.el9_4.2.x86_64",
"AppStream-9.4.0.Z.EUS:podman-debugsource-4:4.9.4-20.el9_4.2.aarch64",
"AppStream-9.4.0.Z.EUS:podman-debugsource-4:4.9.4-20.el9_4.2.ppc64le",
"AppStream-9.4.0.Z.EUS:podman-debugsource-4:4.9.4-20.el9_4.2.s390x",
"AppStream-9.4.0.Z.EUS:podman-debugsource-4:4.9.4-20.el9_4.2.x86_64",
"AppStream-9.4.0.Z.EUS:podman-docker-4:4.9.4-20.el9_4.2.noarch",
"AppStream-9.4.0.Z.EUS:podman-plugins-4:4.9.4-20.el9_4.2.aarch64",
"AppStream-9.4.0.Z.EUS:podman-plugins-4:4.9.4-20.el9_4.2.ppc64le",
"AppStream-9.4.0.Z.EUS:podman-plugins-4:4.9.4-20.el9_4.2.s390x",
"AppStream-9.4.0.Z.EUS:podman-plugins-4:4.9.4-20.el9_4.2.x86_64",
"AppStream-9.4.0.Z.EUS:podman-plugins-debuginfo-4:4.9.4-20.el9_4.2.aarch64",
"AppStream-9.4.0.Z.EUS:podman-plugins-debuginfo-4:4.9.4-20.el9_4.2.ppc64le",
"AppStream-9.4.0.Z.EUS:podman-plugins-debuginfo-4:4.9.4-20.el9_4.2.s390x",
"AppStream-9.4.0.Z.EUS:podman-plugins-debuginfo-4:4.9.4-20.el9_4.2.x86_64",
"AppStream-9.4.0.Z.EUS:podman-remote-4:4.9.4-20.el9_4.2.aarch64",
"AppStream-9.4.0.Z.EUS:podman-remote-4:4.9.4-20.el9_4.2.ppc64le",
"AppStream-9.4.0.Z.EUS:podman-remote-4:4.9.4-20.el9_4.2.s390x",
"AppStream-9.4.0.Z.EUS:podman-remote-4:4.9.4-20.el9_4.2.x86_64",
"AppStream-9.4.0.Z.EUS:podman-remote-debuginfo-4:4.9.4-20.el9_4.2.aarch64",
"AppStream-9.4.0.Z.EUS:podman-remote-debuginfo-4:4.9.4-20.el9_4.2.ppc64le",
"AppStream-9.4.0.Z.EUS:podman-remote-debuginfo-4:4.9.4-20.el9_4.2.s390x",
"AppStream-9.4.0.Z.EUS:podman-remote-debuginfo-4:4.9.4-20.el9_4.2.x86_64",
"AppStream-9.4.0.Z.EUS:podman-tests-4:4.9.4-20.el9_4.2.aarch64",
"AppStream-9.4.0.Z.EUS:podman-tests-4:4.9.4-20.el9_4.2.ppc64le",
"AppStream-9.4.0.Z.EUS:podman-tests-4:4.9.4-20.el9_4.2.s390x",
"AppStream-9.4.0.Z.EUS:podman-tests-4:4.9.4-20.el9_4.2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61728"
},
{
"category": "external",
"summary": "RHBZ#2434431",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2434431"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61728",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61728"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61728",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61728"
},
{
"category": "external",
"summary": "https://go.dev/cl/736713",
"url": "https://go.dev/cl/736713"
},
{
"category": "external",
"summary": "https://go.dev/issue/77102",
"url": "https://go.dev/issue/77102"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc",
"url": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4342",
"url": "https://pkg.go.dev/vuln/GO-2026-4342"
}
],
"release_date": "2026-01-28T19:30:31.354000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-30T03:03:35+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.4.0.Z.EUS:podman-4:4.9.4-20.el9_4.2.aarch64",
"AppStream-9.4.0.Z.EUS:podman-4:4.9.4-20.el9_4.2.ppc64le",
"AppStream-9.4.0.Z.EUS:podman-4:4.9.4-20.el9_4.2.s390x",
"AppStream-9.4.0.Z.EUS:podman-4:4.9.4-20.el9_4.2.src",
"AppStream-9.4.0.Z.EUS:podman-4:4.9.4-20.el9_4.2.x86_64",
"AppStream-9.4.0.Z.EUS:podman-debuginfo-4:4.9.4-20.el9_4.2.aarch64",
"AppStream-9.4.0.Z.EUS:podman-debuginfo-4:4.9.4-20.el9_4.2.ppc64le",
"AppStream-9.4.0.Z.EUS:podman-debuginfo-4:4.9.4-20.el9_4.2.s390x",
"AppStream-9.4.0.Z.EUS:podman-debuginfo-4:4.9.4-20.el9_4.2.x86_64",
"AppStream-9.4.0.Z.EUS:podman-debugsource-4:4.9.4-20.el9_4.2.aarch64",
"AppStream-9.4.0.Z.EUS:podman-debugsource-4:4.9.4-20.el9_4.2.ppc64le",
"AppStream-9.4.0.Z.EUS:podman-debugsource-4:4.9.4-20.el9_4.2.s390x",
"AppStream-9.4.0.Z.EUS:podman-debugsource-4:4.9.4-20.el9_4.2.x86_64",
"AppStream-9.4.0.Z.EUS:podman-docker-4:4.9.4-20.el9_4.2.noarch",
"AppStream-9.4.0.Z.EUS:podman-plugins-4:4.9.4-20.el9_4.2.aarch64",
"AppStream-9.4.0.Z.EUS:podman-plugins-4:4.9.4-20.el9_4.2.ppc64le",
"AppStream-9.4.0.Z.EUS:podman-plugins-4:4.9.4-20.el9_4.2.s390x",
"AppStream-9.4.0.Z.EUS:podman-plugins-4:4.9.4-20.el9_4.2.x86_64",
"AppStream-9.4.0.Z.EUS:podman-plugins-debuginfo-4:4.9.4-20.el9_4.2.aarch64",
"AppStream-9.4.0.Z.EUS:podman-plugins-debuginfo-4:4.9.4-20.el9_4.2.ppc64le",
"AppStream-9.4.0.Z.EUS:podman-plugins-debuginfo-4:4.9.4-20.el9_4.2.s390x",
"AppStream-9.4.0.Z.EUS:podman-plugins-debuginfo-4:4.9.4-20.el9_4.2.x86_64",
"AppStream-9.4.0.Z.EUS:podman-remote-4:4.9.4-20.el9_4.2.aarch64",
"AppStream-9.4.0.Z.EUS:podman-remote-4:4.9.4-20.el9_4.2.ppc64le",
"AppStream-9.4.0.Z.EUS:podman-remote-4:4.9.4-20.el9_4.2.s390x",
"AppStream-9.4.0.Z.EUS:podman-remote-4:4.9.4-20.el9_4.2.x86_64",
"AppStream-9.4.0.Z.EUS:podman-remote-debuginfo-4:4.9.4-20.el9_4.2.aarch64",
"AppStream-9.4.0.Z.EUS:podman-remote-debuginfo-4:4.9.4-20.el9_4.2.ppc64le",
"AppStream-9.4.0.Z.EUS:podman-remote-debuginfo-4:4.9.4-20.el9_4.2.s390x",
"AppStream-9.4.0.Z.EUS:podman-remote-debuginfo-4:4.9.4-20.el9_4.2.x86_64",
"AppStream-9.4.0.Z.EUS:podman-tests-4:4.9.4-20.el9_4.2.aarch64",
"AppStream-9.4.0.Z.EUS:podman-tests-4:4.9.4-20.el9_4.2.ppc64le",
"AppStream-9.4.0.Z.EUS:podman-tests-4:4.9.4-20.el9_4.2.s390x",
"AppStream-9.4.0.Z.EUS:podman-tests-4:4.9.4-20.el9_4.2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:12028"
},
{
"category": "workaround",
"details": "To mitigate this vulnerability, implement a timeout in your archive/zip processing logic to abort the operation if it exceeds a few seconds, preventing the application from consuming an excessive amount of resources.",
"product_ids": [
"AppStream-9.4.0.Z.EUS:podman-4:4.9.4-20.el9_4.2.aarch64",
"AppStream-9.4.0.Z.EUS:podman-4:4.9.4-20.el9_4.2.ppc64le",
"AppStream-9.4.0.Z.EUS:podman-4:4.9.4-20.el9_4.2.s390x",
"AppStream-9.4.0.Z.EUS:podman-4:4.9.4-20.el9_4.2.src",
"AppStream-9.4.0.Z.EUS:podman-4:4.9.4-20.el9_4.2.x86_64",
"AppStream-9.4.0.Z.EUS:podman-debuginfo-4:4.9.4-20.el9_4.2.aarch64",
"AppStream-9.4.0.Z.EUS:podman-debuginfo-4:4.9.4-20.el9_4.2.ppc64le",
"AppStream-9.4.0.Z.EUS:podman-debuginfo-4:4.9.4-20.el9_4.2.s390x",
"AppStream-9.4.0.Z.EUS:podman-debuginfo-4:4.9.4-20.el9_4.2.x86_64",
"AppStream-9.4.0.Z.EUS:podman-debugsource-4:4.9.4-20.el9_4.2.aarch64",
"AppStream-9.4.0.Z.EUS:podman-debugsource-4:4.9.4-20.el9_4.2.ppc64le",
"AppStream-9.4.0.Z.EUS:podman-debugsource-4:4.9.4-20.el9_4.2.s390x",
"AppStream-9.4.0.Z.EUS:podman-debugsource-4:4.9.4-20.el9_4.2.x86_64",
"AppStream-9.4.0.Z.EUS:podman-docker-4:4.9.4-20.el9_4.2.noarch",
"AppStream-9.4.0.Z.EUS:podman-plugins-4:4.9.4-20.el9_4.2.aarch64",
"AppStream-9.4.0.Z.EUS:podman-plugins-4:4.9.4-20.el9_4.2.ppc64le",
"AppStream-9.4.0.Z.EUS:podman-plugins-4:4.9.4-20.el9_4.2.s390x",
"AppStream-9.4.0.Z.EUS:podman-plugins-4:4.9.4-20.el9_4.2.x86_64",
"AppStream-9.4.0.Z.EUS:podman-plugins-debuginfo-4:4.9.4-20.el9_4.2.aarch64",
"AppStream-9.4.0.Z.EUS:podman-plugins-debuginfo-4:4.9.4-20.el9_4.2.ppc64le",
"AppStream-9.4.0.Z.EUS:podman-plugins-debuginfo-4:4.9.4-20.el9_4.2.s390x",
"AppStream-9.4.0.Z.EUS:podman-plugins-debuginfo-4:4.9.4-20.el9_4.2.x86_64",
"AppStream-9.4.0.Z.EUS:podman-remote-4:4.9.4-20.el9_4.2.aarch64",
"AppStream-9.4.0.Z.EUS:podman-remote-4:4.9.4-20.el9_4.2.ppc64le",
"AppStream-9.4.0.Z.EUS:podman-remote-4:4.9.4-20.el9_4.2.s390x",
"AppStream-9.4.0.Z.EUS:podman-remote-4:4.9.4-20.el9_4.2.x86_64",
"AppStream-9.4.0.Z.EUS:podman-remote-debuginfo-4:4.9.4-20.el9_4.2.aarch64",
"AppStream-9.4.0.Z.EUS:podman-remote-debuginfo-4:4.9.4-20.el9_4.2.ppc64le",
"AppStream-9.4.0.Z.EUS:podman-remote-debuginfo-4:4.9.4-20.el9_4.2.s390x",
"AppStream-9.4.0.Z.EUS:podman-remote-debuginfo-4:4.9.4-20.el9_4.2.x86_64",
"AppStream-9.4.0.Z.EUS:podman-tests-4:4.9.4-20.el9_4.2.aarch64",
"AppStream-9.4.0.Z.EUS:podman-tests-4:4.9.4-20.el9_4.2.ppc64le",
"AppStream-9.4.0.Z.EUS:podman-tests-4:4.9.4-20.el9_4.2.s390x",
"AppStream-9.4.0.Z.EUS:podman-tests-4:4.9.4-20.el9_4.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.4.0.Z.EUS:podman-4:4.9.4-20.el9_4.2.aarch64",
"AppStream-9.4.0.Z.EUS:podman-4:4.9.4-20.el9_4.2.ppc64le",
"AppStream-9.4.0.Z.EUS:podman-4:4.9.4-20.el9_4.2.s390x",
"AppStream-9.4.0.Z.EUS:podman-4:4.9.4-20.el9_4.2.src",
"AppStream-9.4.0.Z.EUS:podman-4:4.9.4-20.el9_4.2.x86_64",
"AppStream-9.4.0.Z.EUS:podman-debuginfo-4:4.9.4-20.el9_4.2.aarch64",
"AppStream-9.4.0.Z.EUS:podman-debuginfo-4:4.9.4-20.el9_4.2.ppc64le",
"AppStream-9.4.0.Z.EUS:podman-debuginfo-4:4.9.4-20.el9_4.2.s390x",
"AppStream-9.4.0.Z.EUS:podman-debuginfo-4:4.9.4-20.el9_4.2.x86_64",
"AppStream-9.4.0.Z.EUS:podman-debugsource-4:4.9.4-20.el9_4.2.aarch64",
"AppStream-9.4.0.Z.EUS:podman-debugsource-4:4.9.4-20.el9_4.2.ppc64le",
"AppStream-9.4.0.Z.EUS:podman-debugsource-4:4.9.4-20.el9_4.2.s390x",
"AppStream-9.4.0.Z.EUS:podman-debugsource-4:4.9.4-20.el9_4.2.x86_64",
"AppStream-9.4.0.Z.EUS:podman-docker-4:4.9.4-20.el9_4.2.noarch",
"AppStream-9.4.0.Z.EUS:podman-plugins-4:4.9.4-20.el9_4.2.aarch64",
"AppStream-9.4.0.Z.EUS:podman-plugins-4:4.9.4-20.el9_4.2.ppc64le",
"AppStream-9.4.0.Z.EUS:podman-plugins-4:4.9.4-20.el9_4.2.s390x",
"AppStream-9.4.0.Z.EUS:podman-plugins-4:4.9.4-20.el9_4.2.x86_64",
"AppStream-9.4.0.Z.EUS:podman-plugins-debuginfo-4:4.9.4-20.el9_4.2.aarch64",
"AppStream-9.4.0.Z.EUS:podman-plugins-debuginfo-4:4.9.4-20.el9_4.2.ppc64le",
"AppStream-9.4.0.Z.EUS:podman-plugins-debuginfo-4:4.9.4-20.el9_4.2.s390x",
"AppStream-9.4.0.Z.EUS:podman-plugins-debuginfo-4:4.9.4-20.el9_4.2.x86_64",
"AppStream-9.4.0.Z.EUS:podman-remote-4:4.9.4-20.el9_4.2.aarch64",
"AppStream-9.4.0.Z.EUS:podman-remote-4:4.9.4-20.el9_4.2.ppc64le",
"AppStream-9.4.0.Z.EUS:podman-remote-4:4.9.4-20.el9_4.2.s390x",
"AppStream-9.4.0.Z.EUS:podman-remote-4:4.9.4-20.el9_4.2.x86_64",
"AppStream-9.4.0.Z.EUS:podman-remote-debuginfo-4:4.9.4-20.el9_4.2.aarch64",
"AppStream-9.4.0.Z.EUS:podman-remote-debuginfo-4:4.9.4-20.el9_4.2.ppc64le",
"AppStream-9.4.0.Z.EUS:podman-remote-debuginfo-4:4.9.4-20.el9_4.2.s390x",
"AppStream-9.4.0.Z.EUS:podman-remote-debuginfo-4:4.9.4-20.el9_4.2.x86_64",
"AppStream-9.4.0.Z.EUS:podman-tests-4:4.9.4-20.el9_4.2.aarch64",
"AppStream-9.4.0.Z.EUS:podman-tests-4:4.9.4-20.el9_4.2.ppc64le",
"AppStream-9.4.0.Z.EUS:podman-tests-4:4.9.4-20.el9_4.2.s390x",
"AppStream-9.4.0.Z.EUS:podman-tests-4:4.9.4-20.el9_4.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip"
},
{
"cve": "CVE-2025-61729",
"cwe": {
"id": "CWE-1050",
"name": "Excessive Platform Resource Consumption within a Loop"
},
"discovery_date": "2025-12-02T20:01:45.330964+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2418462"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the `HostnameError.Error()` function. This flaw, caused by unbounded string concatenation, leads to excessive resource consumption. Successful exploitation can result in a denial of service (DoS) for the affected system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.4.0.Z.EUS:podman-4:4.9.4-20.el9_4.2.aarch64",
"AppStream-9.4.0.Z.EUS:podman-4:4.9.4-20.el9_4.2.ppc64le",
"AppStream-9.4.0.Z.EUS:podman-4:4.9.4-20.el9_4.2.s390x",
"AppStream-9.4.0.Z.EUS:podman-4:4.9.4-20.el9_4.2.src",
"AppStream-9.4.0.Z.EUS:podman-4:4.9.4-20.el9_4.2.x86_64",
"AppStream-9.4.0.Z.EUS:podman-debuginfo-4:4.9.4-20.el9_4.2.aarch64",
"AppStream-9.4.0.Z.EUS:podman-debuginfo-4:4.9.4-20.el9_4.2.ppc64le",
"AppStream-9.4.0.Z.EUS:podman-debuginfo-4:4.9.4-20.el9_4.2.s390x",
"AppStream-9.4.0.Z.EUS:podman-debuginfo-4:4.9.4-20.el9_4.2.x86_64",
"AppStream-9.4.0.Z.EUS:podman-debugsource-4:4.9.4-20.el9_4.2.aarch64",
"AppStream-9.4.0.Z.EUS:podman-debugsource-4:4.9.4-20.el9_4.2.ppc64le",
"AppStream-9.4.0.Z.EUS:podman-debugsource-4:4.9.4-20.el9_4.2.s390x",
"AppStream-9.4.0.Z.EUS:podman-debugsource-4:4.9.4-20.el9_4.2.x86_64",
"AppStream-9.4.0.Z.EUS:podman-docker-4:4.9.4-20.el9_4.2.noarch",
"AppStream-9.4.0.Z.EUS:podman-plugins-4:4.9.4-20.el9_4.2.aarch64",
"AppStream-9.4.0.Z.EUS:podman-plugins-4:4.9.4-20.el9_4.2.ppc64le",
"AppStream-9.4.0.Z.EUS:podman-plugins-4:4.9.4-20.el9_4.2.s390x",
"AppStream-9.4.0.Z.EUS:podman-plugins-4:4.9.4-20.el9_4.2.x86_64",
"AppStream-9.4.0.Z.EUS:podman-plugins-debuginfo-4:4.9.4-20.el9_4.2.aarch64",
"AppStream-9.4.0.Z.EUS:podman-plugins-debuginfo-4:4.9.4-20.el9_4.2.ppc64le",
"AppStream-9.4.0.Z.EUS:podman-plugins-debuginfo-4:4.9.4-20.el9_4.2.s390x",
"AppStream-9.4.0.Z.EUS:podman-plugins-debuginfo-4:4.9.4-20.el9_4.2.x86_64",
"AppStream-9.4.0.Z.EUS:podman-remote-4:4.9.4-20.el9_4.2.aarch64",
"AppStream-9.4.0.Z.EUS:podman-remote-4:4.9.4-20.el9_4.2.ppc64le",
"AppStream-9.4.0.Z.EUS:podman-remote-4:4.9.4-20.el9_4.2.s390x",
"AppStream-9.4.0.Z.EUS:podman-remote-4:4.9.4-20.el9_4.2.x86_64",
"AppStream-9.4.0.Z.EUS:podman-remote-debuginfo-4:4.9.4-20.el9_4.2.aarch64",
"AppStream-9.4.0.Z.EUS:podman-remote-debuginfo-4:4.9.4-20.el9_4.2.ppc64le",
"AppStream-9.4.0.Z.EUS:podman-remote-debuginfo-4:4.9.4-20.el9_4.2.s390x",
"AppStream-9.4.0.Z.EUS:podman-remote-debuginfo-4:4.9.4-20.el9_4.2.x86_64",
"AppStream-9.4.0.Z.EUS:podman-tests-4:4.9.4-20.el9_4.2.aarch64",
"AppStream-9.4.0.Z.EUS:podman-tests-4:4.9.4-20.el9_4.2.ppc64le",
"AppStream-9.4.0.Z.EUS:podman-tests-4:4.9.4-20.el9_4.2.s390x",
"AppStream-9.4.0.Z.EUS:podman-tests-4:4.9.4-20.el9_4.2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61729"
},
{
"category": "external",
"summary": "RHBZ#2418462",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418462"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61729",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61729"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61729",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61729"
},
{
"category": "external",
"summary": "https://go.dev/cl/725920",
"url": "https://go.dev/cl/725920"
},
{
"category": "external",
"summary": "https://go.dev/issue/76445",
"url": "https://go.dev/issue/76445"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4",
"url": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-4155",
"url": "https://pkg.go.dev/vuln/GO-2025-4155"
}
],
"release_date": "2025-12-02T18:54:10.166000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-30T03:03:35+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.4.0.Z.EUS:podman-4:4.9.4-20.el9_4.2.aarch64",
"AppStream-9.4.0.Z.EUS:podman-4:4.9.4-20.el9_4.2.ppc64le",
"AppStream-9.4.0.Z.EUS:podman-4:4.9.4-20.el9_4.2.s390x",
"AppStream-9.4.0.Z.EUS:podman-4:4.9.4-20.el9_4.2.src",
"AppStream-9.4.0.Z.EUS:podman-4:4.9.4-20.el9_4.2.x86_64",
"AppStream-9.4.0.Z.EUS:podman-debuginfo-4:4.9.4-20.el9_4.2.aarch64",
"AppStream-9.4.0.Z.EUS:podman-debuginfo-4:4.9.4-20.el9_4.2.ppc64le",
"AppStream-9.4.0.Z.EUS:podman-debuginfo-4:4.9.4-20.el9_4.2.s390x",
"AppStream-9.4.0.Z.EUS:podman-debuginfo-4:4.9.4-20.el9_4.2.x86_64",
"AppStream-9.4.0.Z.EUS:podman-debugsource-4:4.9.4-20.el9_4.2.aarch64",
"AppStream-9.4.0.Z.EUS:podman-debugsource-4:4.9.4-20.el9_4.2.ppc64le",
"AppStream-9.4.0.Z.EUS:podman-debugsource-4:4.9.4-20.el9_4.2.s390x",
"AppStream-9.4.0.Z.EUS:podman-debugsource-4:4.9.4-20.el9_4.2.x86_64",
"AppStream-9.4.0.Z.EUS:podman-docker-4:4.9.4-20.el9_4.2.noarch",
"AppStream-9.4.0.Z.EUS:podman-plugins-4:4.9.4-20.el9_4.2.aarch64",
"AppStream-9.4.0.Z.EUS:podman-plugins-4:4.9.4-20.el9_4.2.ppc64le",
"AppStream-9.4.0.Z.EUS:podman-plugins-4:4.9.4-20.el9_4.2.s390x",
"AppStream-9.4.0.Z.EUS:podman-plugins-4:4.9.4-20.el9_4.2.x86_64",
"AppStream-9.4.0.Z.EUS:podman-plugins-debuginfo-4:4.9.4-20.el9_4.2.aarch64",
"AppStream-9.4.0.Z.EUS:podman-plugins-debuginfo-4:4.9.4-20.el9_4.2.ppc64le",
"AppStream-9.4.0.Z.EUS:podman-plugins-debuginfo-4:4.9.4-20.el9_4.2.s390x",
"AppStream-9.4.0.Z.EUS:podman-plugins-debuginfo-4:4.9.4-20.el9_4.2.x86_64",
"AppStream-9.4.0.Z.EUS:podman-remote-4:4.9.4-20.el9_4.2.aarch64",
"AppStream-9.4.0.Z.EUS:podman-remote-4:4.9.4-20.el9_4.2.ppc64le",
"AppStream-9.4.0.Z.EUS:podman-remote-4:4.9.4-20.el9_4.2.s390x",
"AppStream-9.4.0.Z.EUS:podman-remote-4:4.9.4-20.el9_4.2.x86_64",
"AppStream-9.4.0.Z.EUS:podman-remote-debuginfo-4:4.9.4-20.el9_4.2.aarch64",
"AppStream-9.4.0.Z.EUS:podman-remote-debuginfo-4:4.9.4-20.el9_4.2.ppc64le",
"AppStream-9.4.0.Z.EUS:podman-remote-debuginfo-4:4.9.4-20.el9_4.2.s390x",
"AppStream-9.4.0.Z.EUS:podman-remote-debuginfo-4:4.9.4-20.el9_4.2.x86_64",
"AppStream-9.4.0.Z.EUS:podman-tests-4:4.9.4-20.el9_4.2.aarch64",
"AppStream-9.4.0.Z.EUS:podman-tests-4:4.9.4-20.el9_4.2.ppc64le",
"AppStream-9.4.0.Z.EUS:podman-tests-4:4.9.4-20.el9_4.2.s390x",
"AppStream-9.4.0.Z.EUS:podman-tests-4:4.9.4-20.el9_4.2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:12028"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.4.0.Z.EUS:podman-4:4.9.4-20.el9_4.2.aarch64",
"AppStream-9.4.0.Z.EUS:podman-4:4.9.4-20.el9_4.2.ppc64le",
"AppStream-9.4.0.Z.EUS:podman-4:4.9.4-20.el9_4.2.s390x",
"AppStream-9.4.0.Z.EUS:podman-4:4.9.4-20.el9_4.2.src",
"AppStream-9.4.0.Z.EUS:podman-4:4.9.4-20.el9_4.2.x86_64",
"AppStream-9.4.0.Z.EUS:podman-debuginfo-4:4.9.4-20.el9_4.2.aarch64",
"AppStream-9.4.0.Z.EUS:podman-debuginfo-4:4.9.4-20.el9_4.2.ppc64le",
"AppStream-9.4.0.Z.EUS:podman-debuginfo-4:4.9.4-20.el9_4.2.s390x",
"AppStream-9.4.0.Z.EUS:podman-debuginfo-4:4.9.4-20.el9_4.2.x86_64",
"AppStream-9.4.0.Z.EUS:podman-debugsource-4:4.9.4-20.el9_4.2.aarch64",
"AppStream-9.4.0.Z.EUS:podman-debugsource-4:4.9.4-20.el9_4.2.ppc64le",
"AppStream-9.4.0.Z.EUS:podman-debugsource-4:4.9.4-20.el9_4.2.s390x",
"AppStream-9.4.0.Z.EUS:podman-debugsource-4:4.9.4-20.el9_4.2.x86_64",
"AppStream-9.4.0.Z.EUS:podman-docker-4:4.9.4-20.el9_4.2.noarch",
"AppStream-9.4.0.Z.EUS:podman-plugins-4:4.9.4-20.el9_4.2.aarch64",
"AppStream-9.4.0.Z.EUS:podman-plugins-4:4.9.4-20.el9_4.2.ppc64le",
"AppStream-9.4.0.Z.EUS:podman-plugins-4:4.9.4-20.el9_4.2.s390x",
"AppStream-9.4.0.Z.EUS:podman-plugins-4:4.9.4-20.el9_4.2.x86_64",
"AppStream-9.4.0.Z.EUS:podman-plugins-debuginfo-4:4.9.4-20.el9_4.2.aarch64",
"AppStream-9.4.0.Z.EUS:podman-plugins-debuginfo-4:4.9.4-20.el9_4.2.ppc64le",
"AppStream-9.4.0.Z.EUS:podman-plugins-debuginfo-4:4.9.4-20.el9_4.2.s390x",
"AppStream-9.4.0.Z.EUS:podman-plugins-debuginfo-4:4.9.4-20.el9_4.2.x86_64",
"AppStream-9.4.0.Z.EUS:podman-remote-4:4.9.4-20.el9_4.2.aarch64",
"AppStream-9.4.0.Z.EUS:podman-remote-4:4.9.4-20.el9_4.2.ppc64le",
"AppStream-9.4.0.Z.EUS:podman-remote-4:4.9.4-20.el9_4.2.s390x",
"AppStream-9.4.0.Z.EUS:podman-remote-4:4.9.4-20.el9_4.2.x86_64",
"AppStream-9.4.0.Z.EUS:podman-remote-debuginfo-4:4.9.4-20.el9_4.2.aarch64",
"AppStream-9.4.0.Z.EUS:podman-remote-debuginfo-4:4.9.4-20.el9_4.2.ppc64le",
"AppStream-9.4.0.Z.EUS:podman-remote-debuginfo-4:4.9.4-20.el9_4.2.s390x",
"AppStream-9.4.0.Z.EUS:podman-remote-debuginfo-4:4.9.4-20.el9_4.2.x86_64",
"AppStream-9.4.0.Z.EUS:podman-tests-4:4.9.4-20.el9_4.2.aarch64",
"AppStream-9.4.0.Z.EUS:podman-tests-4:4.9.4-20.el9_4.2.ppc64le",
"AppStream-9.4.0.Z.EUS:podman-tests-4:4.9.4-20.el9_4.2.s390x",
"AppStream-9.4.0.Z.EUS:podman-tests-4:4.9.4-20.el9_4.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate"
},
{
"cve": "CVE-2025-68121",
"discovery_date": "2026-02-05T18:01:30.086058+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2437111"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the crypto/tls component. This vulnerability occurs during Transport Layer Security (TLS) session resumption when certificate authority (CA) settings are modified between the initial and resumed handshakes. An attacker could exploit this to bypass certificate validation, allowing a client or server to establish a connection that should have been rejected. This could lead to an authentication bypass under specific conditions.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is a moderate flaw because it only occurs under specific conditions, such as TLS session resumption with runtime changes to certificate authority settings. Exploitation is not straightforward and requires a controlled setup. The impact is limited to certificate validation within the same component and does not affect system availability.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.4.0.Z.EUS:podman-4:4.9.4-20.el9_4.2.aarch64",
"AppStream-9.4.0.Z.EUS:podman-4:4.9.4-20.el9_4.2.ppc64le",
"AppStream-9.4.0.Z.EUS:podman-4:4.9.4-20.el9_4.2.s390x",
"AppStream-9.4.0.Z.EUS:podman-4:4.9.4-20.el9_4.2.src",
"AppStream-9.4.0.Z.EUS:podman-4:4.9.4-20.el9_4.2.x86_64",
"AppStream-9.4.0.Z.EUS:podman-debuginfo-4:4.9.4-20.el9_4.2.aarch64",
"AppStream-9.4.0.Z.EUS:podman-debuginfo-4:4.9.4-20.el9_4.2.ppc64le",
"AppStream-9.4.0.Z.EUS:podman-debuginfo-4:4.9.4-20.el9_4.2.s390x",
"AppStream-9.4.0.Z.EUS:podman-debuginfo-4:4.9.4-20.el9_4.2.x86_64",
"AppStream-9.4.0.Z.EUS:podman-debugsource-4:4.9.4-20.el9_4.2.aarch64",
"AppStream-9.4.0.Z.EUS:podman-debugsource-4:4.9.4-20.el9_4.2.ppc64le",
"AppStream-9.4.0.Z.EUS:podman-debugsource-4:4.9.4-20.el9_4.2.s390x",
"AppStream-9.4.0.Z.EUS:podman-debugsource-4:4.9.4-20.el9_4.2.x86_64",
"AppStream-9.4.0.Z.EUS:podman-docker-4:4.9.4-20.el9_4.2.noarch",
"AppStream-9.4.0.Z.EUS:podman-plugins-4:4.9.4-20.el9_4.2.aarch64",
"AppStream-9.4.0.Z.EUS:podman-plugins-4:4.9.4-20.el9_4.2.ppc64le",
"AppStream-9.4.0.Z.EUS:podman-plugins-4:4.9.4-20.el9_4.2.s390x",
"AppStream-9.4.0.Z.EUS:podman-plugins-4:4.9.4-20.el9_4.2.x86_64",
"AppStream-9.4.0.Z.EUS:podman-plugins-debuginfo-4:4.9.4-20.el9_4.2.aarch64",
"AppStream-9.4.0.Z.EUS:podman-plugins-debuginfo-4:4.9.4-20.el9_4.2.ppc64le",
"AppStream-9.4.0.Z.EUS:podman-plugins-debuginfo-4:4.9.4-20.el9_4.2.s390x",
"AppStream-9.4.0.Z.EUS:podman-plugins-debuginfo-4:4.9.4-20.el9_4.2.x86_64",
"AppStream-9.4.0.Z.EUS:podman-remote-4:4.9.4-20.el9_4.2.aarch64",
"AppStream-9.4.0.Z.EUS:podman-remote-4:4.9.4-20.el9_4.2.ppc64le",
"AppStream-9.4.0.Z.EUS:podman-remote-4:4.9.4-20.el9_4.2.s390x",
"AppStream-9.4.0.Z.EUS:podman-remote-4:4.9.4-20.el9_4.2.x86_64",
"AppStream-9.4.0.Z.EUS:podman-remote-debuginfo-4:4.9.4-20.el9_4.2.aarch64",
"AppStream-9.4.0.Z.EUS:podman-remote-debuginfo-4:4.9.4-20.el9_4.2.ppc64le",
"AppStream-9.4.0.Z.EUS:podman-remote-debuginfo-4:4.9.4-20.el9_4.2.s390x",
"AppStream-9.4.0.Z.EUS:podman-remote-debuginfo-4:4.9.4-20.el9_4.2.x86_64",
"AppStream-9.4.0.Z.EUS:podman-tests-4:4.9.4-20.el9_4.2.aarch64",
"AppStream-9.4.0.Z.EUS:podman-tests-4:4.9.4-20.el9_4.2.ppc64le",
"AppStream-9.4.0.Z.EUS:podman-tests-4:4.9.4-20.el9_4.2.s390x",
"AppStream-9.4.0.Z.EUS:podman-tests-4:4.9.4-20.el9_4.2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-68121"
},
{
"category": "external",
"summary": "RHBZ#2437111",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2437111"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-68121",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68121"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-68121",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68121"
},
{
"category": "external",
"summary": "https://go.dev/cl/737700",
"url": "https://go.dev/cl/737700"
},
{
"category": "external",
"summary": "https://go.dev/issue/77217",
"url": "https://go.dev/issue/77217"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk",
"url": "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4337",
"url": "https://pkg.go.dev/vuln/GO-2026-4337"
}
],
"release_date": "2026-02-05T17:48:44.141000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-30T03:03:35+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.4.0.Z.EUS:podman-4:4.9.4-20.el9_4.2.aarch64",
"AppStream-9.4.0.Z.EUS:podman-4:4.9.4-20.el9_4.2.ppc64le",
"AppStream-9.4.0.Z.EUS:podman-4:4.9.4-20.el9_4.2.s390x",
"AppStream-9.4.0.Z.EUS:podman-4:4.9.4-20.el9_4.2.src",
"AppStream-9.4.0.Z.EUS:podman-4:4.9.4-20.el9_4.2.x86_64",
"AppStream-9.4.0.Z.EUS:podman-debuginfo-4:4.9.4-20.el9_4.2.aarch64",
"AppStream-9.4.0.Z.EUS:podman-debuginfo-4:4.9.4-20.el9_4.2.ppc64le",
"AppStream-9.4.0.Z.EUS:podman-debuginfo-4:4.9.4-20.el9_4.2.s390x",
"AppStream-9.4.0.Z.EUS:podman-debuginfo-4:4.9.4-20.el9_4.2.x86_64",
"AppStream-9.4.0.Z.EUS:podman-debugsource-4:4.9.4-20.el9_4.2.aarch64",
"AppStream-9.4.0.Z.EUS:podman-debugsource-4:4.9.4-20.el9_4.2.ppc64le",
"AppStream-9.4.0.Z.EUS:podman-debugsource-4:4.9.4-20.el9_4.2.s390x",
"AppStream-9.4.0.Z.EUS:podman-debugsource-4:4.9.4-20.el9_4.2.x86_64",
"AppStream-9.4.0.Z.EUS:podman-docker-4:4.9.4-20.el9_4.2.noarch",
"AppStream-9.4.0.Z.EUS:podman-plugins-4:4.9.4-20.el9_4.2.aarch64",
"AppStream-9.4.0.Z.EUS:podman-plugins-4:4.9.4-20.el9_4.2.ppc64le",
"AppStream-9.4.0.Z.EUS:podman-plugins-4:4.9.4-20.el9_4.2.s390x",
"AppStream-9.4.0.Z.EUS:podman-plugins-4:4.9.4-20.el9_4.2.x86_64",
"AppStream-9.4.0.Z.EUS:podman-plugins-debuginfo-4:4.9.4-20.el9_4.2.aarch64",
"AppStream-9.4.0.Z.EUS:podman-plugins-debuginfo-4:4.9.4-20.el9_4.2.ppc64le",
"AppStream-9.4.0.Z.EUS:podman-plugins-debuginfo-4:4.9.4-20.el9_4.2.s390x",
"AppStream-9.4.0.Z.EUS:podman-plugins-debuginfo-4:4.9.4-20.el9_4.2.x86_64",
"AppStream-9.4.0.Z.EUS:podman-remote-4:4.9.4-20.el9_4.2.aarch64",
"AppStream-9.4.0.Z.EUS:podman-remote-4:4.9.4-20.el9_4.2.ppc64le",
"AppStream-9.4.0.Z.EUS:podman-remote-4:4.9.4-20.el9_4.2.s390x",
"AppStream-9.4.0.Z.EUS:podman-remote-4:4.9.4-20.el9_4.2.x86_64",
"AppStream-9.4.0.Z.EUS:podman-remote-debuginfo-4:4.9.4-20.el9_4.2.aarch64",
"AppStream-9.4.0.Z.EUS:podman-remote-debuginfo-4:4.9.4-20.el9_4.2.ppc64le",
"AppStream-9.4.0.Z.EUS:podman-remote-debuginfo-4:4.9.4-20.el9_4.2.s390x",
"AppStream-9.4.0.Z.EUS:podman-remote-debuginfo-4:4.9.4-20.el9_4.2.x86_64",
"AppStream-9.4.0.Z.EUS:podman-tests-4:4.9.4-20.el9_4.2.aarch64",
"AppStream-9.4.0.Z.EUS:podman-tests-4:4.9.4-20.el9_4.2.ppc64le",
"AppStream-9.4.0.Z.EUS:podman-tests-4:4.9.4-20.el9_4.2.s390x",
"AppStream-9.4.0.Z.EUS:podman-tests-4:4.9.4-20.el9_4.2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:12028"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"AppStream-9.4.0.Z.EUS:podman-4:4.9.4-20.el9_4.2.aarch64",
"AppStream-9.4.0.Z.EUS:podman-4:4.9.4-20.el9_4.2.ppc64le",
"AppStream-9.4.0.Z.EUS:podman-4:4.9.4-20.el9_4.2.s390x",
"AppStream-9.4.0.Z.EUS:podman-4:4.9.4-20.el9_4.2.src",
"AppStream-9.4.0.Z.EUS:podman-4:4.9.4-20.el9_4.2.x86_64",
"AppStream-9.4.0.Z.EUS:podman-debuginfo-4:4.9.4-20.el9_4.2.aarch64",
"AppStream-9.4.0.Z.EUS:podman-debuginfo-4:4.9.4-20.el9_4.2.ppc64le",
"AppStream-9.4.0.Z.EUS:podman-debuginfo-4:4.9.4-20.el9_4.2.s390x",
"AppStream-9.4.0.Z.EUS:podman-debuginfo-4:4.9.4-20.el9_4.2.x86_64",
"AppStream-9.4.0.Z.EUS:podman-debugsource-4:4.9.4-20.el9_4.2.aarch64",
"AppStream-9.4.0.Z.EUS:podman-debugsource-4:4.9.4-20.el9_4.2.ppc64le",
"AppStream-9.4.0.Z.EUS:podman-debugsource-4:4.9.4-20.el9_4.2.s390x",
"AppStream-9.4.0.Z.EUS:podman-debugsource-4:4.9.4-20.el9_4.2.x86_64",
"AppStream-9.4.0.Z.EUS:podman-docker-4:4.9.4-20.el9_4.2.noarch",
"AppStream-9.4.0.Z.EUS:podman-plugins-4:4.9.4-20.el9_4.2.aarch64",
"AppStream-9.4.0.Z.EUS:podman-plugins-4:4.9.4-20.el9_4.2.ppc64le",
"AppStream-9.4.0.Z.EUS:podman-plugins-4:4.9.4-20.el9_4.2.s390x",
"AppStream-9.4.0.Z.EUS:podman-plugins-4:4.9.4-20.el9_4.2.x86_64",
"AppStream-9.4.0.Z.EUS:podman-plugins-debuginfo-4:4.9.4-20.el9_4.2.aarch64",
"AppStream-9.4.0.Z.EUS:podman-plugins-debuginfo-4:4.9.4-20.el9_4.2.ppc64le",
"AppStream-9.4.0.Z.EUS:podman-plugins-debuginfo-4:4.9.4-20.el9_4.2.s390x",
"AppStream-9.4.0.Z.EUS:podman-plugins-debuginfo-4:4.9.4-20.el9_4.2.x86_64",
"AppStream-9.4.0.Z.EUS:podman-remote-4:4.9.4-20.el9_4.2.aarch64",
"AppStream-9.4.0.Z.EUS:podman-remote-4:4.9.4-20.el9_4.2.ppc64le",
"AppStream-9.4.0.Z.EUS:podman-remote-4:4.9.4-20.el9_4.2.s390x",
"AppStream-9.4.0.Z.EUS:podman-remote-4:4.9.4-20.el9_4.2.x86_64",
"AppStream-9.4.0.Z.EUS:podman-remote-debuginfo-4:4.9.4-20.el9_4.2.aarch64",
"AppStream-9.4.0.Z.EUS:podman-remote-debuginfo-4:4.9.4-20.el9_4.2.ppc64le",
"AppStream-9.4.0.Z.EUS:podman-remote-debuginfo-4:4.9.4-20.el9_4.2.s390x",
"AppStream-9.4.0.Z.EUS:podman-remote-debuginfo-4:4.9.4-20.el9_4.2.x86_64",
"AppStream-9.4.0.Z.EUS:podman-tests-4:4.9.4-20.el9_4.2.aarch64",
"AppStream-9.4.0.Z.EUS:podman-tests-4:4.9.4-20.el9_4.2.ppc64le",
"AppStream-9.4.0.Z.EUS:podman-tests-4:4.9.4-20.el9_4.2.s390x",
"AppStream-9.4.0.Z.EUS:podman-tests-4:4.9.4-20.el9_4.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption"
},
{
"cve": "CVE-2026-25679",
"cwe": {
"id": "CWE-1286",
"name": "Improper Validation of Syntactic Correctness of Input"
},
"discovery_date": "2026-03-06T22:02:11.567841+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2445356"
}
],
"notes": [
{
"category": "description",
"text": "The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "net/url: Incorrect parsing of IPv6 host literals in net/url",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.4.0.Z.EUS:podman-4:4.9.4-20.el9_4.2.aarch64",
"AppStream-9.4.0.Z.EUS:podman-4:4.9.4-20.el9_4.2.ppc64le",
"AppStream-9.4.0.Z.EUS:podman-4:4.9.4-20.el9_4.2.s390x",
"AppStream-9.4.0.Z.EUS:podman-4:4.9.4-20.el9_4.2.src",
"AppStream-9.4.0.Z.EUS:podman-4:4.9.4-20.el9_4.2.x86_64",
"AppStream-9.4.0.Z.EUS:podman-debuginfo-4:4.9.4-20.el9_4.2.aarch64",
"AppStream-9.4.0.Z.EUS:podman-debuginfo-4:4.9.4-20.el9_4.2.ppc64le",
"AppStream-9.4.0.Z.EUS:podman-debuginfo-4:4.9.4-20.el9_4.2.s390x",
"AppStream-9.4.0.Z.EUS:podman-debuginfo-4:4.9.4-20.el9_4.2.x86_64",
"AppStream-9.4.0.Z.EUS:podman-debugsource-4:4.9.4-20.el9_4.2.aarch64",
"AppStream-9.4.0.Z.EUS:podman-debugsource-4:4.9.4-20.el9_4.2.ppc64le",
"AppStream-9.4.0.Z.EUS:podman-debugsource-4:4.9.4-20.el9_4.2.s390x",
"AppStream-9.4.0.Z.EUS:podman-debugsource-4:4.9.4-20.el9_4.2.x86_64",
"AppStream-9.4.0.Z.EUS:podman-docker-4:4.9.4-20.el9_4.2.noarch",
"AppStream-9.4.0.Z.EUS:podman-plugins-4:4.9.4-20.el9_4.2.aarch64",
"AppStream-9.4.0.Z.EUS:podman-plugins-4:4.9.4-20.el9_4.2.ppc64le",
"AppStream-9.4.0.Z.EUS:podman-plugins-4:4.9.4-20.el9_4.2.s390x",
"AppStream-9.4.0.Z.EUS:podman-plugins-4:4.9.4-20.el9_4.2.x86_64",
"AppStream-9.4.0.Z.EUS:podman-plugins-debuginfo-4:4.9.4-20.el9_4.2.aarch64",
"AppStream-9.4.0.Z.EUS:podman-plugins-debuginfo-4:4.9.4-20.el9_4.2.ppc64le",
"AppStream-9.4.0.Z.EUS:podman-plugins-debuginfo-4:4.9.4-20.el9_4.2.s390x",
"AppStream-9.4.0.Z.EUS:podman-plugins-debuginfo-4:4.9.4-20.el9_4.2.x86_64",
"AppStream-9.4.0.Z.EUS:podman-remote-4:4.9.4-20.el9_4.2.aarch64",
"AppStream-9.4.0.Z.EUS:podman-remote-4:4.9.4-20.el9_4.2.ppc64le",
"AppStream-9.4.0.Z.EUS:podman-remote-4:4.9.4-20.el9_4.2.s390x",
"AppStream-9.4.0.Z.EUS:podman-remote-4:4.9.4-20.el9_4.2.x86_64",
"AppStream-9.4.0.Z.EUS:podman-remote-debuginfo-4:4.9.4-20.el9_4.2.aarch64",
"AppStream-9.4.0.Z.EUS:podman-remote-debuginfo-4:4.9.4-20.el9_4.2.ppc64le",
"AppStream-9.4.0.Z.EUS:podman-remote-debuginfo-4:4.9.4-20.el9_4.2.s390x",
"AppStream-9.4.0.Z.EUS:podman-remote-debuginfo-4:4.9.4-20.el9_4.2.x86_64",
"AppStream-9.4.0.Z.EUS:podman-tests-4:4.9.4-20.el9_4.2.aarch64",
"AppStream-9.4.0.Z.EUS:podman-tests-4:4.9.4-20.el9_4.2.ppc64le",
"AppStream-9.4.0.Z.EUS:podman-tests-4:4.9.4-20.el9_4.2.s390x",
"AppStream-9.4.0.Z.EUS:podman-tests-4:4.9.4-20.el9_4.2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-25679"
},
{
"category": "external",
"summary": "RHBZ#2445356",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445356"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-25679",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25679"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-25679",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25679"
},
{
"category": "external",
"summary": "https://go.dev/cl/752180",
"url": "https://go.dev/cl/752180"
},
{
"category": "external",
"summary": "https://go.dev/issue/77578",
"url": "https://go.dev/issue/77578"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk",
"url": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4601",
"url": "https://pkg.go.dev/vuln/GO-2026-4601"
}
],
"release_date": "2026-03-06T21:28:14.211000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-30T03:03:35+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.4.0.Z.EUS:podman-4:4.9.4-20.el9_4.2.aarch64",
"AppStream-9.4.0.Z.EUS:podman-4:4.9.4-20.el9_4.2.ppc64le",
"AppStream-9.4.0.Z.EUS:podman-4:4.9.4-20.el9_4.2.s390x",
"AppStream-9.4.0.Z.EUS:podman-4:4.9.4-20.el9_4.2.src",
"AppStream-9.4.0.Z.EUS:podman-4:4.9.4-20.el9_4.2.x86_64",
"AppStream-9.4.0.Z.EUS:podman-debuginfo-4:4.9.4-20.el9_4.2.aarch64",
"AppStream-9.4.0.Z.EUS:podman-debuginfo-4:4.9.4-20.el9_4.2.ppc64le",
"AppStream-9.4.0.Z.EUS:podman-debuginfo-4:4.9.4-20.el9_4.2.s390x",
"AppStream-9.4.0.Z.EUS:podman-debuginfo-4:4.9.4-20.el9_4.2.x86_64",
"AppStream-9.4.0.Z.EUS:podman-debugsource-4:4.9.4-20.el9_4.2.aarch64",
"AppStream-9.4.0.Z.EUS:podman-debugsource-4:4.9.4-20.el9_4.2.ppc64le",
"AppStream-9.4.0.Z.EUS:podman-debugsource-4:4.9.4-20.el9_4.2.s390x",
"AppStream-9.4.0.Z.EUS:podman-debugsource-4:4.9.4-20.el9_4.2.x86_64",
"AppStream-9.4.0.Z.EUS:podman-docker-4:4.9.4-20.el9_4.2.noarch",
"AppStream-9.4.0.Z.EUS:podman-plugins-4:4.9.4-20.el9_4.2.aarch64",
"AppStream-9.4.0.Z.EUS:podman-plugins-4:4.9.4-20.el9_4.2.ppc64le",
"AppStream-9.4.0.Z.EUS:podman-plugins-4:4.9.4-20.el9_4.2.s390x",
"AppStream-9.4.0.Z.EUS:podman-plugins-4:4.9.4-20.el9_4.2.x86_64",
"AppStream-9.4.0.Z.EUS:podman-plugins-debuginfo-4:4.9.4-20.el9_4.2.aarch64",
"AppStream-9.4.0.Z.EUS:podman-plugins-debuginfo-4:4.9.4-20.el9_4.2.ppc64le",
"AppStream-9.4.0.Z.EUS:podman-plugins-debuginfo-4:4.9.4-20.el9_4.2.s390x",
"AppStream-9.4.0.Z.EUS:podman-plugins-debuginfo-4:4.9.4-20.el9_4.2.x86_64",
"AppStream-9.4.0.Z.EUS:podman-remote-4:4.9.4-20.el9_4.2.aarch64",
"AppStream-9.4.0.Z.EUS:podman-remote-4:4.9.4-20.el9_4.2.ppc64le",
"AppStream-9.4.0.Z.EUS:podman-remote-4:4.9.4-20.el9_4.2.s390x",
"AppStream-9.4.0.Z.EUS:podman-remote-4:4.9.4-20.el9_4.2.x86_64",
"AppStream-9.4.0.Z.EUS:podman-remote-debuginfo-4:4.9.4-20.el9_4.2.aarch64",
"AppStream-9.4.0.Z.EUS:podman-remote-debuginfo-4:4.9.4-20.el9_4.2.ppc64le",
"AppStream-9.4.0.Z.EUS:podman-remote-debuginfo-4:4.9.4-20.el9_4.2.s390x",
"AppStream-9.4.0.Z.EUS:podman-remote-debuginfo-4:4.9.4-20.el9_4.2.x86_64",
"AppStream-9.4.0.Z.EUS:podman-tests-4:4.9.4-20.el9_4.2.aarch64",
"AppStream-9.4.0.Z.EUS:podman-tests-4:4.9.4-20.el9_4.2.ppc64le",
"AppStream-9.4.0.Z.EUS:podman-tests-4:4.9.4-20.el9_4.2.s390x",
"AppStream-9.4.0.Z.EUS:podman-tests-4:4.9.4-20.el9_4.2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:12028"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.4.0.Z.EUS:podman-4:4.9.4-20.el9_4.2.aarch64",
"AppStream-9.4.0.Z.EUS:podman-4:4.9.4-20.el9_4.2.ppc64le",
"AppStream-9.4.0.Z.EUS:podman-4:4.9.4-20.el9_4.2.s390x",
"AppStream-9.4.0.Z.EUS:podman-4:4.9.4-20.el9_4.2.src",
"AppStream-9.4.0.Z.EUS:podman-4:4.9.4-20.el9_4.2.x86_64",
"AppStream-9.4.0.Z.EUS:podman-debuginfo-4:4.9.4-20.el9_4.2.aarch64",
"AppStream-9.4.0.Z.EUS:podman-debuginfo-4:4.9.4-20.el9_4.2.ppc64le",
"AppStream-9.4.0.Z.EUS:podman-debuginfo-4:4.9.4-20.el9_4.2.s390x",
"AppStream-9.4.0.Z.EUS:podman-debuginfo-4:4.9.4-20.el9_4.2.x86_64",
"AppStream-9.4.0.Z.EUS:podman-debugsource-4:4.9.4-20.el9_4.2.aarch64",
"AppStream-9.4.0.Z.EUS:podman-debugsource-4:4.9.4-20.el9_4.2.ppc64le",
"AppStream-9.4.0.Z.EUS:podman-debugsource-4:4.9.4-20.el9_4.2.s390x",
"AppStream-9.4.0.Z.EUS:podman-debugsource-4:4.9.4-20.el9_4.2.x86_64",
"AppStream-9.4.0.Z.EUS:podman-docker-4:4.9.4-20.el9_4.2.noarch",
"AppStream-9.4.0.Z.EUS:podman-plugins-4:4.9.4-20.el9_4.2.aarch64",
"AppStream-9.4.0.Z.EUS:podman-plugins-4:4.9.4-20.el9_4.2.ppc64le",
"AppStream-9.4.0.Z.EUS:podman-plugins-4:4.9.4-20.el9_4.2.s390x",
"AppStream-9.4.0.Z.EUS:podman-plugins-4:4.9.4-20.el9_4.2.x86_64",
"AppStream-9.4.0.Z.EUS:podman-plugins-debuginfo-4:4.9.4-20.el9_4.2.aarch64",
"AppStream-9.4.0.Z.EUS:podman-plugins-debuginfo-4:4.9.4-20.el9_4.2.ppc64le",
"AppStream-9.4.0.Z.EUS:podman-plugins-debuginfo-4:4.9.4-20.el9_4.2.s390x",
"AppStream-9.4.0.Z.EUS:podman-plugins-debuginfo-4:4.9.4-20.el9_4.2.x86_64",
"AppStream-9.4.0.Z.EUS:podman-remote-4:4.9.4-20.el9_4.2.aarch64",
"AppStream-9.4.0.Z.EUS:podman-remote-4:4.9.4-20.el9_4.2.ppc64le",
"AppStream-9.4.0.Z.EUS:podman-remote-4:4.9.4-20.el9_4.2.s390x",
"AppStream-9.4.0.Z.EUS:podman-remote-4:4.9.4-20.el9_4.2.x86_64",
"AppStream-9.4.0.Z.EUS:podman-remote-debuginfo-4:4.9.4-20.el9_4.2.aarch64",
"AppStream-9.4.0.Z.EUS:podman-remote-debuginfo-4:4.9.4-20.el9_4.2.ppc64le",
"AppStream-9.4.0.Z.EUS:podman-remote-debuginfo-4:4.9.4-20.el9_4.2.s390x",
"AppStream-9.4.0.Z.EUS:podman-remote-debuginfo-4:4.9.4-20.el9_4.2.x86_64",
"AppStream-9.4.0.Z.EUS:podman-tests-4:4.9.4-20.el9_4.2.aarch64",
"AppStream-9.4.0.Z.EUS:podman-tests-4:4.9.4-20.el9_4.2.ppc64le",
"AppStream-9.4.0.Z.EUS:podman-tests-4:4.9.4-20.el9_4.2.s390x",
"AppStream-9.4.0.Z.EUS:podman-tests-4:4.9.4-20.el9_4.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.4.0.Z.EUS:podman-4:4.9.4-20.el9_4.2.aarch64",
"AppStream-9.4.0.Z.EUS:podman-4:4.9.4-20.el9_4.2.ppc64le",
"AppStream-9.4.0.Z.EUS:podman-4:4.9.4-20.el9_4.2.s390x",
"AppStream-9.4.0.Z.EUS:podman-4:4.9.4-20.el9_4.2.src",
"AppStream-9.4.0.Z.EUS:podman-4:4.9.4-20.el9_4.2.x86_64",
"AppStream-9.4.0.Z.EUS:podman-debuginfo-4:4.9.4-20.el9_4.2.aarch64",
"AppStream-9.4.0.Z.EUS:podman-debuginfo-4:4.9.4-20.el9_4.2.ppc64le",
"AppStream-9.4.0.Z.EUS:podman-debuginfo-4:4.9.4-20.el9_4.2.s390x",
"AppStream-9.4.0.Z.EUS:podman-debuginfo-4:4.9.4-20.el9_4.2.x86_64",
"AppStream-9.4.0.Z.EUS:podman-debugsource-4:4.9.4-20.el9_4.2.aarch64",
"AppStream-9.4.0.Z.EUS:podman-debugsource-4:4.9.4-20.el9_4.2.ppc64le",
"AppStream-9.4.0.Z.EUS:podman-debugsource-4:4.9.4-20.el9_4.2.s390x",
"AppStream-9.4.0.Z.EUS:podman-debugsource-4:4.9.4-20.el9_4.2.x86_64",
"AppStream-9.4.0.Z.EUS:podman-docker-4:4.9.4-20.el9_4.2.noarch",
"AppStream-9.4.0.Z.EUS:podman-plugins-4:4.9.4-20.el9_4.2.aarch64",
"AppStream-9.4.0.Z.EUS:podman-plugins-4:4.9.4-20.el9_4.2.ppc64le",
"AppStream-9.4.0.Z.EUS:podman-plugins-4:4.9.4-20.el9_4.2.s390x",
"AppStream-9.4.0.Z.EUS:podman-plugins-4:4.9.4-20.el9_4.2.x86_64",
"AppStream-9.4.0.Z.EUS:podman-plugins-debuginfo-4:4.9.4-20.el9_4.2.aarch64",
"AppStream-9.4.0.Z.EUS:podman-plugins-debuginfo-4:4.9.4-20.el9_4.2.ppc64le",
"AppStream-9.4.0.Z.EUS:podman-plugins-debuginfo-4:4.9.4-20.el9_4.2.s390x",
"AppStream-9.4.0.Z.EUS:podman-plugins-debuginfo-4:4.9.4-20.el9_4.2.x86_64",
"AppStream-9.4.0.Z.EUS:podman-remote-4:4.9.4-20.el9_4.2.aarch64",
"AppStream-9.4.0.Z.EUS:podman-remote-4:4.9.4-20.el9_4.2.ppc64le",
"AppStream-9.4.0.Z.EUS:podman-remote-4:4.9.4-20.el9_4.2.s390x",
"AppStream-9.4.0.Z.EUS:podman-remote-4:4.9.4-20.el9_4.2.x86_64",
"AppStream-9.4.0.Z.EUS:podman-remote-debuginfo-4:4.9.4-20.el9_4.2.aarch64",
"AppStream-9.4.0.Z.EUS:podman-remote-debuginfo-4:4.9.4-20.el9_4.2.ppc64le",
"AppStream-9.4.0.Z.EUS:podman-remote-debuginfo-4:4.9.4-20.el9_4.2.s390x",
"AppStream-9.4.0.Z.EUS:podman-remote-debuginfo-4:4.9.4-20.el9_4.2.x86_64",
"AppStream-9.4.0.Z.EUS:podman-tests-4:4.9.4-20.el9_4.2.aarch64",
"AppStream-9.4.0.Z.EUS:podman-tests-4:4.9.4-20.el9_4.2.ppc64le",
"AppStream-9.4.0.Z.EUS:podman-tests-4:4.9.4-20.el9_4.2.s390x",
"AppStream-9.4.0.Z.EUS:podman-tests-4:4.9.4-20.el9_4.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "net/url: Incorrect parsing of IPv6 host literals in net/url"
}
]
}
RHSA-2026:12029
Vulnerability from csaf_redhat - Published: 2026-04-30 03:01 - Updated: 2026-06-27 14:37Summary
Red Hat Security Advisory: skopeo security update
Severity
Important
Notes
Topic: An update for skopeo is now available for Red Hat Enterprise Linux 9.4 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: The skopeo command lets you inspect images from container image registries, get images and image layers, and use signatures to create and verify files.
Security Fix(es):
* crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate (CVE-2025-61729)
* golang: net/url: Memory exhaustion in query parameter parsing in net/url (CVE-2025-61726)
* crypto/tls: Unexpected session resumption in crypto/tls (CVE-2025-68121)
* net/url: Incorrect parsing of IPv6 host literals in net/url (CVE-2026-25679)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted HTTP request containing a massive number of query parameters will cause the application to consume an excessive amount of memory, eventually causing the application to crash or become unresponsive, resulting in a denial of service.
7.5 (High)
Affected products
Fixed
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.4.0.Z.EUS:skopeo-2:1.14.5-2.el9_4.4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:skopeo-2:1.14.5-2.el9_4.4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:skopeo-2:1.14.5-2.el9_4.4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:skopeo-2:1.14.5-2.el9_4.4.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:skopeo-2:1.14.5-2.el9_4.4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:skopeo-debuginfo-2:1.14.5-2.el9_4.4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:skopeo-debuginfo-2:1.14.5-2.el9_4.4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:skopeo-debuginfo-2:1.14.5-2.el9_4.4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:skopeo-debuginfo-2:1.14.5-2.el9_4.4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:skopeo-debugsource-2:1.14.5-2.el9_4.4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:skopeo-debugsource-2:1.14.5-2.el9_4.4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:skopeo-debugsource-2:1.14.5-2.el9_4.4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:skopeo-debugsource-2:1.14.5-2.el9_4.4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:skopeo-tests-2:1.14.5-2.el9_4.4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:skopeo-tests-2:1.14.5-2.el9_4.4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:skopeo-tests-2:1.14.5-2.el9_4.4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:skopeo-tests-2:1.14.5-2.el9_4.4.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the `HostnameError.Error()` function. This flaw, caused by unbounded string concatenation, leads to excessive resource consumption. Successful exploitation can result in a denial of service (DoS) for the affected system.
7.5 (High)
Affected products
Fixed
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.4.0.Z.EUS:skopeo-2:1.14.5-2.el9_4.4.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:skopeo-2:1.14.5-2.el9_4.4.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:skopeo-2:1.14.5-2.el9_4.4.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:skopeo-2:1.14.5-2.el9_4.4.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:skopeo-2:1.14.5-2.el9_4.4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:skopeo-debuginfo-2:1.14.5-2.el9_4.4.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:skopeo-debuginfo-2:1.14.5-2.el9_4.4.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:skopeo-debuginfo-2:1.14.5-2.el9_4.4.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:skopeo-debuginfo-2:1.14.5-2.el9_4.4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:skopeo-debugsource-2:1.14.5-2.el9_4.4.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:skopeo-debugsource-2:1.14.5-2.el9_4.4.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:skopeo-debugsource-2:1.14.5-2.el9_4.4.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:skopeo-debugsource-2:1.14.5-2.el9_4.4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:skopeo-tests-2:1.14.5-2.el9_4.4.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:skopeo-tests-2:1.14.5-2.el9_4.4.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:skopeo-tests-2:1.14.5-2.el9_4.4.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:skopeo-tests-2:1.14.5-2.el9_4.4.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Important
A flaw was found in the crypto/tls component. This vulnerability occurs during Transport Layer Security (TLS) session resumption when certificate authority (CA) settings are modified between the initial and resumed handshakes. An attacker could exploit this to bypass certificate validation, allowing a client or server to establish a connection that should have been rejected. This could lead to an authentication bypass under specific conditions.
7.4 (High)
Affected products
Fixed
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.4.0.Z.EUS:skopeo-2:1.14.5-2.el9_4.4.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:skopeo-2:1.14.5-2.el9_4.4.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:skopeo-2:1.14.5-2.el9_4.4.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:skopeo-2:1.14.5-2.el9_4.4.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:skopeo-2:1.14.5-2.el9_4.4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:skopeo-debuginfo-2:1.14.5-2.el9_4.4.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:skopeo-debuginfo-2:1.14.5-2.el9_4.4.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:skopeo-debuginfo-2:1.14.5-2.el9_4.4.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:skopeo-debuginfo-2:1.14.5-2.el9_4.4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:skopeo-debugsource-2:1.14.5-2.el9_4.4.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:skopeo-debugsource-2:1.14.5-2.el9_4.4.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:skopeo-debugsource-2:1.14.5-2.el9_4.4.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:skopeo-debugsource-2:1.14.5-2.el9_4.4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:skopeo-tests-2:1.14.5-2.el9_4.4.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:skopeo-tests-2:1.14.5-2.el9_4.4.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:skopeo-tests-2:1.14.5-2.el9_4.4.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:skopeo-tests-2:1.14.5-2.el9_4.4.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid.
7.5 (High)
Affected products
Fixed
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.4.0.Z.EUS:skopeo-2:1.14.5-2.el9_4.4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:skopeo-2:1.14.5-2.el9_4.4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:skopeo-2:1.14.5-2.el9_4.4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:skopeo-2:1.14.5-2.el9_4.4.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:skopeo-2:1.14.5-2.el9_4.4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:skopeo-debuginfo-2:1.14.5-2.el9_4.4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:skopeo-debuginfo-2:1.14.5-2.el9_4.4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:skopeo-debuginfo-2:1.14.5-2.el9_4.4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:skopeo-debuginfo-2:1.14.5-2.el9_4.4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:skopeo-debugsource-2:1.14.5-2.el9_4.4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:skopeo-debugsource-2:1.14.5-2.el9_4.4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:skopeo-debugsource-2:1.14.5-2.el9_4.4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:skopeo-debugsource-2:1.14.5-2.el9_4.4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:skopeo-tests-2:1.14.5-2.el9_4.4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:skopeo-tests-2:1.14.5-2.el9_4.4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:skopeo-tests-2:1.14.5-2.el9_4.4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:skopeo-tests-2:1.14.5-2.el9_4.4.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
References
39 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for skopeo is now available for Red Hat Enterprise Linux 9.4 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The skopeo command lets you inspect images from container image registries, get images and image layers, and use signatures to create and verify files. \n\nSecurity Fix(es):\n\n* crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate (CVE-2025-61729)\n\n* golang: net/url: Memory exhaustion in query parameter parsing in net/url (CVE-2025-61726)\n\n* crypto/tls: Unexpected session resumption in crypto/tls (CVE-2025-68121)\n\n* net/url: Incorrect parsing of IPv6 host literals in net/url (CVE-2026-25679)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:12029",
"url": "https://access.redhat.com/errata/RHSA-2026:12029"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2418462",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418462"
},
{
"category": "external",
"summary": "2434432",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2434432"
},
{
"category": "external",
"summary": "2437111",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2437111"
},
{
"category": "external",
"summary": "2445356",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445356"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_12029.json"
}
],
"title": "Red Hat Security Advisory: skopeo security update",
"tracking": {
"current_release_date": "2026-06-27T14:37:50+00:00",
"generator": {
"date": "2026-06-27T14:37:50+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.2.6"
}
},
"id": "RHSA-2026:12029",
"initial_release_date": "2026-04-30T03:01:07+00:00",
"revision_history": [
{
"date": "2026-04-30T03:01:07+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-04-30T03:01:07+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-27T14:37:50+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product": {
"name": "Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_eus:9.4::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "skopeo-2:1.14.5-2.el9_4.4.src",
"product": {
"name": "skopeo-2:1.14.5-2.el9_4.4.src",
"product_id": "skopeo-2:1.14.5-2.el9_4.4.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/skopeo@1.14.5-2.el9_4.4?arch=src\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "skopeo-2:1.14.5-2.el9_4.4.aarch64",
"product": {
"name": "skopeo-2:1.14.5-2.el9_4.4.aarch64",
"product_id": "skopeo-2:1.14.5-2.el9_4.4.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/skopeo@1.14.5-2.el9_4.4?arch=aarch64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "skopeo-tests-2:1.14.5-2.el9_4.4.aarch64",
"product": {
"name": "skopeo-tests-2:1.14.5-2.el9_4.4.aarch64",
"product_id": "skopeo-tests-2:1.14.5-2.el9_4.4.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/skopeo-tests@1.14.5-2.el9_4.4?arch=aarch64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "skopeo-debugsource-2:1.14.5-2.el9_4.4.aarch64",
"product": {
"name": "skopeo-debugsource-2:1.14.5-2.el9_4.4.aarch64",
"product_id": "skopeo-debugsource-2:1.14.5-2.el9_4.4.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/skopeo-debugsource@1.14.5-2.el9_4.4?arch=aarch64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "skopeo-debuginfo-2:1.14.5-2.el9_4.4.aarch64",
"product": {
"name": "skopeo-debuginfo-2:1.14.5-2.el9_4.4.aarch64",
"product_id": "skopeo-debuginfo-2:1.14.5-2.el9_4.4.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/skopeo-debuginfo@1.14.5-2.el9_4.4?arch=aarch64\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "skopeo-2:1.14.5-2.el9_4.4.ppc64le",
"product": {
"name": "skopeo-2:1.14.5-2.el9_4.4.ppc64le",
"product_id": "skopeo-2:1.14.5-2.el9_4.4.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/skopeo@1.14.5-2.el9_4.4?arch=ppc64le\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "skopeo-tests-2:1.14.5-2.el9_4.4.ppc64le",
"product": {
"name": "skopeo-tests-2:1.14.5-2.el9_4.4.ppc64le",
"product_id": "skopeo-tests-2:1.14.5-2.el9_4.4.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/skopeo-tests@1.14.5-2.el9_4.4?arch=ppc64le\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "skopeo-debugsource-2:1.14.5-2.el9_4.4.ppc64le",
"product": {
"name": "skopeo-debugsource-2:1.14.5-2.el9_4.4.ppc64le",
"product_id": "skopeo-debugsource-2:1.14.5-2.el9_4.4.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/skopeo-debugsource@1.14.5-2.el9_4.4?arch=ppc64le\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "skopeo-debuginfo-2:1.14.5-2.el9_4.4.ppc64le",
"product": {
"name": "skopeo-debuginfo-2:1.14.5-2.el9_4.4.ppc64le",
"product_id": "skopeo-debuginfo-2:1.14.5-2.el9_4.4.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/skopeo-debuginfo@1.14.5-2.el9_4.4?arch=ppc64le\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "skopeo-2:1.14.5-2.el9_4.4.x86_64",
"product": {
"name": "skopeo-2:1.14.5-2.el9_4.4.x86_64",
"product_id": "skopeo-2:1.14.5-2.el9_4.4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/skopeo@1.14.5-2.el9_4.4?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "skopeo-tests-2:1.14.5-2.el9_4.4.x86_64",
"product": {
"name": "skopeo-tests-2:1.14.5-2.el9_4.4.x86_64",
"product_id": "skopeo-tests-2:1.14.5-2.el9_4.4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/skopeo-tests@1.14.5-2.el9_4.4?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "skopeo-debugsource-2:1.14.5-2.el9_4.4.x86_64",
"product": {
"name": "skopeo-debugsource-2:1.14.5-2.el9_4.4.x86_64",
"product_id": "skopeo-debugsource-2:1.14.5-2.el9_4.4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/skopeo-debugsource@1.14.5-2.el9_4.4?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "skopeo-debuginfo-2:1.14.5-2.el9_4.4.x86_64",
"product": {
"name": "skopeo-debuginfo-2:1.14.5-2.el9_4.4.x86_64",
"product_id": "skopeo-debuginfo-2:1.14.5-2.el9_4.4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/skopeo-debuginfo@1.14.5-2.el9_4.4?arch=x86_64\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "skopeo-2:1.14.5-2.el9_4.4.s390x",
"product": {
"name": "skopeo-2:1.14.5-2.el9_4.4.s390x",
"product_id": "skopeo-2:1.14.5-2.el9_4.4.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/skopeo@1.14.5-2.el9_4.4?arch=s390x\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "skopeo-tests-2:1.14.5-2.el9_4.4.s390x",
"product": {
"name": "skopeo-tests-2:1.14.5-2.el9_4.4.s390x",
"product_id": "skopeo-tests-2:1.14.5-2.el9_4.4.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/skopeo-tests@1.14.5-2.el9_4.4?arch=s390x\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "skopeo-debugsource-2:1.14.5-2.el9_4.4.s390x",
"product": {
"name": "skopeo-debugsource-2:1.14.5-2.el9_4.4.s390x",
"product_id": "skopeo-debugsource-2:1.14.5-2.el9_4.4.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/skopeo-debugsource@1.14.5-2.el9_4.4?arch=s390x\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "skopeo-debuginfo-2:1.14.5-2.el9_4.4.s390x",
"product": {
"name": "skopeo-debuginfo-2:1.14.5-2.el9_4.4.s390x",
"product_id": "skopeo-debuginfo-2:1.14.5-2.el9_4.4.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/skopeo-debuginfo@1.14.5-2.el9_4.4?arch=s390x\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "skopeo-2:1.14.5-2.el9_4.4.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:skopeo-2:1.14.5-2.el9_4.4.aarch64"
},
"product_reference": "skopeo-2:1.14.5-2.el9_4.4.aarch64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "skopeo-2:1.14.5-2.el9_4.4.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:skopeo-2:1.14.5-2.el9_4.4.ppc64le"
},
"product_reference": "skopeo-2:1.14.5-2.el9_4.4.ppc64le",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "skopeo-2:1.14.5-2.el9_4.4.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:skopeo-2:1.14.5-2.el9_4.4.s390x"
},
"product_reference": "skopeo-2:1.14.5-2.el9_4.4.s390x",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "skopeo-2:1.14.5-2.el9_4.4.src as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:skopeo-2:1.14.5-2.el9_4.4.src"
},
"product_reference": "skopeo-2:1.14.5-2.el9_4.4.src",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "skopeo-2:1.14.5-2.el9_4.4.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:skopeo-2:1.14.5-2.el9_4.4.x86_64"
},
"product_reference": "skopeo-2:1.14.5-2.el9_4.4.x86_64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "skopeo-debuginfo-2:1.14.5-2.el9_4.4.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:skopeo-debuginfo-2:1.14.5-2.el9_4.4.aarch64"
},
"product_reference": "skopeo-debuginfo-2:1.14.5-2.el9_4.4.aarch64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "skopeo-debuginfo-2:1.14.5-2.el9_4.4.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:skopeo-debuginfo-2:1.14.5-2.el9_4.4.ppc64le"
},
"product_reference": "skopeo-debuginfo-2:1.14.5-2.el9_4.4.ppc64le",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "skopeo-debuginfo-2:1.14.5-2.el9_4.4.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:skopeo-debuginfo-2:1.14.5-2.el9_4.4.s390x"
},
"product_reference": "skopeo-debuginfo-2:1.14.5-2.el9_4.4.s390x",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "skopeo-debuginfo-2:1.14.5-2.el9_4.4.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:skopeo-debuginfo-2:1.14.5-2.el9_4.4.x86_64"
},
"product_reference": "skopeo-debuginfo-2:1.14.5-2.el9_4.4.x86_64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "skopeo-debugsource-2:1.14.5-2.el9_4.4.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:skopeo-debugsource-2:1.14.5-2.el9_4.4.aarch64"
},
"product_reference": "skopeo-debugsource-2:1.14.5-2.el9_4.4.aarch64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "skopeo-debugsource-2:1.14.5-2.el9_4.4.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:skopeo-debugsource-2:1.14.5-2.el9_4.4.ppc64le"
},
"product_reference": "skopeo-debugsource-2:1.14.5-2.el9_4.4.ppc64le",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "skopeo-debugsource-2:1.14.5-2.el9_4.4.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:skopeo-debugsource-2:1.14.5-2.el9_4.4.s390x"
},
"product_reference": "skopeo-debugsource-2:1.14.5-2.el9_4.4.s390x",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "skopeo-debugsource-2:1.14.5-2.el9_4.4.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:skopeo-debugsource-2:1.14.5-2.el9_4.4.x86_64"
},
"product_reference": "skopeo-debugsource-2:1.14.5-2.el9_4.4.x86_64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "skopeo-tests-2:1.14.5-2.el9_4.4.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:skopeo-tests-2:1.14.5-2.el9_4.4.aarch64"
},
"product_reference": "skopeo-tests-2:1.14.5-2.el9_4.4.aarch64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "skopeo-tests-2:1.14.5-2.el9_4.4.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:skopeo-tests-2:1.14.5-2.el9_4.4.ppc64le"
},
"product_reference": "skopeo-tests-2:1.14.5-2.el9_4.4.ppc64le",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "skopeo-tests-2:1.14.5-2.el9_4.4.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:skopeo-tests-2:1.14.5-2.el9_4.4.s390x"
},
"product_reference": "skopeo-tests-2:1.14.5-2.el9_4.4.s390x",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "skopeo-tests-2:1.14.5-2.el9_4.4.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:skopeo-tests-2:1.14.5-2.el9_4.4.x86_64"
},
"product_reference": "skopeo-tests-2:1.14.5-2.el9_4.4.x86_64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-61726",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-01-28T20:01:42.791305+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2434432"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted HTTP request containing a massive number of query parameters will cause the application to consume an excessive amount of memory, eventually causing the application to crash or become unresponsive, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/url: Memory exhaustion in query parameter parsing in net/url",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker must be able to send a specially crafted HTTP request to an application parsing URL-encoded forms with net/url, specifically a request containing a large number of unique query parameters. The request will cause the application to consume an excessive amount of memory and eventually result in a denial of service, with no impact to confidentiality or integrity. Due to this reason, this vulnerability has been rated with an important severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.4.0.Z.EUS:skopeo-2:1.14.5-2.el9_4.4.aarch64",
"AppStream-9.4.0.Z.EUS:skopeo-2:1.14.5-2.el9_4.4.ppc64le",
"AppStream-9.4.0.Z.EUS:skopeo-2:1.14.5-2.el9_4.4.s390x",
"AppStream-9.4.0.Z.EUS:skopeo-2:1.14.5-2.el9_4.4.src",
"AppStream-9.4.0.Z.EUS:skopeo-2:1.14.5-2.el9_4.4.x86_64",
"AppStream-9.4.0.Z.EUS:skopeo-debuginfo-2:1.14.5-2.el9_4.4.aarch64",
"AppStream-9.4.0.Z.EUS:skopeo-debuginfo-2:1.14.5-2.el9_4.4.ppc64le",
"AppStream-9.4.0.Z.EUS:skopeo-debuginfo-2:1.14.5-2.el9_4.4.s390x",
"AppStream-9.4.0.Z.EUS:skopeo-debuginfo-2:1.14.5-2.el9_4.4.x86_64",
"AppStream-9.4.0.Z.EUS:skopeo-debugsource-2:1.14.5-2.el9_4.4.aarch64",
"AppStream-9.4.0.Z.EUS:skopeo-debugsource-2:1.14.5-2.el9_4.4.ppc64le",
"AppStream-9.4.0.Z.EUS:skopeo-debugsource-2:1.14.5-2.el9_4.4.s390x",
"AppStream-9.4.0.Z.EUS:skopeo-debugsource-2:1.14.5-2.el9_4.4.x86_64",
"AppStream-9.4.0.Z.EUS:skopeo-tests-2:1.14.5-2.el9_4.4.aarch64",
"AppStream-9.4.0.Z.EUS:skopeo-tests-2:1.14.5-2.el9_4.4.ppc64le",
"AppStream-9.4.0.Z.EUS:skopeo-tests-2:1.14.5-2.el9_4.4.s390x",
"AppStream-9.4.0.Z.EUS:skopeo-tests-2:1.14.5-2.el9_4.4.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61726"
},
{
"category": "external",
"summary": "RHBZ#2434432",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2434432"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61726",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61726"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726"
},
{
"category": "external",
"summary": "https://go.dev/cl/736712",
"url": "https://go.dev/cl/736712"
},
{
"category": "external",
"summary": "https://go.dev/issue/77101",
"url": "https://go.dev/issue/77101"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc",
"url": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4341",
"url": "https://pkg.go.dev/vuln/GO-2026-4341"
}
],
"release_date": "2026-01-28T19:30:31.215000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-30T03:01:07+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.4.0.Z.EUS:skopeo-2:1.14.5-2.el9_4.4.aarch64",
"AppStream-9.4.0.Z.EUS:skopeo-2:1.14.5-2.el9_4.4.ppc64le",
"AppStream-9.4.0.Z.EUS:skopeo-2:1.14.5-2.el9_4.4.s390x",
"AppStream-9.4.0.Z.EUS:skopeo-2:1.14.5-2.el9_4.4.src",
"AppStream-9.4.0.Z.EUS:skopeo-2:1.14.5-2.el9_4.4.x86_64",
"AppStream-9.4.0.Z.EUS:skopeo-debuginfo-2:1.14.5-2.el9_4.4.aarch64",
"AppStream-9.4.0.Z.EUS:skopeo-debuginfo-2:1.14.5-2.el9_4.4.ppc64le",
"AppStream-9.4.0.Z.EUS:skopeo-debuginfo-2:1.14.5-2.el9_4.4.s390x",
"AppStream-9.4.0.Z.EUS:skopeo-debuginfo-2:1.14.5-2.el9_4.4.x86_64",
"AppStream-9.4.0.Z.EUS:skopeo-debugsource-2:1.14.5-2.el9_4.4.aarch64",
"AppStream-9.4.0.Z.EUS:skopeo-debugsource-2:1.14.5-2.el9_4.4.ppc64le",
"AppStream-9.4.0.Z.EUS:skopeo-debugsource-2:1.14.5-2.el9_4.4.s390x",
"AppStream-9.4.0.Z.EUS:skopeo-debugsource-2:1.14.5-2.el9_4.4.x86_64",
"AppStream-9.4.0.Z.EUS:skopeo-tests-2:1.14.5-2.el9_4.4.aarch64",
"AppStream-9.4.0.Z.EUS:skopeo-tests-2:1.14.5-2.el9_4.4.ppc64le",
"AppStream-9.4.0.Z.EUS:skopeo-tests-2:1.14.5-2.el9_4.4.s390x",
"AppStream-9.4.0.Z.EUS:skopeo-tests-2:1.14.5-2.el9_4.4.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:12029"
},
{
"category": "workaround",
"details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.",
"product_ids": [
"AppStream-9.4.0.Z.EUS:skopeo-2:1.14.5-2.el9_4.4.aarch64",
"AppStream-9.4.0.Z.EUS:skopeo-2:1.14.5-2.el9_4.4.ppc64le",
"AppStream-9.4.0.Z.EUS:skopeo-2:1.14.5-2.el9_4.4.s390x",
"AppStream-9.4.0.Z.EUS:skopeo-2:1.14.5-2.el9_4.4.src",
"AppStream-9.4.0.Z.EUS:skopeo-2:1.14.5-2.el9_4.4.x86_64",
"AppStream-9.4.0.Z.EUS:skopeo-debuginfo-2:1.14.5-2.el9_4.4.aarch64",
"AppStream-9.4.0.Z.EUS:skopeo-debuginfo-2:1.14.5-2.el9_4.4.ppc64le",
"AppStream-9.4.0.Z.EUS:skopeo-debuginfo-2:1.14.5-2.el9_4.4.s390x",
"AppStream-9.4.0.Z.EUS:skopeo-debuginfo-2:1.14.5-2.el9_4.4.x86_64",
"AppStream-9.4.0.Z.EUS:skopeo-debugsource-2:1.14.5-2.el9_4.4.aarch64",
"AppStream-9.4.0.Z.EUS:skopeo-debugsource-2:1.14.5-2.el9_4.4.ppc64le",
"AppStream-9.4.0.Z.EUS:skopeo-debugsource-2:1.14.5-2.el9_4.4.s390x",
"AppStream-9.4.0.Z.EUS:skopeo-debugsource-2:1.14.5-2.el9_4.4.x86_64",
"AppStream-9.4.0.Z.EUS:skopeo-tests-2:1.14.5-2.el9_4.4.aarch64",
"AppStream-9.4.0.Z.EUS:skopeo-tests-2:1.14.5-2.el9_4.4.ppc64le",
"AppStream-9.4.0.Z.EUS:skopeo-tests-2:1.14.5-2.el9_4.4.s390x",
"AppStream-9.4.0.Z.EUS:skopeo-tests-2:1.14.5-2.el9_4.4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.4.0.Z.EUS:skopeo-2:1.14.5-2.el9_4.4.aarch64",
"AppStream-9.4.0.Z.EUS:skopeo-2:1.14.5-2.el9_4.4.ppc64le",
"AppStream-9.4.0.Z.EUS:skopeo-2:1.14.5-2.el9_4.4.s390x",
"AppStream-9.4.0.Z.EUS:skopeo-2:1.14.5-2.el9_4.4.src",
"AppStream-9.4.0.Z.EUS:skopeo-2:1.14.5-2.el9_4.4.x86_64",
"AppStream-9.4.0.Z.EUS:skopeo-debuginfo-2:1.14.5-2.el9_4.4.aarch64",
"AppStream-9.4.0.Z.EUS:skopeo-debuginfo-2:1.14.5-2.el9_4.4.ppc64le",
"AppStream-9.4.0.Z.EUS:skopeo-debuginfo-2:1.14.5-2.el9_4.4.s390x",
"AppStream-9.4.0.Z.EUS:skopeo-debuginfo-2:1.14.5-2.el9_4.4.x86_64",
"AppStream-9.4.0.Z.EUS:skopeo-debugsource-2:1.14.5-2.el9_4.4.aarch64",
"AppStream-9.4.0.Z.EUS:skopeo-debugsource-2:1.14.5-2.el9_4.4.ppc64le",
"AppStream-9.4.0.Z.EUS:skopeo-debugsource-2:1.14.5-2.el9_4.4.s390x",
"AppStream-9.4.0.Z.EUS:skopeo-debugsource-2:1.14.5-2.el9_4.4.x86_64",
"AppStream-9.4.0.Z.EUS:skopeo-tests-2:1.14.5-2.el9_4.4.aarch64",
"AppStream-9.4.0.Z.EUS:skopeo-tests-2:1.14.5-2.el9_4.4.ppc64le",
"AppStream-9.4.0.Z.EUS:skopeo-tests-2:1.14.5-2.el9_4.4.s390x",
"AppStream-9.4.0.Z.EUS:skopeo-tests-2:1.14.5-2.el9_4.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang: net/url: Memory exhaustion in query parameter parsing in net/url"
},
{
"cve": "CVE-2025-61729",
"cwe": {
"id": "CWE-1050",
"name": "Excessive Platform Resource Consumption within a Loop"
},
"discovery_date": "2025-12-02T20:01:45.330964+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2418462"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the `HostnameError.Error()` function. This flaw, caused by unbounded string concatenation, leads to excessive resource consumption. Successful exploitation can result in a denial of service (DoS) for the affected system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.4.0.Z.EUS:skopeo-2:1.14.5-2.el9_4.4.aarch64",
"AppStream-9.4.0.Z.EUS:skopeo-2:1.14.5-2.el9_4.4.ppc64le",
"AppStream-9.4.0.Z.EUS:skopeo-2:1.14.5-2.el9_4.4.s390x",
"AppStream-9.4.0.Z.EUS:skopeo-2:1.14.5-2.el9_4.4.src",
"AppStream-9.4.0.Z.EUS:skopeo-2:1.14.5-2.el9_4.4.x86_64",
"AppStream-9.4.0.Z.EUS:skopeo-debuginfo-2:1.14.5-2.el9_4.4.aarch64",
"AppStream-9.4.0.Z.EUS:skopeo-debuginfo-2:1.14.5-2.el9_4.4.ppc64le",
"AppStream-9.4.0.Z.EUS:skopeo-debuginfo-2:1.14.5-2.el9_4.4.s390x",
"AppStream-9.4.0.Z.EUS:skopeo-debuginfo-2:1.14.5-2.el9_4.4.x86_64",
"AppStream-9.4.0.Z.EUS:skopeo-debugsource-2:1.14.5-2.el9_4.4.aarch64",
"AppStream-9.4.0.Z.EUS:skopeo-debugsource-2:1.14.5-2.el9_4.4.ppc64le",
"AppStream-9.4.0.Z.EUS:skopeo-debugsource-2:1.14.5-2.el9_4.4.s390x",
"AppStream-9.4.0.Z.EUS:skopeo-debugsource-2:1.14.5-2.el9_4.4.x86_64",
"AppStream-9.4.0.Z.EUS:skopeo-tests-2:1.14.5-2.el9_4.4.aarch64",
"AppStream-9.4.0.Z.EUS:skopeo-tests-2:1.14.5-2.el9_4.4.ppc64le",
"AppStream-9.4.0.Z.EUS:skopeo-tests-2:1.14.5-2.el9_4.4.s390x",
"AppStream-9.4.0.Z.EUS:skopeo-tests-2:1.14.5-2.el9_4.4.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61729"
},
{
"category": "external",
"summary": "RHBZ#2418462",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418462"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61729",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61729"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61729",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61729"
},
{
"category": "external",
"summary": "https://go.dev/cl/725920",
"url": "https://go.dev/cl/725920"
},
{
"category": "external",
"summary": "https://go.dev/issue/76445",
"url": "https://go.dev/issue/76445"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4",
"url": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-4155",
"url": "https://pkg.go.dev/vuln/GO-2025-4155"
}
],
"release_date": "2025-12-02T18:54:10.166000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-30T03:01:07+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.4.0.Z.EUS:skopeo-2:1.14.5-2.el9_4.4.aarch64",
"AppStream-9.4.0.Z.EUS:skopeo-2:1.14.5-2.el9_4.4.ppc64le",
"AppStream-9.4.0.Z.EUS:skopeo-2:1.14.5-2.el9_4.4.s390x",
"AppStream-9.4.0.Z.EUS:skopeo-2:1.14.5-2.el9_4.4.src",
"AppStream-9.4.0.Z.EUS:skopeo-2:1.14.5-2.el9_4.4.x86_64",
"AppStream-9.4.0.Z.EUS:skopeo-debuginfo-2:1.14.5-2.el9_4.4.aarch64",
"AppStream-9.4.0.Z.EUS:skopeo-debuginfo-2:1.14.5-2.el9_4.4.ppc64le",
"AppStream-9.4.0.Z.EUS:skopeo-debuginfo-2:1.14.5-2.el9_4.4.s390x",
"AppStream-9.4.0.Z.EUS:skopeo-debuginfo-2:1.14.5-2.el9_4.4.x86_64",
"AppStream-9.4.0.Z.EUS:skopeo-debugsource-2:1.14.5-2.el9_4.4.aarch64",
"AppStream-9.4.0.Z.EUS:skopeo-debugsource-2:1.14.5-2.el9_4.4.ppc64le",
"AppStream-9.4.0.Z.EUS:skopeo-debugsource-2:1.14.5-2.el9_4.4.s390x",
"AppStream-9.4.0.Z.EUS:skopeo-debugsource-2:1.14.5-2.el9_4.4.x86_64",
"AppStream-9.4.0.Z.EUS:skopeo-tests-2:1.14.5-2.el9_4.4.aarch64",
"AppStream-9.4.0.Z.EUS:skopeo-tests-2:1.14.5-2.el9_4.4.ppc64le",
"AppStream-9.4.0.Z.EUS:skopeo-tests-2:1.14.5-2.el9_4.4.s390x",
"AppStream-9.4.0.Z.EUS:skopeo-tests-2:1.14.5-2.el9_4.4.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:12029"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.4.0.Z.EUS:skopeo-2:1.14.5-2.el9_4.4.aarch64",
"AppStream-9.4.0.Z.EUS:skopeo-2:1.14.5-2.el9_4.4.ppc64le",
"AppStream-9.4.0.Z.EUS:skopeo-2:1.14.5-2.el9_4.4.s390x",
"AppStream-9.4.0.Z.EUS:skopeo-2:1.14.5-2.el9_4.4.src",
"AppStream-9.4.0.Z.EUS:skopeo-2:1.14.5-2.el9_4.4.x86_64",
"AppStream-9.4.0.Z.EUS:skopeo-debuginfo-2:1.14.5-2.el9_4.4.aarch64",
"AppStream-9.4.0.Z.EUS:skopeo-debuginfo-2:1.14.5-2.el9_4.4.ppc64le",
"AppStream-9.4.0.Z.EUS:skopeo-debuginfo-2:1.14.5-2.el9_4.4.s390x",
"AppStream-9.4.0.Z.EUS:skopeo-debuginfo-2:1.14.5-2.el9_4.4.x86_64",
"AppStream-9.4.0.Z.EUS:skopeo-debugsource-2:1.14.5-2.el9_4.4.aarch64",
"AppStream-9.4.0.Z.EUS:skopeo-debugsource-2:1.14.5-2.el9_4.4.ppc64le",
"AppStream-9.4.0.Z.EUS:skopeo-debugsource-2:1.14.5-2.el9_4.4.s390x",
"AppStream-9.4.0.Z.EUS:skopeo-debugsource-2:1.14.5-2.el9_4.4.x86_64",
"AppStream-9.4.0.Z.EUS:skopeo-tests-2:1.14.5-2.el9_4.4.aarch64",
"AppStream-9.4.0.Z.EUS:skopeo-tests-2:1.14.5-2.el9_4.4.ppc64le",
"AppStream-9.4.0.Z.EUS:skopeo-tests-2:1.14.5-2.el9_4.4.s390x",
"AppStream-9.4.0.Z.EUS:skopeo-tests-2:1.14.5-2.el9_4.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate"
},
{
"cve": "CVE-2025-68121",
"discovery_date": "2026-02-05T18:01:30.086058+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2437111"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the crypto/tls component. This vulnerability occurs during Transport Layer Security (TLS) session resumption when certificate authority (CA) settings are modified between the initial and resumed handshakes. An attacker could exploit this to bypass certificate validation, allowing a client or server to establish a connection that should have been rejected. This could lead to an authentication bypass under specific conditions.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is a moderate flaw because it only occurs under specific conditions, such as TLS session resumption with runtime changes to certificate authority settings. Exploitation is not straightforward and requires a controlled setup. The impact is limited to certificate validation within the same component and does not affect system availability.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.4.0.Z.EUS:skopeo-2:1.14.5-2.el9_4.4.aarch64",
"AppStream-9.4.0.Z.EUS:skopeo-2:1.14.5-2.el9_4.4.ppc64le",
"AppStream-9.4.0.Z.EUS:skopeo-2:1.14.5-2.el9_4.4.s390x",
"AppStream-9.4.0.Z.EUS:skopeo-2:1.14.5-2.el9_4.4.src",
"AppStream-9.4.0.Z.EUS:skopeo-2:1.14.5-2.el9_4.4.x86_64",
"AppStream-9.4.0.Z.EUS:skopeo-debuginfo-2:1.14.5-2.el9_4.4.aarch64",
"AppStream-9.4.0.Z.EUS:skopeo-debuginfo-2:1.14.5-2.el9_4.4.ppc64le",
"AppStream-9.4.0.Z.EUS:skopeo-debuginfo-2:1.14.5-2.el9_4.4.s390x",
"AppStream-9.4.0.Z.EUS:skopeo-debuginfo-2:1.14.5-2.el9_4.4.x86_64",
"AppStream-9.4.0.Z.EUS:skopeo-debugsource-2:1.14.5-2.el9_4.4.aarch64",
"AppStream-9.4.0.Z.EUS:skopeo-debugsource-2:1.14.5-2.el9_4.4.ppc64le",
"AppStream-9.4.0.Z.EUS:skopeo-debugsource-2:1.14.5-2.el9_4.4.s390x",
"AppStream-9.4.0.Z.EUS:skopeo-debugsource-2:1.14.5-2.el9_4.4.x86_64",
"AppStream-9.4.0.Z.EUS:skopeo-tests-2:1.14.5-2.el9_4.4.aarch64",
"AppStream-9.4.0.Z.EUS:skopeo-tests-2:1.14.5-2.el9_4.4.ppc64le",
"AppStream-9.4.0.Z.EUS:skopeo-tests-2:1.14.5-2.el9_4.4.s390x",
"AppStream-9.4.0.Z.EUS:skopeo-tests-2:1.14.5-2.el9_4.4.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-68121"
},
{
"category": "external",
"summary": "RHBZ#2437111",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2437111"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-68121",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68121"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-68121",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68121"
},
{
"category": "external",
"summary": "https://go.dev/cl/737700",
"url": "https://go.dev/cl/737700"
},
{
"category": "external",
"summary": "https://go.dev/issue/77217",
"url": "https://go.dev/issue/77217"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk",
"url": "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4337",
"url": "https://pkg.go.dev/vuln/GO-2026-4337"
}
],
"release_date": "2026-02-05T17:48:44.141000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-30T03:01:07+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.4.0.Z.EUS:skopeo-2:1.14.5-2.el9_4.4.aarch64",
"AppStream-9.4.0.Z.EUS:skopeo-2:1.14.5-2.el9_4.4.ppc64le",
"AppStream-9.4.0.Z.EUS:skopeo-2:1.14.5-2.el9_4.4.s390x",
"AppStream-9.4.0.Z.EUS:skopeo-2:1.14.5-2.el9_4.4.src",
"AppStream-9.4.0.Z.EUS:skopeo-2:1.14.5-2.el9_4.4.x86_64",
"AppStream-9.4.0.Z.EUS:skopeo-debuginfo-2:1.14.5-2.el9_4.4.aarch64",
"AppStream-9.4.0.Z.EUS:skopeo-debuginfo-2:1.14.5-2.el9_4.4.ppc64le",
"AppStream-9.4.0.Z.EUS:skopeo-debuginfo-2:1.14.5-2.el9_4.4.s390x",
"AppStream-9.4.0.Z.EUS:skopeo-debuginfo-2:1.14.5-2.el9_4.4.x86_64",
"AppStream-9.4.0.Z.EUS:skopeo-debugsource-2:1.14.5-2.el9_4.4.aarch64",
"AppStream-9.4.0.Z.EUS:skopeo-debugsource-2:1.14.5-2.el9_4.4.ppc64le",
"AppStream-9.4.0.Z.EUS:skopeo-debugsource-2:1.14.5-2.el9_4.4.s390x",
"AppStream-9.4.0.Z.EUS:skopeo-debugsource-2:1.14.5-2.el9_4.4.x86_64",
"AppStream-9.4.0.Z.EUS:skopeo-tests-2:1.14.5-2.el9_4.4.aarch64",
"AppStream-9.4.0.Z.EUS:skopeo-tests-2:1.14.5-2.el9_4.4.ppc64le",
"AppStream-9.4.0.Z.EUS:skopeo-tests-2:1.14.5-2.el9_4.4.s390x",
"AppStream-9.4.0.Z.EUS:skopeo-tests-2:1.14.5-2.el9_4.4.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:12029"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"AppStream-9.4.0.Z.EUS:skopeo-2:1.14.5-2.el9_4.4.aarch64",
"AppStream-9.4.0.Z.EUS:skopeo-2:1.14.5-2.el9_4.4.ppc64le",
"AppStream-9.4.0.Z.EUS:skopeo-2:1.14.5-2.el9_4.4.s390x",
"AppStream-9.4.0.Z.EUS:skopeo-2:1.14.5-2.el9_4.4.src",
"AppStream-9.4.0.Z.EUS:skopeo-2:1.14.5-2.el9_4.4.x86_64",
"AppStream-9.4.0.Z.EUS:skopeo-debuginfo-2:1.14.5-2.el9_4.4.aarch64",
"AppStream-9.4.0.Z.EUS:skopeo-debuginfo-2:1.14.5-2.el9_4.4.ppc64le",
"AppStream-9.4.0.Z.EUS:skopeo-debuginfo-2:1.14.5-2.el9_4.4.s390x",
"AppStream-9.4.0.Z.EUS:skopeo-debuginfo-2:1.14.5-2.el9_4.4.x86_64",
"AppStream-9.4.0.Z.EUS:skopeo-debugsource-2:1.14.5-2.el9_4.4.aarch64",
"AppStream-9.4.0.Z.EUS:skopeo-debugsource-2:1.14.5-2.el9_4.4.ppc64le",
"AppStream-9.4.0.Z.EUS:skopeo-debugsource-2:1.14.5-2.el9_4.4.s390x",
"AppStream-9.4.0.Z.EUS:skopeo-debugsource-2:1.14.5-2.el9_4.4.x86_64",
"AppStream-9.4.0.Z.EUS:skopeo-tests-2:1.14.5-2.el9_4.4.aarch64",
"AppStream-9.4.0.Z.EUS:skopeo-tests-2:1.14.5-2.el9_4.4.ppc64le",
"AppStream-9.4.0.Z.EUS:skopeo-tests-2:1.14.5-2.el9_4.4.s390x",
"AppStream-9.4.0.Z.EUS:skopeo-tests-2:1.14.5-2.el9_4.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption"
},
{
"cve": "CVE-2026-25679",
"cwe": {
"id": "CWE-1286",
"name": "Improper Validation of Syntactic Correctness of Input"
},
"discovery_date": "2026-03-06T22:02:11.567841+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2445356"
}
],
"notes": [
{
"category": "description",
"text": "The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "net/url: Incorrect parsing of IPv6 host literals in net/url",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.4.0.Z.EUS:skopeo-2:1.14.5-2.el9_4.4.aarch64",
"AppStream-9.4.0.Z.EUS:skopeo-2:1.14.5-2.el9_4.4.ppc64le",
"AppStream-9.4.0.Z.EUS:skopeo-2:1.14.5-2.el9_4.4.s390x",
"AppStream-9.4.0.Z.EUS:skopeo-2:1.14.5-2.el9_4.4.src",
"AppStream-9.4.0.Z.EUS:skopeo-2:1.14.5-2.el9_4.4.x86_64",
"AppStream-9.4.0.Z.EUS:skopeo-debuginfo-2:1.14.5-2.el9_4.4.aarch64",
"AppStream-9.4.0.Z.EUS:skopeo-debuginfo-2:1.14.5-2.el9_4.4.ppc64le",
"AppStream-9.4.0.Z.EUS:skopeo-debuginfo-2:1.14.5-2.el9_4.4.s390x",
"AppStream-9.4.0.Z.EUS:skopeo-debuginfo-2:1.14.5-2.el9_4.4.x86_64",
"AppStream-9.4.0.Z.EUS:skopeo-debugsource-2:1.14.5-2.el9_4.4.aarch64",
"AppStream-9.4.0.Z.EUS:skopeo-debugsource-2:1.14.5-2.el9_4.4.ppc64le",
"AppStream-9.4.0.Z.EUS:skopeo-debugsource-2:1.14.5-2.el9_4.4.s390x",
"AppStream-9.4.0.Z.EUS:skopeo-debugsource-2:1.14.5-2.el9_4.4.x86_64",
"AppStream-9.4.0.Z.EUS:skopeo-tests-2:1.14.5-2.el9_4.4.aarch64",
"AppStream-9.4.0.Z.EUS:skopeo-tests-2:1.14.5-2.el9_4.4.ppc64le",
"AppStream-9.4.0.Z.EUS:skopeo-tests-2:1.14.5-2.el9_4.4.s390x",
"AppStream-9.4.0.Z.EUS:skopeo-tests-2:1.14.5-2.el9_4.4.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-25679"
},
{
"category": "external",
"summary": "RHBZ#2445356",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445356"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-25679",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25679"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-25679",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25679"
},
{
"category": "external",
"summary": "https://go.dev/cl/752180",
"url": "https://go.dev/cl/752180"
},
{
"category": "external",
"summary": "https://go.dev/issue/77578",
"url": "https://go.dev/issue/77578"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk",
"url": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4601",
"url": "https://pkg.go.dev/vuln/GO-2026-4601"
}
],
"release_date": "2026-03-06T21:28:14.211000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-30T03:01:07+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.4.0.Z.EUS:skopeo-2:1.14.5-2.el9_4.4.aarch64",
"AppStream-9.4.0.Z.EUS:skopeo-2:1.14.5-2.el9_4.4.ppc64le",
"AppStream-9.4.0.Z.EUS:skopeo-2:1.14.5-2.el9_4.4.s390x",
"AppStream-9.4.0.Z.EUS:skopeo-2:1.14.5-2.el9_4.4.src",
"AppStream-9.4.0.Z.EUS:skopeo-2:1.14.5-2.el9_4.4.x86_64",
"AppStream-9.4.0.Z.EUS:skopeo-debuginfo-2:1.14.5-2.el9_4.4.aarch64",
"AppStream-9.4.0.Z.EUS:skopeo-debuginfo-2:1.14.5-2.el9_4.4.ppc64le",
"AppStream-9.4.0.Z.EUS:skopeo-debuginfo-2:1.14.5-2.el9_4.4.s390x",
"AppStream-9.4.0.Z.EUS:skopeo-debuginfo-2:1.14.5-2.el9_4.4.x86_64",
"AppStream-9.4.0.Z.EUS:skopeo-debugsource-2:1.14.5-2.el9_4.4.aarch64",
"AppStream-9.4.0.Z.EUS:skopeo-debugsource-2:1.14.5-2.el9_4.4.ppc64le",
"AppStream-9.4.0.Z.EUS:skopeo-debugsource-2:1.14.5-2.el9_4.4.s390x",
"AppStream-9.4.0.Z.EUS:skopeo-debugsource-2:1.14.5-2.el9_4.4.x86_64",
"AppStream-9.4.0.Z.EUS:skopeo-tests-2:1.14.5-2.el9_4.4.aarch64",
"AppStream-9.4.0.Z.EUS:skopeo-tests-2:1.14.5-2.el9_4.4.ppc64le",
"AppStream-9.4.0.Z.EUS:skopeo-tests-2:1.14.5-2.el9_4.4.s390x",
"AppStream-9.4.0.Z.EUS:skopeo-tests-2:1.14.5-2.el9_4.4.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:12029"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.4.0.Z.EUS:skopeo-2:1.14.5-2.el9_4.4.aarch64",
"AppStream-9.4.0.Z.EUS:skopeo-2:1.14.5-2.el9_4.4.ppc64le",
"AppStream-9.4.0.Z.EUS:skopeo-2:1.14.5-2.el9_4.4.s390x",
"AppStream-9.4.0.Z.EUS:skopeo-2:1.14.5-2.el9_4.4.src",
"AppStream-9.4.0.Z.EUS:skopeo-2:1.14.5-2.el9_4.4.x86_64",
"AppStream-9.4.0.Z.EUS:skopeo-debuginfo-2:1.14.5-2.el9_4.4.aarch64",
"AppStream-9.4.0.Z.EUS:skopeo-debuginfo-2:1.14.5-2.el9_4.4.ppc64le",
"AppStream-9.4.0.Z.EUS:skopeo-debuginfo-2:1.14.5-2.el9_4.4.s390x",
"AppStream-9.4.0.Z.EUS:skopeo-debuginfo-2:1.14.5-2.el9_4.4.x86_64",
"AppStream-9.4.0.Z.EUS:skopeo-debugsource-2:1.14.5-2.el9_4.4.aarch64",
"AppStream-9.4.0.Z.EUS:skopeo-debugsource-2:1.14.5-2.el9_4.4.ppc64le",
"AppStream-9.4.0.Z.EUS:skopeo-debugsource-2:1.14.5-2.el9_4.4.s390x",
"AppStream-9.4.0.Z.EUS:skopeo-debugsource-2:1.14.5-2.el9_4.4.x86_64",
"AppStream-9.4.0.Z.EUS:skopeo-tests-2:1.14.5-2.el9_4.4.aarch64",
"AppStream-9.4.0.Z.EUS:skopeo-tests-2:1.14.5-2.el9_4.4.ppc64le",
"AppStream-9.4.0.Z.EUS:skopeo-tests-2:1.14.5-2.el9_4.4.s390x",
"AppStream-9.4.0.Z.EUS:skopeo-tests-2:1.14.5-2.el9_4.4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.4.0.Z.EUS:skopeo-2:1.14.5-2.el9_4.4.aarch64",
"AppStream-9.4.0.Z.EUS:skopeo-2:1.14.5-2.el9_4.4.ppc64le",
"AppStream-9.4.0.Z.EUS:skopeo-2:1.14.5-2.el9_4.4.s390x",
"AppStream-9.4.0.Z.EUS:skopeo-2:1.14.5-2.el9_4.4.src",
"AppStream-9.4.0.Z.EUS:skopeo-2:1.14.5-2.el9_4.4.x86_64",
"AppStream-9.4.0.Z.EUS:skopeo-debuginfo-2:1.14.5-2.el9_4.4.aarch64",
"AppStream-9.4.0.Z.EUS:skopeo-debuginfo-2:1.14.5-2.el9_4.4.ppc64le",
"AppStream-9.4.0.Z.EUS:skopeo-debuginfo-2:1.14.5-2.el9_4.4.s390x",
"AppStream-9.4.0.Z.EUS:skopeo-debuginfo-2:1.14.5-2.el9_4.4.x86_64",
"AppStream-9.4.0.Z.EUS:skopeo-debugsource-2:1.14.5-2.el9_4.4.aarch64",
"AppStream-9.4.0.Z.EUS:skopeo-debugsource-2:1.14.5-2.el9_4.4.ppc64le",
"AppStream-9.4.0.Z.EUS:skopeo-debugsource-2:1.14.5-2.el9_4.4.s390x",
"AppStream-9.4.0.Z.EUS:skopeo-debugsource-2:1.14.5-2.el9_4.4.x86_64",
"AppStream-9.4.0.Z.EUS:skopeo-tests-2:1.14.5-2.el9_4.4.aarch64",
"AppStream-9.4.0.Z.EUS:skopeo-tests-2:1.14.5-2.el9_4.4.ppc64le",
"AppStream-9.4.0.Z.EUS:skopeo-tests-2:1.14.5-2.el9_4.4.s390x",
"AppStream-9.4.0.Z.EUS:skopeo-tests-2:1.14.5-2.el9_4.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "net/url: Incorrect parsing of IPv6 host literals in net/url"
}
]
}
RHSA-2026:12030
Vulnerability from csaf_redhat - Published: 2026-04-30 03:33 - Updated: 2026-06-27 14:37Summary
Red Hat Security Advisory: buildah security update
Severity
Important
Notes
Topic: An update for buildah is now available for Red Hat Enterprise Linux 9.4 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: The buildah package provides a tool for facilitating building OCI container images. Among other things, buildah enables you to: Create a working container, either from scratch or using an image as a starting point; Create an image, either from a working container or using the instructions in a Dockerfile; Build both Docker and OCI images.
Security Fix(es):
* golang.org/x/crypto/ssh/agent: golang.org/x/crypto/ssh/agent: SSH client panic due to unexpected SSH_AGENT_SUCCESS (CVE-2025-47913)
* crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate (CVE-2025-61729)
* golang: net/url: Memory exhaustion in query parameter parsing in net/url (CVE-2025-61726)
* crypto/tls: Unexpected session resumption in crypto/tls (CVE-2025-68121)
* net/url: Incorrect parsing of IPv6 host literals in net/url (CVE-2026-25679)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw in golang.org/x/crypto/ssh/agent causes the SSH agent client to panic when a peer responds with the generic SSH_AGENT_SUCCESS (0x06) message to requests expecting typed replies (e.g., List, Sign). The unmarshal layer produces an unexpected message type, which the client code does not handle, leading to panic("unreachable") or a nil-pointer dereference. A malicious agent or forwarded connection can exploit this to terminate the client process.
7.5 (High)
Affected products
Fixed
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.4.0.Z.EUS:buildah-2:1.33.13-3.el9_4.1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:buildah-2:1.33.13-3.el9_4.1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:buildah-2:1.33.13-3.el9_4.1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:buildah-2:1.33.13-3.el9_4.1.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:buildah-2:1.33.13-3.el9_4.1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:buildah-debuginfo-2:1.33.13-3.el9_4.1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:buildah-debuginfo-2:1.33.13-3.el9_4.1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:buildah-debuginfo-2:1.33.13-3.el9_4.1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:buildah-debuginfo-2:1.33.13-3.el9_4.1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:buildah-debugsource-2:1.33.13-3.el9_4.1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:buildah-debugsource-2:1.33.13-3.el9_4.1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:buildah-debugsource-2:1.33.13-3.el9_4.1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:buildah-debugsource-2:1.33.13-3.el9_4.1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:buildah-tests-2:1.33.13-3.el9_4.1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:buildah-tests-2:1.33.13-3.el9_4.1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:buildah-tests-2:1.33.13-3.el9_4.1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:buildah-tests-2:1.33.13-3.el9_4.1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:buildah-tests-debuginfo-2:1.33.13-3.el9_4.1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:buildah-tests-debuginfo-2:1.33.13-3.el9_4.1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:buildah-tests-debuginfo-2:1.33.13-3.el9_4.1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:buildah-tests-debuginfo-2:1.33.13-3.el9_4.1.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted HTTP request containing a massive number of query parameters will cause the application to consume an excessive amount of memory, eventually causing the application to crash or become unresponsive, resulting in a denial of service.
7.5 (High)
Affected products
Fixed
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.4.0.Z.EUS:buildah-2:1.33.13-3.el9_4.1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:buildah-2:1.33.13-3.el9_4.1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:buildah-2:1.33.13-3.el9_4.1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:buildah-2:1.33.13-3.el9_4.1.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:buildah-2:1.33.13-3.el9_4.1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:buildah-debuginfo-2:1.33.13-3.el9_4.1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:buildah-debuginfo-2:1.33.13-3.el9_4.1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:buildah-debuginfo-2:1.33.13-3.el9_4.1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:buildah-debuginfo-2:1.33.13-3.el9_4.1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:buildah-debugsource-2:1.33.13-3.el9_4.1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:buildah-debugsource-2:1.33.13-3.el9_4.1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:buildah-debugsource-2:1.33.13-3.el9_4.1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:buildah-debugsource-2:1.33.13-3.el9_4.1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:buildah-tests-2:1.33.13-3.el9_4.1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:buildah-tests-2:1.33.13-3.el9_4.1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:buildah-tests-2:1.33.13-3.el9_4.1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:buildah-tests-2:1.33.13-3.el9_4.1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:buildah-tests-debuginfo-2:1.33.13-3.el9_4.1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:buildah-tests-debuginfo-2:1.33.13-3.el9_4.1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:buildah-tests-debuginfo-2:1.33.13-3.el9_4.1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:buildah-tests-debuginfo-2:1.33.13-3.el9_4.1.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the `HostnameError.Error()` function. This flaw, caused by unbounded string concatenation, leads to excessive resource consumption. Successful exploitation can result in a denial of service (DoS) for the affected system.
7.5 (High)
Affected products
Fixed
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.4.0.Z.EUS:buildah-2:1.33.13-3.el9_4.1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:buildah-2:1.33.13-3.el9_4.1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:buildah-2:1.33.13-3.el9_4.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:buildah-2:1.33.13-3.el9_4.1.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:buildah-2:1.33.13-3.el9_4.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:buildah-debuginfo-2:1.33.13-3.el9_4.1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:buildah-debuginfo-2:1.33.13-3.el9_4.1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:buildah-debuginfo-2:1.33.13-3.el9_4.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:buildah-debuginfo-2:1.33.13-3.el9_4.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:buildah-debugsource-2:1.33.13-3.el9_4.1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:buildah-debugsource-2:1.33.13-3.el9_4.1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:buildah-debugsource-2:1.33.13-3.el9_4.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:buildah-debugsource-2:1.33.13-3.el9_4.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:buildah-tests-2:1.33.13-3.el9_4.1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:buildah-tests-2:1.33.13-3.el9_4.1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:buildah-tests-2:1.33.13-3.el9_4.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:buildah-tests-2:1.33.13-3.el9_4.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:buildah-tests-debuginfo-2:1.33.13-3.el9_4.1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:buildah-tests-debuginfo-2:1.33.13-3.el9_4.1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:buildah-tests-debuginfo-2:1.33.13-3.el9_4.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:buildah-tests-debuginfo-2:1.33.13-3.el9_4.1.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Important
A flaw was found in the crypto/tls component. This vulnerability occurs during Transport Layer Security (TLS) session resumption when certificate authority (CA) settings are modified between the initial and resumed handshakes. An attacker could exploit this to bypass certificate validation, allowing a client or server to establish a connection that should have been rejected. This could lead to an authentication bypass under specific conditions.
7.4 (High)
Affected products
Fixed
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.4.0.Z.EUS:buildah-2:1.33.13-3.el9_4.1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:buildah-2:1.33.13-3.el9_4.1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:buildah-2:1.33.13-3.el9_4.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:buildah-2:1.33.13-3.el9_4.1.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:buildah-2:1.33.13-3.el9_4.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:buildah-debuginfo-2:1.33.13-3.el9_4.1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:buildah-debuginfo-2:1.33.13-3.el9_4.1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:buildah-debuginfo-2:1.33.13-3.el9_4.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:buildah-debuginfo-2:1.33.13-3.el9_4.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:buildah-debugsource-2:1.33.13-3.el9_4.1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:buildah-debugsource-2:1.33.13-3.el9_4.1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:buildah-debugsource-2:1.33.13-3.el9_4.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:buildah-debugsource-2:1.33.13-3.el9_4.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:buildah-tests-2:1.33.13-3.el9_4.1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:buildah-tests-2:1.33.13-3.el9_4.1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:buildah-tests-2:1.33.13-3.el9_4.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:buildah-tests-2:1.33.13-3.el9_4.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:buildah-tests-debuginfo-2:1.33.13-3.el9_4.1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:buildah-tests-debuginfo-2:1.33.13-3.el9_4.1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:buildah-tests-debuginfo-2:1.33.13-3.el9_4.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:buildah-tests-debuginfo-2:1.33.13-3.el9_4.1.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid.
7.5 (High)
Affected products
Fixed
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.4.0.Z.EUS:buildah-2:1.33.13-3.el9_4.1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:buildah-2:1.33.13-3.el9_4.1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:buildah-2:1.33.13-3.el9_4.1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:buildah-2:1.33.13-3.el9_4.1.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:buildah-2:1.33.13-3.el9_4.1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:buildah-debuginfo-2:1.33.13-3.el9_4.1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:buildah-debuginfo-2:1.33.13-3.el9_4.1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:buildah-debuginfo-2:1.33.13-3.el9_4.1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:buildah-debuginfo-2:1.33.13-3.el9_4.1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:buildah-debugsource-2:1.33.13-3.el9_4.1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:buildah-debugsource-2:1.33.13-3.el9_4.1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:buildah-debugsource-2:1.33.13-3.el9_4.1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:buildah-debugsource-2:1.33.13-3.el9_4.1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:buildah-tests-2:1.33.13-3.el9_4.1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:buildah-tests-2:1.33.13-3.el9_4.1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:buildah-tests-2:1.33.13-3.el9_4.1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:buildah-tests-2:1.33.13-3.el9_4.1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:buildah-tests-debuginfo-2:1.33.13-3.el9_4.1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:buildah-tests-debuginfo-2:1.33.13-3.el9_4.1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:buildah-tests-debuginfo-2:1.33.13-3.el9_4.1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:buildah-tests-debuginfo-2:1.33.13-3.el9_4.1.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
References
48 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for buildah is now available for Red Hat Enterprise Linux 9.4 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The buildah package provides a tool for facilitating building OCI container images. Among other things, buildah enables you to: Create a working container, either from scratch or using an image as a starting point; Create an image, either from a working container or using the instructions in a Dockerfile; Build both Docker and OCI images. \n\nSecurity Fix(es):\n\n* golang.org/x/crypto/ssh/agent: golang.org/x/crypto/ssh/agent: SSH client panic due to unexpected SSH_AGENT_SUCCESS (CVE-2025-47913)\n\n* crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate (CVE-2025-61729)\n\n* golang: net/url: Memory exhaustion in query parameter parsing in net/url (CVE-2025-61726)\n\n* crypto/tls: Unexpected session resumption in crypto/tls (CVE-2025-68121)\n\n* net/url: Incorrect parsing of IPv6 host literals in net/url (CVE-2026-25679)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:12030",
"url": "https://access.redhat.com/errata/RHSA-2026:12030"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2414943",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2414943"
},
{
"category": "external",
"summary": "2418462",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418462"
},
{
"category": "external",
"summary": "2434432",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2434432"
},
{
"category": "external",
"summary": "2437111",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2437111"
},
{
"category": "external",
"summary": "2445356",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445356"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_12030.json"
}
],
"title": "Red Hat Security Advisory: buildah security update",
"tracking": {
"current_release_date": "2026-06-27T14:37:51+00:00",
"generator": {
"date": "2026-06-27T14:37:51+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.2.6"
}
},
"id": "RHSA-2026:12030",
"initial_release_date": "2026-04-30T03:33:47+00:00",
"revision_history": [
{
"date": "2026-04-30T03:33:47+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-04-30T03:33:47+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-27T14:37:51+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product": {
"name": "Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_eus:9.4::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "buildah-2:1.33.13-3.el9_4.1.src",
"product": {
"name": "buildah-2:1.33.13-3.el9_4.1.src",
"product_id": "buildah-2:1.33.13-3.el9_4.1.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/buildah@1.33.13-3.el9_4.1?arch=src\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "buildah-2:1.33.13-3.el9_4.1.aarch64",
"product": {
"name": "buildah-2:1.33.13-3.el9_4.1.aarch64",
"product_id": "buildah-2:1.33.13-3.el9_4.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/buildah@1.33.13-3.el9_4.1?arch=aarch64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "buildah-tests-2:1.33.13-3.el9_4.1.aarch64",
"product": {
"name": "buildah-tests-2:1.33.13-3.el9_4.1.aarch64",
"product_id": "buildah-tests-2:1.33.13-3.el9_4.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/buildah-tests@1.33.13-3.el9_4.1?arch=aarch64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "buildah-debugsource-2:1.33.13-3.el9_4.1.aarch64",
"product": {
"name": "buildah-debugsource-2:1.33.13-3.el9_4.1.aarch64",
"product_id": "buildah-debugsource-2:1.33.13-3.el9_4.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/buildah-debugsource@1.33.13-3.el9_4.1?arch=aarch64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "buildah-debuginfo-2:1.33.13-3.el9_4.1.aarch64",
"product": {
"name": "buildah-debuginfo-2:1.33.13-3.el9_4.1.aarch64",
"product_id": "buildah-debuginfo-2:1.33.13-3.el9_4.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/buildah-debuginfo@1.33.13-3.el9_4.1?arch=aarch64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "buildah-tests-debuginfo-2:1.33.13-3.el9_4.1.aarch64",
"product": {
"name": "buildah-tests-debuginfo-2:1.33.13-3.el9_4.1.aarch64",
"product_id": "buildah-tests-debuginfo-2:1.33.13-3.el9_4.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/buildah-tests-debuginfo@1.33.13-3.el9_4.1?arch=aarch64\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "buildah-2:1.33.13-3.el9_4.1.ppc64le",
"product": {
"name": "buildah-2:1.33.13-3.el9_4.1.ppc64le",
"product_id": "buildah-2:1.33.13-3.el9_4.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/buildah@1.33.13-3.el9_4.1?arch=ppc64le\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "buildah-tests-2:1.33.13-3.el9_4.1.ppc64le",
"product": {
"name": "buildah-tests-2:1.33.13-3.el9_4.1.ppc64le",
"product_id": "buildah-tests-2:1.33.13-3.el9_4.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/buildah-tests@1.33.13-3.el9_4.1?arch=ppc64le\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "buildah-debugsource-2:1.33.13-3.el9_4.1.ppc64le",
"product": {
"name": "buildah-debugsource-2:1.33.13-3.el9_4.1.ppc64le",
"product_id": "buildah-debugsource-2:1.33.13-3.el9_4.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/buildah-debugsource@1.33.13-3.el9_4.1?arch=ppc64le\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "buildah-debuginfo-2:1.33.13-3.el9_4.1.ppc64le",
"product": {
"name": "buildah-debuginfo-2:1.33.13-3.el9_4.1.ppc64le",
"product_id": "buildah-debuginfo-2:1.33.13-3.el9_4.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/buildah-debuginfo@1.33.13-3.el9_4.1?arch=ppc64le\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "buildah-tests-debuginfo-2:1.33.13-3.el9_4.1.ppc64le",
"product": {
"name": "buildah-tests-debuginfo-2:1.33.13-3.el9_4.1.ppc64le",
"product_id": "buildah-tests-debuginfo-2:1.33.13-3.el9_4.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/buildah-tests-debuginfo@1.33.13-3.el9_4.1?arch=ppc64le\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "buildah-2:1.33.13-3.el9_4.1.x86_64",
"product": {
"name": "buildah-2:1.33.13-3.el9_4.1.x86_64",
"product_id": "buildah-2:1.33.13-3.el9_4.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/buildah@1.33.13-3.el9_4.1?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "buildah-tests-2:1.33.13-3.el9_4.1.x86_64",
"product": {
"name": "buildah-tests-2:1.33.13-3.el9_4.1.x86_64",
"product_id": "buildah-tests-2:1.33.13-3.el9_4.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/buildah-tests@1.33.13-3.el9_4.1?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "buildah-debugsource-2:1.33.13-3.el9_4.1.x86_64",
"product": {
"name": "buildah-debugsource-2:1.33.13-3.el9_4.1.x86_64",
"product_id": "buildah-debugsource-2:1.33.13-3.el9_4.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/buildah-debugsource@1.33.13-3.el9_4.1?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "buildah-debuginfo-2:1.33.13-3.el9_4.1.x86_64",
"product": {
"name": "buildah-debuginfo-2:1.33.13-3.el9_4.1.x86_64",
"product_id": "buildah-debuginfo-2:1.33.13-3.el9_4.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/buildah-debuginfo@1.33.13-3.el9_4.1?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "buildah-tests-debuginfo-2:1.33.13-3.el9_4.1.x86_64",
"product": {
"name": "buildah-tests-debuginfo-2:1.33.13-3.el9_4.1.x86_64",
"product_id": "buildah-tests-debuginfo-2:1.33.13-3.el9_4.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/buildah-tests-debuginfo@1.33.13-3.el9_4.1?arch=x86_64\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "buildah-2:1.33.13-3.el9_4.1.s390x",
"product": {
"name": "buildah-2:1.33.13-3.el9_4.1.s390x",
"product_id": "buildah-2:1.33.13-3.el9_4.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/buildah@1.33.13-3.el9_4.1?arch=s390x\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "buildah-tests-2:1.33.13-3.el9_4.1.s390x",
"product": {
"name": "buildah-tests-2:1.33.13-3.el9_4.1.s390x",
"product_id": "buildah-tests-2:1.33.13-3.el9_4.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/buildah-tests@1.33.13-3.el9_4.1?arch=s390x\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "buildah-debugsource-2:1.33.13-3.el9_4.1.s390x",
"product": {
"name": "buildah-debugsource-2:1.33.13-3.el9_4.1.s390x",
"product_id": "buildah-debugsource-2:1.33.13-3.el9_4.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/buildah-debugsource@1.33.13-3.el9_4.1?arch=s390x\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "buildah-debuginfo-2:1.33.13-3.el9_4.1.s390x",
"product": {
"name": "buildah-debuginfo-2:1.33.13-3.el9_4.1.s390x",
"product_id": "buildah-debuginfo-2:1.33.13-3.el9_4.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/buildah-debuginfo@1.33.13-3.el9_4.1?arch=s390x\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "buildah-tests-debuginfo-2:1.33.13-3.el9_4.1.s390x",
"product": {
"name": "buildah-tests-debuginfo-2:1.33.13-3.el9_4.1.s390x",
"product_id": "buildah-tests-debuginfo-2:1.33.13-3.el9_4.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/buildah-tests-debuginfo@1.33.13-3.el9_4.1?arch=s390x\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-2:1.33.13-3.el9_4.1.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:buildah-2:1.33.13-3.el9_4.1.aarch64"
},
"product_reference": "buildah-2:1.33.13-3.el9_4.1.aarch64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-2:1.33.13-3.el9_4.1.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:buildah-2:1.33.13-3.el9_4.1.ppc64le"
},
"product_reference": "buildah-2:1.33.13-3.el9_4.1.ppc64le",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-2:1.33.13-3.el9_4.1.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:buildah-2:1.33.13-3.el9_4.1.s390x"
},
"product_reference": "buildah-2:1.33.13-3.el9_4.1.s390x",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-2:1.33.13-3.el9_4.1.src as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:buildah-2:1.33.13-3.el9_4.1.src"
},
"product_reference": "buildah-2:1.33.13-3.el9_4.1.src",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-2:1.33.13-3.el9_4.1.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:buildah-2:1.33.13-3.el9_4.1.x86_64"
},
"product_reference": "buildah-2:1.33.13-3.el9_4.1.x86_64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-debuginfo-2:1.33.13-3.el9_4.1.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:buildah-debuginfo-2:1.33.13-3.el9_4.1.aarch64"
},
"product_reference": "buildah-debuginfo-2:1.33.13-3.el9_4.1.aarch64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-debuginfo-2:1.33.13-3.el9_4.1.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:buildah-debuginfo-2:1.33.13-3.el9_4.1.ppc64le"
},
"product_reference": "buildah-debuginfo-2:1.33.13-3.el9_4.1.ppc64le",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-debuginfo-2:1.33.13-3.el9_4.1.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:buildah-debuginfo-2:1.33.13-3.el9_4.1.s390x"
},
"product_reference": "buildah-debuginfo-2:1.33.13-3.el9_4.1.s390x",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-debuginfo-2:1.33.13-3.el9_4.1.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:buildah-debuginfo-2:1.33.13-3.el9_4.1.x86_64"
},
"product_reference": "buildah-debuginfo-2:1.33.13-3.el9_4.1.x86_64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-debugsource-2:1.33.13-3.el9_4.1.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:buildah-debugsource-2:1.33.13-3.el9_4.1.aarch64"
},
"product_reference": "buildah-debugsource-2:1.33.13-3.el9_4.1.aarch64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-debugsource-2:1.33.13-3.el9_4.1.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:buildah-debugsource-2:1.33.13-3.el9_4.1.ppc64le"
},
"product_reference": "buildah-debugsource-2:1.33.13-3.el9_4.1.ppc64le",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-debugsource-2:1.33.13-3.el9_4.1.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:buildah-debugsource-2:1.33.13-3.el9_4.1.s390x"
},
"product_reference": "buildah-debugsource-2:1.33.13-3.el9_4.1.s390x",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-debugsource-2:1.33.13-3.el9_4.1.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:buildah-debugsource-2:1.33.13-3.el9_4.1.x86_64"
},
"product_reference": "buildah-debugsource-2:1.33.13-3.el9_4.1.x86_64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-tests-2:1.33.13-3.el9_4.1.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:buildah-tests-2:1.33.13-3.el9_4.1.aarch64"
},
"product_reference": "buildah-tests-2:1.33.13-3.el9_4.1.aarch64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-tests-2:1.33.13-3.el9_4.1.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:buildah-tests-2:1.33.13-3.el9_4.1.ppc64le"
},
"product_reference": "buildah-tests-2:1.33.13-3.el9_4.1.ppc64le",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-tests-2:1.33.13-3.el9_4.1.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:buildah-tests-2:1.33.13-3.el9_4.1.s390x"
},
"product_reference": "buildah-tests-2:1.33.13-3.el9_4.1.s390x",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-tests-2:1.33.13-3.el9_4.1.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:buildah-tests-2:1.33.13-3.el9_4.1.x86_64"
},
"product_reference": "buildah-tests-2:1.33.13-3.el9_4.1.x86_64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-tests-debuginfo-2:1.33.13-3.el9_4.1.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:buildah-tests-debuginfo-2:1.33.13-3.el9_4.1.aarch64"
},
"product_reference": "buildah-tests-debuginfo-2:1.33.13-3.el9_4.1.aarch64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-tests-debuginfo-2:1.33.13-3.el9_4.1.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:buildah-tests-debuginfo-2:1.33.13-3.el9_4.1.ppc64le"
},
"product_reference": "buildah-tests-debuginfo-2:1.33.13-3.el9_4.1.ppc64le",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-tests-debuginfo-2:1.33.13-3.el9_4.1.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:buildah-tests-debuginfo-2:1.33.13-3.el9_4.1.s390x"
},
"product_reference": "buildah-tests-debuginfo-2:1.33.13-3.el9_4.1.s390x",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-tests-debuginfo-2:1.33.13-3.el9_4.1.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:buildah-tests-debuginfo-2:1.33.13-3.el9_4.1.x86_64"
},
"product_reference": "buildah-tests-debuginfo-2:1.33.13-3.el9_4.1.x86_64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-47913",
"discovery_date": "2025-11-13T22:01:26.092452+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2414943"
}
],
"notes": [
{
"category": "description",
"text": "A flaw in golang.org/x/crypto/ssh/agent causes the SSH agent client to panic when a peer responds with the generic SSH_AGENT_SUCCESS (0x06) message to requests expecting typed replies (e.g., List, Sign). The unmarshal layer produces an unexpected message type, which the client code does not handle, leading to panic(\"unreachable\") or a nil-pointer dereference. A malicious agent or forwarded connection can exploit this to terminate the client process.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/crypto/ssh/agent: golang.org/x/crypto/ssh/agent: SSH client panic due to unexpected SSH_AGENT_SUCCESS",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability was marked as Important because it allows any malicious or misbehaving SSH agent to force a crash in the client process using a single valid protocol byte. The panic occurs before the client has a chance to validate message structure or recover, which means an attacker controlling\u2014or intercepting\u2014SSH agent traffic can reliably terminate processes that rely on agent interactions. In environments where SSH agents operate over forwarded sockets, shared workspaces, or CI/CD runners, this turns into a reliable, unauthenticated remote denial of service against critical automation or developer tooling. The flaw also stems from unsafe assumptions in the unmarshalling logic, where unexpected but protocol-legal message types drop into \u201cunreachable\u201d code paths instead of being handled gracefully\u2014making it a design-level reliability break rather than a simple error-handling bug. For this reason, it is rated as an important availability-impacting vulnerability rather than a moderate issue.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.4.0.Z.EUS:buildah-2:1.33.13-3.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:buildah-2:1.33.13-3.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:buildah-2:1.33.13-3.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:buildah-2:1.33.13-3.el9_4.1.src",
"AppStream-9.4.0.Z.EUS:buildah-2:1.33.13-3.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:buildah-debuginfo-2:1.33.13-3.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:buildah-debuginfo-2:1.33.13-3.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:buildah-debuginfo-2:1.33.13-3.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:buildah-debuginfo-2:1.33.13-3.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:buildah-debugsource-2:1.33.13-3.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:buildah-debugsource-2:1.33.13-3.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:buildah-debugsource-2:1.33.13-3.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:buildah-debugsource-2:1.33.13-3.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:buildah-tests-2:1.33.13-3.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:buildah-tests-2:1.33.13-3.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:buildah-tests-2:1.33.13-3.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:buildah-tests-2:1.33.13-3.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:buildah-tests-debuginfo-2:1.33.13-3.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:buildah-tests-debuginfo-2:1.33.13-3.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:buildah-tests-debuginfo-2:1.33.13-3.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:buildah-tests-debuginfo-2:1.33.13-3.el9_4.1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-47913"
},
{
"category": "external",
"summary": "RHBZ#2414943",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2414943"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-47913",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47913"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-47913",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-47913"
},
{
"category": "external",
"summary": "https://github.com/advisories/GHSA-hcg3-q754-cr77",
"url": "https://github.com/advisories/GHSA-hcg3-q754-cr77"
},
{
"category": "external",
"summary": "https://go.dev/cl/700295",
"url": "https://go.dev/cl/700295"
},
{
"category": "external",
"summary": "https://go.dev/issue/75178",
"url": "https://go.dev/issue/75178"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-4116",
"url": "https://pkg.go.dev/vuln/GO-2025-4116"
}
],
"release_date": "2025-11-13T21:29:39.907000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-30T03:33:47+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.4.0.Z.EUS:buildah-2:1.33.13-3.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:buildah-2:1.33.13-3.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:buildah-2:1.33.13-3.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:buildah-2:1.33.13-3.el9_4.1.src",
"AppStream-9.4.0.Z.EUS:buildah-2:1.33.13-3.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:buildah-debuginfo-2:1.33.13-3.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:buildah-debuginfo-2:1.33.13-3.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:buildah-debuginfo-2:1.33.13-3.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:buildah-debuginfo-2:1.33.13-3.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:buildah-debugsource-2:1.33.13-3.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:buildah-debugsource-2:1.33.13-3.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:buildah-debugsource-2:1.33.13-3.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:buildah-debugsource-2:1.33.13-3.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:buildah-tests-2:1.33.13-3.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:buildah-tests-2:1.33.13-3.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:buildah-tests-2:1.33.13-3.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:buildah-tests-2:1.33.13-3.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:buildah-tests-debuginfo-2:1.33.13-3.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:buildah-tests-debuginfo-2:1.33.13-3.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:buildah-tests-debuginfo-2:1.33.13-3.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:buildah-tests-debuginfo-2:1.33.13-3.el9_4.1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:12030"
},
{
"category": "workaround",
"details": "No mitigation is currently available that meets Red Hat Product Security\u2019s standards for usability, deployment, applicability, or stability.",
"product_ids": [
"AppStream-9.4.0.Z.EUS:buildah-2:1.33.13-3.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:buildah-2:1.33.13-3.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:buildah-2:1.33.13-3.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:buildah-2:1.33.13-3.el9_4.1.src",
"AppStream-9.4.0.Z.EUS:buildah-2:1.33.13-3.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:buildah-debuginfo-2:1.33.13-3.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:buildah-debuginfo-2:1.33.13-3.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:buildah-debuginfo-2:1.33.13-3.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:buildah-debuginfo-2:1.33.13-3.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:buildah-debugsource-2:1.33.13-3.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:buildah-debugsource-2:1.33.13-3.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:buildah-debugsource-2:1.33.13-3.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:buildah-debugsource-2:1.33.13-3.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:buildah-tests-2:1.33.13-3.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:buildah-tests-2:1.33.13-3.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:buildah-tests-2:1.33.13-3.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:buildah-tests-2:1.33.13-3.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:buildah-tests-debuginfo-2:1.33.13-3.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:buildah-tests-debuginfo-2:1.33.13-3.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:buildah-tests-debuginfo-2:1.33.13-3.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:buildah-tests-debuginfo-2:1.33.13-3.el9_4.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.4.0.Z.EUS:buildah-2:1.33.13-3.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:buildah-2:1.33.13-3.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:buildah-2:1.33.13-3.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:buildah-2:1.33.13-3.el9_4.1.src",
"AppStream-9.4.0.Z.EUS:buildah-2:1.33.13-3.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:buildah-debuginfo-2:1.33.13-3.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:buildah-debuginfo-2:1.33.13-3.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:buildah-debuginfo-2:1.33.13-3.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:buildah-debuginfo-2:1.33.13-3.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:buildah-debugsource-2:1.33.13-3.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:buildah-debugsource-2:1.33.13-3.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:buildah-debugsource-2:1.33.13-3.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:buildah-debugsource-2:1.33.13-3.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:buildah-tests-2:1.33.13-3.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:buildah-tests-2:1.33.13-3.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:buildah-tests-2:1.33.13-3.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:buildah-tests-2:1.33.13-3.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:buildah-tests-debuginfo-2:1.33.13-3.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:buildah-tests-debuginfo-2:1.33.13-3.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:buildah-tests-debuginfo-2:1.33.13-3.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:buildah-tests-debuginfo-2:1.33.13-3.el9_4.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang.org/x/crypto/ssh/agent: golang.org/x/crypto/ssh/agent: SSH client panic due to unexpected SSH_AGENT_SUCCESS"
},
{
"cve": "CVE-2025-61726",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-01-28T20:01:42.791305+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2434432"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted HTTP request containing a massive number of query parameters will cause the application to consume an excessive amount of memory, eventually causing the application to crash or become unresponsive, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/url: Memory exhaustion in query parameter parsing in net/url",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker must be able to send a specially crafted HTTP request to an application parsing URL-encoded forms with net/url, specifically a request containing a large number of unique query parameters. The request will cause the application to consume an excessive amount of memory and eventually result in a denial of service, with no impact to confidentiality or integrity. Due to this reason, this vulnerability has been rated with an important severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.4.0.Z.EUS:buildah-2:1.33.13-3.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:buildah-2:1.33.13-3.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:buildah-2:1.33.13-3.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:buildah-2:1.33.13-3.el9_4.1.src",
"AppStream-9.4.0.Z.EUS:buildah-2:1.33.13-3.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:buildah-debuginfo-2:1.33.13-3.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:buildah-debuginfo-2:1.33.13-3.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:buildah-debuginfo-2:1.33.13-3.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:buildah-debuginfo-2:1.33.13-3.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:buildah-debugsource-2:1.33.13-3.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:buildah-debugsource-2:1.33.13-3.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:buildah-debugsource-2:1.33.13-3.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:buildah-debugsource-2:1.33.13-3.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:buildah-tests-2:1.33.13-3.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:buildah-tests-2:1.33.13-3.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:buildah-tests-2:1.33.13-3.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:buildah-tests-2:1.33.13-3.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:buildah-tests-debuginfo-2:1.33.13-3.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:buildah-tests-debuginfo-2:1.33.13-3.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:buildah-tests-debuginfo-2:1.33.13-3.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:buildah-tests-debuginfo-2:1.33.13-3.el9_4.1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61726"
},
{
"category": "external",
"summary": "RHBZ#2434432",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2434432"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61726",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61726"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726"
},
{
"category": "external",
"summary": "https://go.dev/cl/736712",
"url": "https://go.dev/cl/736712"
},
{
"category": "external",
"summary": "https://go.dev/issue/77101",
"url": "https://go.dev/issue/77101"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc",
"url": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4341",
"url": "https://pkg.go.dev/vuln/GO-2026-4341"
}
],
"release_date": "2026-01-28T19:30:31.215000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-30T03:33:47+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.4.0.Z.EUS:buildah-2:1.33.13-3.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:buildah-2:1.33.13-3.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:buildah-2:1.33.13-3.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:buildah-2:1.33.13-3.el9_4.1.src",
"AppStream-9.4.0.Z.EUS:buildah-2:1.33.13-3.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:buildah-debuginfo-2:1.33.13-3.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:buildah-debuginfo-2:1.33.13-3.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:buildah-debuginfo-2:1.33.13-3.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:buildah-debuginfo-2:1.33.13-3.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:buildah-debugsource-2:1.33.13-3.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:buildah-debugsource-2:1.33.13-3.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:buildah-debugsource-2:1.33.13-3.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:buildah-debugsource-2:1.33.13-3.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:buildah-tests-2:1.33.13-3.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:buildah-tests-2:1.33.13-3.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:buildah-tests-2:1.33.13-3.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:buildah-tests-2:1.33.13-3.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:buildah-tests-debuginfo-2:1.33.13-3.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:buildah-tests-debuginfo-2:1.33.13-3.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:buildah-tests-debuginfo-2:1.33.13-3.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:buildah-tests-debuginfo-2:1.33.13-3.el9_4.1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:12030"
},
{
"category": "workaround",
"details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.",
"product_ids": [
"AppStream-9.4.0.Z.EUS:buildah-2:1.33.13-3.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:buildah-2:1.33.13-3.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:buildah-2:1.33.13-3.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:buildah-2:1.33.13-3.el9_4.1.src",
"AppStream-9.4.0.Z.EUS:buildah-2:1.33.13-3.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:buildah-debuginfo-2:1.33.13-3.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:buildah-debuginfo-2:1.33.13-3.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:buildah-debuginfo-2:1.33.13-3.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:buildah-debuginfo-2:1.33.13-3.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:buildah-debugsource-2:1.33.13-3.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:buildah-debugsource-2:1.33.13-3.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:buildah-debugsource-2:1.33.13-3.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:buildah-debugsource-2:1.33.13-3.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:buildah-tests-2:1.33.13-3.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:buildah-tests-2:1.33.13-3.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:buildah-tests-2:1.33.13-3.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:buildah-tests-2:1.33.13-3.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:buildah-tests-debuginfo-2:1.33.13-3.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:buildah-tests-debuginfo-2:1.33.13-3.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:buildah-tests-debuginfo-2:1.33.13-3.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:buildah-tests-debuginfo-2:1.33.13-3.el9_4.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.4.0.Z.EUS:buildah-2:1.33.13-3.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:buildah-2:1.33.13-3.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:buildah-2:1.33.13-3.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:buildah-2:1.33.13-3.el9_4.1.src",
"AppStream-9.4.0.Z.EUS:buildah-2:1.33.13-3.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:buildah-debuginfo-2:1.33.13-3.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:buildah-debuginfo-2:1.33.13-3.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:buildah-debuginfo-2:1.33.13-3.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:buildah-debuginfo-2:1.33.13-3.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:buildah-debugsource-2:1.33.13-3.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:buildah-debugsource-2:1.33.13-3.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:buildah-debugsource-2:1.33.13-3.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:buildah-debugsource-2:1.33.13-3.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:buildah-tests-2:1.33.13-3.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:buildah-tests-2:1.33.13-3.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:buildah-tests-2:1.33.13-3.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:buildah-tests-2:1.33.13-3.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:buildah-tests-debuginfo-2:1.33.13-3.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:buildah-tests-debuginfo-2:1.33.13-3.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:buildah-tests-debuginfo-2:1.33.13-3.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:buildah-tests-debuginfo-2:1.33.13-3.el9_4.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang: net/url: Memory exhaustion in query parameter parsing in net/url"
},
{
"cve": "CVE-2025-61729",
"cwe": {
"id": "CWE-1050",
"name": "Excessive Platform Resource Consumption within a Loop"
},
"discovery_date": "2025-12-02T20:01:45.330964+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2418462"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the `HostnameError.Error()` function. This flaw, caused by unbounded string concatenation, leads to excessive resource consumption. Successful exploitation can result in a denial of service (DoS) for the affected system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.4.0.Z.EUS:buildah-2:1.33.13-3.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:buildah-2:1.33.13-3.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:buildah-2:1.33.13-3.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:buildah-2:1.33.13-3.el9_4.1.src",
"AppStream-9.4.0.Z.EUS:buildah-2:1.33.13-3.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:buildah-debuginfo-2:1.33.13-3.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:buildah-debuginfo-2:1.33.13-3.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:buildah-debuginfo-2:1.33.13-3.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:buildah-debuginfo-2:1.33.13-3.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:buildah-debugsource-2:1.33.13-3.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:buildah-debugsource-2:1.33.13-3.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:buildah-debugsource-2:1.33.13-3.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:buildah-debugsource-2:1.33.13-3.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:buildah-tests-2:1.33.13-3.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:buildah-tests-2:1.33.13-3.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:buildah-tests-2:1.33.13-3.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:buildah-tests-2:1.33.13-3.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:buildah-tests-debuginfo-2:1.33.13-3.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:buildah-tests-debuginfo-2:1.33.13-3.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:buildah-tests-debuginfo-2:1.33.13-3.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:buildah-tests-debuginfo-2:1.33.13-3.el9_4.1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61729"
},
{
"category": "external",
"summary": "RHBZ#2418462",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418462"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61729",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61729"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61729",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61729"
},
{
"category": "external",
"summary": "https://go.dev/cl/725920",
"url": "https://go.dev/cl/725920"
},
{
"category": "external",
"summary": "https://go.dev/issue/76445",
"url": "https://go.dev/issue/76445"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4",
"url": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-4155",
"url": "https://pkg.go.dev/vuln/GO-2025-4155"
}
],
"release_date": "2025-12-02T18:54:10.166000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-30T03:33:47+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.4.0.Z.EUS:buildah-2:1.33.13-3.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:buildah-2:1.33.13-3.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:buildah-2:1.33.13-3.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:buildah-2:1.33.13-3.el9_4.1.src",
"AppStream-9.4.0.Z.EUS:buildah-2:1.33.13-3.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:buildah-debuginfo-2:1.33.13-3.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:buildah-debuginfo-2:1.33.13-3.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:buildah-debuginfo-2:1.33.13-3.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:buildah-debuginfo-2:1.33.13-3.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:buildah-debugsource-2:1.33.13-3.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:buildah-debugsource-2:1.33.13-3.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:buildah-debugsource-2:1.33.13-3.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:buildah-debugsource-2:1.33.13-3.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:buildah-tests-2:1.33.13-3.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:buildah-tests-2:1.33.13-3.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:buildah-tests-2:1.33.13-3.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:buildah-tests-2:1.33.13-3.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:buildah-tests-debuginfo-2:1.33.13-3.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:buildah-tests-debuginfo-2:1.33.13-3.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:buildah-tests-debuginfo-2:1.33.13-3.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:buildah-tests-debuginfo-2:1.33.13-3.el9_4.1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:12030"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.4.0.Z.EUS:buildah-2:1.33.13-3.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:buildah-2:1.33.13-3.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:buildah-2:1.33.13-3.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:buildah-2:1.33.13-3.el9_4.1.src",
"AppStream-9.4.0.Z.EUS:buildah-2:1.33.13-3.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:buildah-debuginfo-2:1.33.13-3.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:buildah-debuginfo-2:1.33.13-3.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:buildah-debuginfo-2:1.33.13-3.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:buildah-debuginfo-2:1.33.13-3.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:buildah-debugsource-2:1.33.13-3.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:buildah-debugsource-2:1.33.13-3.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:buildah-debugsource-2:1.33.13-3.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:buildah-debugsource-2:1.33.13-3.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:buildah-tests-2:1.33.13-3.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:buildah-tests-2:1.33.13-3.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:buildah-tests-2:1.33.13-3.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:buildah-tests-2:1.33.13-3.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:buildah-tests-debuginfo-2:1.33.13-3.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:buildah-tests-debuginfo-2:1.33.13-3.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:buildah-tests-debuginfo-2:1.33.13-3.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:buildah-tests-debuginfo-2:1.33.13-3.el9_4.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate"
},
{
"cve": "CVE-2025-68121",
"discovery_date": "2026-02-05T18:01:30.086058+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2437111"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the crypto/tls component. This vulnerability occurs during Transport Layer Security (TLS) session resumption when certificate authority (CA) settings are modified between the initial and resumed handshakes. An attacker could exploit this to bypass certificate validation, allowing a client or server to establish a connection that should have been rejected. This could lead to an authentication bypass under specific conditions.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is a moderate flaw because it only occurs under specific conditions, such as TLS session resumption with runtime changes to certificate authority settings. Exploitation is not straightforward and requires a controlled setup. The impact is limited to certificate validation within the same component and does not affect system availability.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.4.0.Z.EUS:buildah-2:1.33.13-3.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:buildah-2:1.33.13-3.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:buildah-2:1.33.13-3.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:buildah-2:1.33.13-3.el9_4.1.src",
"AppStream-9.4.0.Z.EUS:buildah-2:1.33.13-3.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:buildah-debuginfo-2:1.33.13-3.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:buildah-debuginfo-2:1.33.13-3.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:buildah-debuginfo-2:1.33.13-3.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:buildah-debuginfo-2:1.33.13-3.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:buildah-debugsource-2:1.33.13-3.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:buildah-debugsource-2:1.33.13-3.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:buildah-debugsource-2:1.33.13-3.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:buildah-debugsource-2:1.33.13-3.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:buildah-tests-2:1.33.13-3.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:buildah-tests-2:1.33.13-3.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:buildah-tests-2:1.33.13-3.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:buildah-tests-2:1.33.13-3.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:buildah-tests-debuginfo-2:1.33.13-3.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:buildah-tests-debuginfo-2:1.33.13-3.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:buildah-tests-debuginfo-2:1.33.13-3.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:buildah-tests-debuginfo-2:1.33.13-3.el9_4.1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-68121"
},
{
"category": "external",
"summary": "RHBZ#2437111",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2437111"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-68121",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68121"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-68121",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68121"
},
{
"category": "external",
"summary": "https://go.dev/cl/737700",
"url": "https://go.dev/cl/737700"
},
{
"category": "external",
"summary": "https://go.dev/issue/77217",
"url": "https://go.dev/issue/77217"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk",
"url": "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4337",
"url": "https://pkg.go.dev/vuln/GO-2026-4337"
}
],
"release_date": "2026-02-05T17:48:44.141000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-30T03:33:47+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.4.0.Z.EUS:buildah-2:1.33.13-3.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:buildah-2:1.33.13-3.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:buildah-2:1.33.13-3.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:buildah-2:1.33.13-3.el9_4.1.src",
"AppStream-9.4.0.Z.EUS:buildah-2:1.33.13-3.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:buildah-debuginfo-2:1.33.13-3.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:buildah-debuginfo-2:1.33.13-3.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:buildah-debuginfo-2:1.33.13-3.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:buildah-debuginfo-2:1.33.13-3.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:buildah-debugsource-2:1.33.13-3.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:buildah-debugsource-2:1.33.13-3.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:buildah-debugsource-2:1.33.13-3.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:buildah-debugsource-2:1.33.13-3.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:buildah-tests-2:1.33.13-3.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:buildah-tests-2:1.33.13-3.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:buildah-tests-2:1.33.13-3.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:buildah-tests-2:1.33.13-3.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:buildah-tests-debuginfo-2:1.33.13-3.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:buildah-tests-debuginfo-2:1.33.13-3.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:buildah-tests-debuginfo-2:1.33.13-3.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:buildah-tests-debuginfo-2:1.33.13-3.el9_4.1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:12030"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"AppStream-9.4.0.Z.EUS:buildah-2:1.33.13-3.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:buildah-2:1.33.13-3.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:buildah-2:1.33.13-3.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:buildah-2:1.33.13-3.el9_4.1.src",
"AppStream-9.4.0.Z.EUS:buildah-2:1.33.13-3.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:buildah-debuginfo-2:1.33.13-3.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:buildah-debuginfo-2:1.33.13-3.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:buildah-debuginfo-2:1.33.13-3.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:buildah-debuginfo-2:1.33.13-3.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:buildah-debugsource-2:1.33.13-3.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:buildah-debugsource-2:1.33.13-3.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:buildah-debugsource-2:1.33.13-3.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:buildah-debugsource-2:1.33.13-3.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:buildah-tests-2:1.33.13-3.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:buildah-tests-2:1.33.13-3.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:buildah-tests-2:1.33.13-3.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:buildah-tests-2:1.33.13-3.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:buildah-tests-debuginfo-2:1.33.13-3.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:buildah-tests-debuginfo-2:1.33.13-3.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:buildah-tests-debuginfo-2:1.33.13-3.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:buildah-tests-debuginfo-2:1.33.13-3.el9_4.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption"
},
{
"cve": "CVE-2026-25679",
"cwe": {
"id": "CWE-1286",
"name": "Improper Validation of Syntactic Correctness of Input"
},
"discovery_date": "2026-03-06T22:02:11.567841+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2445356"
}
],
"notes": [
{
"category": "description",
"text": "The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "net/url: Incorrect parsing of IPv6 host literals in net/url",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.4.0.Z.EUS:buildah-2:1.33.13-3.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:buildah-2:1.33.13-3.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:buildah-2:1.33.13-3.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:buildah-2:1.33.13-3.el9_4.1.src",
"AppStream-9.4.0.Z.EUS:buildah-2:1.33.13-3.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:buildah-debuginfo-2:1.33.13-3.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:buildah-debuginfo-2:1.33.13-3.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:buildah-debuginfo-2:1.33.13-3.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:buildah-debuginfo-2:1.33.13-3.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:buildah-debugsource-2:1.33.13-3.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:buildah-debugsource-2:1.33.13-3.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:buildah-debugsource-2:1.33.13-3.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:buildah-debugsource-2:1.33.13-3.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:buildah-tests-2:1.33.13-3.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:buildah-tests-2:1.33.13-3.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:buildah-tests-2:1.33.13-3.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:buildah-tests-2:1.33.13-3.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:buildah-tests-debuginfo-2:1.33.13-3.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:buildah-tests-debuginfo-2:1.33.13-3.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:buildah-tests-debuginfo-2:1.33.13-3.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:buildah-tests-debuginfo-2:1.33.13-3.el9_4.1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-25679"
},
{
"category": "external",
"summary": "RHBZ#2445356",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445356"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-25679",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25679"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-25679",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25679"
},
{
"category": "external",
"summary": "https://go.dev/cl/752180",
"url": "https://go.dev/cl/752180"
},
{
"category": "external",
"summary": "https://go.dev/issue/77578",
"url": "https://go.dev/issue/77578"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk",
"url": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4601",
"url": "https://pkg.go.dev/vuln/GO-2026-4601"
}
],
"release_date": "2026-03-06T21:28:14.211000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-30T03:33:47+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.4.0.Z.EUS:buildah-2:1.33.13-3.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:buildah-2:1.33.13-3.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:buildah-2:1.33.13-3.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:buildah-2:1.33.13-3.el9_4.1.src",
"AppStream-9.4.0.Z.EUS:buildah-2:1.33.13-3.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:buildah-debuginfo-2:1.33.13-3.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:buildah-debuginfo-2:1.33.13-3.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:buildah-debuginfo-2:1.33.13-3.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:buildah-debuginfo-2:1.33.13-3.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:buildah-debugsource-2:1.33.13-3.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:buildah-debugsource-2:1.33.13-3.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:buildah-debugsource-2:1.33.13-3.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:buildah-debugsource-2:1.33.13-3.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:buildah-tests-2:1.33.13-3.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:buildah-tests-2:1.33.13-3.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:buildah-tests-2:1.33.13-3.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:buildah-tests-2:1.33.13-3.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:buildah-tests-debuginfo-2:1.33.13-3.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:buildah-tests-debuginfo-2:1.33.13-3.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:buildah-tests-debuginfo-2:1.33.13-3.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:buildah-tests-debuginfo-2:1.33.13-3.el9_4.1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:12030"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.4.0.Z.EUS:buildah-2:1.33.13-3.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:buildah-2:1.33.13-3.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:buildah-2:1.33.13-3.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:buildah-2:1.33.13-3.el9_4.1.src",
"AppStream-9.4.0.Z.EUS:buildah-2:1.33.13-3.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:buildah-debuginfo-2:1.33.13-3.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:buildah-debuginfo-2:1.33.13-3.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:buildah-debuginfo-2:1.33.13-3.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:buildah-debuginfo-2:1.33.13-3.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:buildah-debugsource-2:1.33.13-3.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:buildah-debugsource-2:1.33.13-3.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:buildah-debugsource-2:1.33.13-3.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:buildah-debugsource-2:1.33.13-3.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:buildah-tests-2:1.33.13-3.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:buildah-tests-2:1.33.13-3.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:buildah-tests-2:1.33.13-3.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:buildah-tests-2:1.33.13-3.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:buildah-tests-debuginfo-2:1.33.13-3.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:buildah-tests-debuginfo-2:1.33.13-3.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:buildah-tests-debuginfo-2:1.33.13-3.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:buildah-tests-debuginfo-2:1.33.13-3.el9_4.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.4.0.Z.EUS:buildah-2:1.33.13-3.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:buildah-2:1.33.13-3.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:buildah-2:1.33.13-3.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:buildah-2:1.33.13-3.el9_4.1.src",
"AppStream-9.4.0.Z.EUS:buildah-2:1.33.13-3.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:buildah-debuginfo-2:1.33.13-3.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:buildah-debuginfo-2:1.33.13-3.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:buildah-debuginfo-2:1.33.13-3.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:buildah-debuginfo-2:1.33.13-3.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:buildah-debugsource-2:1.33.13-3.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:buildah-debugsource-2:1.33.13-3.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:buildah-debugsource-2:1.33.13-3.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:buildah-debugsource-2:1.33.13-3.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:buildah-tests-2:1.33.13-3.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:buildah-tests-2:1.33.13-3.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:buildah-tests-2:1.33.13-3.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:buildah-tests-2:1.33.13-3.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:buildah-tests-debuginfo-2:1.33.13-3.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:buildah-tests-debuginfo-2:1.33.13-3.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:buildah-tests-debuginfo-2:1.33.13-3.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:buildah-tests-debuginfo-2:1.33.13-3.el9_4.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "net/url: Incorrect parsing of IPv6 host literals in net/url"
}
]
}
RHSA-2026:12031
Vulnerability from csaf_redhat - Published: 2026-04-30 03:29 - Updated: 2026-06-27 14:37Summary
Red Hat Security Advisory: runc security update
Severity
Important
Notes
Topic: An update for runc is now available for Red Hat Enterprise Linux 9.4 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: The runC tool is a lightweight, portable implementation of the Open Container Format (OCF) that provides container runtime.
Security Fix(es):
* crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate (CVE-2025-61729)
* golang: net/url: Memory exhaustion in query parameter parsing in net/url (CVE-2025-61726)
* crypto/tls: Unexpected session resumption in crypto/tls (CVE-2025-68121)
* net/url: Incorrect parsing of IPv6 host literals in net/url (CVE-2026-25679)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted HTTP request containing a massive number of query parameters will cause the application to consume an excessive amount of memory, eventually causing the application to crash or become unresponsive, resulting in a denial of service.
7.5 (High)
Affected products
Fixed
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.4.0.Z.EUS:runc-4:1.2.9-1.el9_4.1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:runc-4:1.2.9-1.el9_4.1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:runc-4:1.2.9-1.el9_4.1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:runc-4:1.2.9-1.el9_4.1.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:runc-4:1.2.9-1.el9_4.1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:runc-debuginfo-4:1.2.9-1.el9_4.1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:runc-debuginfo-4:1.2.9-1.el9_4.1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:runc-debuginfo-4:1.2.9-1.el9_4.1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:runc-debuginfo-4:1.2.9-1.el9_4.1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:runc-debugsource-4:1.2.9-1.el9_4.1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:runc-debugsource-4:1.2.9-1.el9_4.1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:runc-debugsource-4:1.2.9-1.el9_4.1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:runc-debugsource-4:1.2.9-1.el9_4.1.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the `HostnameError.Error()` function. This flaw, caused by unbounded string concatenation, leads to excessive resource consumption. Successful exploitation can result in a denial of service (DoS) for the affected system.
7.5 (High)
Affected products
Fixed
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.4.0.Z.EUS:runc-4:1.2.9-1.el9_4.1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:runc-4:1.2.9-1.el9_4.1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:runc-4:1.2.9-1.el9_4.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:runc-4:1.2.9-1.el9_4.1.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:runc-4:1.2.9-1.el9_4.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:runc-debuginfo-4:1.2.9-1.el9_4.1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:runc-debuginfo-4:1.2.9-1.el9_4.1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:runc-debuginfo-4:1.2.9-1.el9_4.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:runc-debuginfo-4:1.2.9-1.el9_4.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:runc-debugsource-4:1.2.9-1.el9_4.1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:runc-debugsource-4:1.2.9-1.el9_4.1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:runc-debugsource-4:1.2.9-1.el9_4.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:runc-debugsource-4:1.2.9-1.el9_4.1.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Important
A flaw was found in the crypto/tls component. This vulnerability occurs during Transport Layer Security (TLS) session resumption when certificate authority (CA) settings are modified between the initial and resumed handshakes. An attacker could exploit this to bypass certificate validation, allowing a client or server to establish a connection that should have been rejected. This could lead to an authentication bypass under specific conditions.
7.4 (High)
Affected products
Fixed
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.4.0.Z.EUS:runc-4:1.2.9-1.el9_4.1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:runc-4:1.2.9-1.el9_4.1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:runc-4:1.2.9-1.el9_4.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:runc-4:1.2.9-1.el9_4.1.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:runc-4:1.2.9-1.el9_4.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:runc-debuginfo-4:1.2.9-1.el9_4.1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:runc-debuginfo-4:1.2.9-1.el9_4.1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:runc-debuginfo-4:1.2.9-1.el9_4.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:runc-debuginfo-4:1.2.9-1.el9_4.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:runc-debugsource-4:1.2.9-1.el9_4.1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:runc-debugsource-4:1.2.9-1.el9_4.1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:runc-debugsource-4:1.2.9-1.el9_4.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:runc-debugsource-4:1.2.9-1.el9_4.1.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid.
7.5 (High)
Affected products
Fixed
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.4.0.Z.EUS:runc-4:1.2.9-1.el9_4.1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:runc-4:1.2.9-1.el9_4.1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:runc-4:1.2.9-1.el9_4.1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:runc-4:1.2.9-1.el9_4.1.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:runc-4:1.2.9-1.el9_4.1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:runc-debuginfo-4:1.2.9-1.el9_4.1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:runc-debuginfo-4:1.2.9-1.el9_4.1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:runc-debuginfo-4:1.2.9-1.el9_4.1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:runc-debuginfo-4:1.2.9-1.el9_4.1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:runc-debugsource-4:1.2.9-1.el9_4.1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:runc-debugsource-4:1.2.9-1.el9_4.1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:runc-debugsource-4:1.2.9-1.el9_4.1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:runc-debugsource-4:1.2.9-1.el9_4.1.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
References
39 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for runc is now available for Red Hat Enterprise Linux 9.4 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The runC tool is a lightweight, portable implementation of the Open Container Format (OCF) that provides container runtime.\n\nSecurity Fix(es):\n\n* crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate (CVE-2025-61729)\n\n* golang: net/url: Memory exhaustion in query parameter parsing in net/url (CVE-2025-61726)\n\n* crypto/tls: Unexpected session resumption in crypto/tls (CVE-2025-68121)\n\n* net/url: Incorrect parsing of IPv6 host literals in net/url (CVE-2026-25679)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:12031",
"url": "https://access.redhat.com/errata/RHSA-2026:12031"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2418462",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418462"
},
{
"category": "external",
"summary": "2434432",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2434432"
},
{
"category": "external",
"summary": "2437111",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2437111"
},
{
"category": "external",
"summary": "2445356",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445356"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_12031.json"
}
],
"title": "Red Hat Security Advisory: runc security update",
"tracking": {
"current_release_date": "2026-06-27T14:37:51+00:00",
"generator": {
"date": "2026-06-27T14:37:51+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.2.6"
}
},
"id": "RHSA-2026:12031",
"initial_release_date": "2026-04-30T03:29:55+00:00",
"revision_history": [
{
"date": "2026-04-30T03:29:55+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-04-30T03:29:55+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-27T14:37:51+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product": {
"name": "Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_eus:9.4::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "runc-4:1.2.9-1.el9_4.1.src",
"product": {
"name": "runc-4:1.2.9-1.el9_4.1.src",
"product_id": "runc-4:1.2.9-1.el9_4.1.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/runc@1.2.9-1.el9_4.1?arch=src\u0026epoch=4"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "runc-4:1.2.9-1.el9_4.1.aarch64",
"product": {
"name": "runc-4:1.2.9-1.el9_4.1.aarch64",
"product_id": "runc-4:1.2.9-1.el9_4.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/runc@1.2.9-1.el9_4.1?arch=aarch64\u0026epoch=4"
}
}
},
{
"category": "product_version",
"name": "runc-debugsource-4:1.2.9-1.el9_4.1.aarch64",
"product": {
"name": "runc-debugsource-4:1.2.9-1.el9_4.1.aarch64",
"product_id": "runc-debugsource-4:1.2.9-1.el9_4.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/runc-debugsource@1.2.9-1.el9_4.1?arch=aarch64\u0026epoch=4"
}
}
},
{
"category": "product_version",
"name": "runc-debuginfo-4:1.2.9-1.el9_4.1.aarch64",
"product": {
"name": "runc-debuginfo-4:1.2.9-1.el9_4.1.aarch64",
"product_id": "runc-debuginfo-4:1.2.9-1.el9_4.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/runc-debuginfo@1.2.9-1.el9_4.1?arch=aarch64\u0026epoch=4"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "runc-4:1.2.9-1.el9_4.1.ppc64le",
"product": {
"name": "runc-4:1.2.9-1.el9_4.1.ppc64le",
"product_id": "runc-4:1.2.9-1.el9_4.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/runc@1.2.9-1.el9_4.1?arch=ppc64le\u0026epoch=4"
}
}
},
{
"category": "product_version",
"name": "runc-debugsource-4:1.2.9-1.el9_4.1.ppc64le",
"product": {
"name": "runc-debugsource-4:1.2.9-1.el9_4.1.ppc64le",
"product_id": "runc-debugsource-4:1.2.9-1.el9_4.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/runc-debugsource@1.2.9-1.el9_4.1?arch=ppc64le\u0026epoch=4"
}
}
},
{
"category": "product_version",
"name": "runc-debuginfo-4:1.2.9-1.el9_4.1.ppc64le",
"product": {
"name": "runc-debuginfo-4:1.2.9-1.el9_4.1.ppc64le",
"product_id": "runc-debuginfo-4:1.2.9-1.el9_4.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/runc-debuginfo@1.2.9-1.el9_4.1?arch=ppc64le\u0026epoch=4"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "runc-4:1.2.9-1.el9_4.1.x86_64",
"product": {
"name": "runc-4:1.2.9-1.el9_4.1.x86_64",
"product_id": "runc-4:1.2.9-1.el9_4.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/runc@1.2.9-1.el9_4.1?arch=x86_64\u0026epoch=4"
}
}
},
{
"category": "product_version",
"name": "runc-debugsource-4:1.2.9-1.el9_4.1.x86_64",
"product": {
"name": "runc-debugsource-4:1.2.9-1.el9_4.1.x86_64",
"product_id": "runc-debugsource-4:1.2.9-1.el9_4.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/runc-debugsource@1.2.9-1.el9_4.1?arch=x86_64\u0026epoch=4"
}
}
},
{
"category": "product_version",
"name": "runc-debuginfo-4:1.2.9-1.el9_4.1.x86_64",
"product": {
"name": "runc-debuginfo-4:1.2.9-1.el9_4.1.x86_64",
"product_id": "runc-debuginfo-4:1.2.9-1.el9_4.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/runc-debuginfo@1.2.9-1.el9_4.1?arch=x86_64\u0026epoch=4"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "runc-4:1.2.9-1.el9_4.1.s390x",
"product": {
"name": "runc-4:1.2.9-1.el9_4.1.s390x",
"product_id": "runc-4:1.2.9-1.el9_4.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/runc@1.2.9-1.el9_4.1?arch=s390x\u0026epoch=4"
}
}
},
{
"category": "product_version",
"name": "runc-debugsource-4:1.2.9-1.el9_4.1.s390x",
"product": {
"name": "runc-debugsource-4:1.2.9-1.el9_4.1.s390x",
"product_id": "runc-debugsource-4:1.2.9-1.el9_4.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/runc-debugsource@1.2.9-1.el9_4.1?arch=s390x\u0026epoch=4"
}
}
},
{
"category": "product_version",
"name": "runc-debuginfo-4:1.2.9-1.el9_4.1.s390x",
"product": {
"name": "runc-debuginfo-4:1.2.9-1.el9_4.1.s390x",
"product_id": "runc-debuginfo-4:1.2.9-1.el9_4.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/runc-debuginfo@1.2.9-1.el9_4.1?arch=s390x\u0026epoch=4"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "runc-4:1.2.9-1.el9_4.1.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:runc-4:1.2.9-1.el9_4.1.aarch64"
},
"product_reference": "runc-4:1.2.9-1.el9_4.1.aarch64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "runc-4:1.2.9-1.el9_4.1.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:runc-4:1.2.9-1.el9_4.1.ppc64le"
},
"product_reference": "runc-4:1.2.9-1.el9_4.1.ppc64le",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "runc-4:1.2.9-1.el9_4.1.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:runc-4:1.2.9-1.el9_4.1.s390x"
},
"product_reference": "runc-4:1.2.9-1.el9_4.1.s390x",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "runc-4:1.2.9-1.el9_4.1.src as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:runc-4:1.2.9-1.el9_4.1.src"
},
"product_reference": "runc-4:1.2.9-1.el9_4.1.src",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "runc-4:1.2.9-1.el9_4.1.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:runc-4:1.2.9-1.el9_4.1.x86_64"
},
"product_reference": "runc-4:1.2.9-1.el9_4.1.x86_64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "runc-debuginfo-4:1.2.9-1.el9_4.1.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:runc-debuginfo-4:1.2.9-1.el9_4.1.aarch64"
},
"product_reference": "runc-debuginfo-4:1.2.9-1.el9_4.1.aarch64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "runc-debuginfo-4:1.2.9-1.el9_4.1.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:runc-debuginfo-4:1.2.9-1.el9_4.1.ppc64le"
},
"product_reference": "runc-debuginfo-4:1.2.9-1.el9_4.1.ppc64le",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "runc-debuginfo-4:1.2.9-1.el9_4.1.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:runc-debuginfo-4:1.2.9-1.el9_4.1.s390x"
},
"product_reference": "runc-debuginfo-4:1.2.9-1.el9_4.1.s390x",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "runc-debuginfo-4:1.2.9-1.el9_4.1.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:runc-debuginfo-4:1.2.9-1.el9_4.1.x86_64"
},
"product_reference": "runc-debuginfo-4:1.2.9-1.el9_4.1.x86_64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "runc-debugsource-4:1.2.9-1.el9_4.1.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:runc-debugsource-4:1.2.9-1.el9_4.1.aarch64"
},
"product_reference": "runc-debugsource-4:1.2.9-1.el9_4.1.aarch64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "runc-debugsource-4:1.2.9-1.el9_4.1.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:runc-debugsource-4:1.2.9-1.el9_4.1.ppc64le"
},
"product_reference": "runc-debugsource-4:1.2.9-1.el9_4.1.ppc64le",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "runc-debugsource-4:1.2.9-1.el9_4.1.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:runc-debugsource-4:1.2.9-1.el9_4.1.s390x"
},
"product_reference": "runc-debugsource-4:1.2.9-1.el9_4.1.s390x",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "runc-debugsource-4:1.2.9-1.el9_4.1.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:runc-debugsource-4:1.2.9-1.el9_4.1.x86_64"
},
"product_reference": "runc-debugsource-4:1.2.9-1.el9_4.1.x86_64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-61726",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-01-28T20:01:42.791305+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2434432"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted HTTP request containing a massive number of query parameters will cause the application to consume an excessive amount of memory, eventually causing the application to crash or become unresponsive, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/url: Memory exhaustion in query parameter parsing in net/url",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker must be able to send a specially crafted HTTP request to an application parsing URL-encoded forms with net/url, specifically a request containing a large number of unique query parameters. The request will cause the application to consume an excessive amount of memory and eventually result in a denial of service, with no impact to confidentiality or integrity. Due to this reason, this vulnerability has been rated with an important severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.4.0.Z.EUS:runc-4:1.2.9-1.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:runc-4:1.2.9-1.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:runc-4:1.2.9-1.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:runc-4:1.2.9-1.el9_4.1.src",
"AppStream-9.4.0.Z.EUS:runc-4:1.2.9-1.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:runc-debuginfo-4:1.2.9-1.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:runc-debuginfo-4:1.2.9-1.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:runc-debuginfo-4:1.2.9-1.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:runc-debuginfo-4:1.2.9-1.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:runc-debugsource-4:1.2.9-1.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:runc-debugsource-4:1.2.9-1.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:runc-debugsource-4:1.2.9-1.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:runc-debugsource-4:1.2.9-1.el9_4.1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61726"
},
{
"category": "external",
"summary": "RHBZ#2434432",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2434432"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61726",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61726"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726"
},
{
"category": "external",
"summary": "https://go.dev/cl/736712",
"url": "https://go.dev/cl/736712"
},
{
"category": "external",
"summary": "https://go.dev/issue/77101",
"url": "https://go.dev/issue/77101"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc",
"url": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4341",
"url": "https://pkg.go.dev/vuln/GO-2026-4341"
}
],
"release_date": "2026-01-28T19:30:31.215000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-30T03:29:55+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.4.0.Z.EUS:runc-4:1.2.9-1.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:runc-4:1.2.9-1.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:runc-4:1.2.9-1.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:runc-4:1.2.9-1.el9_4.1.src",
"AppStream-9.4.0.Z.EUS:runc-4:1.2.9-1.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:runc-debuginfo-4:1.2.9-1.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:runc-debuginfo-4:1.2.9-1.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:runc-debuginfo-4:1.2.9-1.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:runc-debuginfo-4:1.2.9-1.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:runc-debugsource-4:1.2.9-1.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:runc-debugsource-4:1.2.9-1.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:runc-debugsource-4:1.2.9-1.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:runc-debugsource-4:1.2.9-1.el9_4.1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:12031"
},
{
"category": "workaround",
"details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.",
"product_ids": [
"AppStream-9.4.0.Z.EUS:runc-4:1.2.9-1.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:runc-4:1.2.9-1.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:runc-4:1.2.9-1.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:runc-4:1.2.9-1.el9_4.1.src",
"AppStream-9.4.0.Z.EUS:runc-4:1.2.9-1.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:runc-debuginfo-4:1.2.9-1.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:runc-debuginfo-4:1.2.9-1.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:runc-debuginfo-4:1.2.9-1.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:runc-debuginfo-4:1.2.9-1.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:runc-debugsource-4:1.2.9-1.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:runc-debugsource-4:1.2.9-1.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:runc-debugsource-4:1.2.9-1.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:runc-debugsource-4:1.2.9-1.el9_4.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.4.0.Z.EUS:runc-4:1.2.9-1.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:runc-4:1.2.9-1.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:runc-4:1.2.9-1.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:runc-4:1.2.9-1.el9_4.1.src",
"AppStream-9.4.0.Z.EUS:runc-4:1.2.9-1.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:runc-debuginfo-4:1.2.9-1.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:runc-debuginfo-4:1.2.9-1.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:runc-debuginfo-4:1.2.9-1.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:runc-debuginfo-4:1.2.9-1.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:runc-debugsource-4:1.2.9-1.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:runc-debugsource-4:1.2.9-1.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:runc-debugsource-4:1.2.9-1.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:runc-debugsource-4:1.2.9-1.el9_4.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang: net/url: Memory exhaustion in query parameter parsing in net/url"
},
{
"cve": "CVE-2025-61729",
"cwe": {
"id": "CWE-1050",
"name": "Excessive Platform Resource Consumption within a Loop"
},
"discovery_date": "2025-12-02T20:01:45.330964+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2418462"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the `HostnameError.Error()` function. This flaw, caused by unbounded string concatenation, leads to excessive resource consumption. Successful exploitation can result in a denial of service (DoS) for the affected system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.4.0.Z.EUS:runc-4:1.2.9-1.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:runc-4:1.2.9-1.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:runc-4:1.2.9-1.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:runc-4:1.2.9-1.el9_4.1.src",
"AppStream-9.4.0.Z.EUS:runc-4:1.2.9-1.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:runc-debuginfo-4:1.2.9-1.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:runc-debuginfo-4:1.2.9-1.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:runc-debuginfo-4:1.2.9-1.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:runc-debuginfo-4:1.2.9-1.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:runc-debugsource-4:1.2.9-1.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:runc-debugsource-4:1.2.9-1.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:runc-debugsource-4:1.2.9-1.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:runc-debugsource-4:1.2.9-1.el9_4.1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61729"
},
{
"category": "external",
"summary": "RHBZ#2418462",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418462"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61729",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61729"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61729",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61729"
},
{
"category": "external",
"summary": "https://go.dev/cl/725920",
"url": "https://go.dev/cl/725920"
},
{
"category": "external",
"summary": "https://go.dev/issue/76445",
"url": "https://go.dev/issue/76445"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4",
"url": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-4155",
"url": "https://pkg.go.dev/vuln/GO-2025-4155"
}
],
"release_date": "2025-12-02T18:54:10.166000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-30T03:29:55+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.4.0.Z.EUS:runc-4:1.2.9-1.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:runc-4:1.2.9-1.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:runc-4:1.2.9-1.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:runc-4:1.2.9-1.el9_4.1.src",
"AppStream-9.4.0.Z.EUS:runc-4:1.2.9-1.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:runc-debuginfo-4:1.2.9-1.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:runc-debuginfo-4:1.2.9-1.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:runc-debuginfo-4:1.2.9-1.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:runc-debuginfo-4:1.2.9-1.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:runc-debugsource-4:1.2.9-1.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:runc-debugsource-4:1.2.9-1.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:runc-debugsource-4:1.2.9-1.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:runc-debugsource-4:1.2.9-1.el9_4.1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:12031"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.4.0.Z.EUS:runc-4:1.2.9-1.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:runc-4:1.2.9-1.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:runc-4:1.2.9-1.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:runc-4:1.2.9-1.el9_4.1.src",
"AppStream-9.4.0.Z.EUS:runc-4:1.2.9-1.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:runc-debuginfo-4:1.2.9-1.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:runc-debuginfo-4:1.2.9-1.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:runc-debuginfo-4:1.2.9-1.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:runc-debuginfo-4:1.2.9-1.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:runc-debugsource-4:1.2.9-1.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:runc-debugsource-4:1.2.9-1.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:runc-debugsource-4:1.2.9-1.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:runc-debugsource-4:1.2.9-1.el9_4.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate"
},
{
"cve": "CVE-2025-68121",
"discovery_date": "2026-02-05T18:01:30.086058+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2437111"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the crypto/tls component. This vulnerability occurs during Transport Layer Security (TLS) session resumption when certificate authority (CA) settings are modified between the initial and resumed handshakes. An attacker could exploit this to bypass certificate validation, allowing a client or server to establish a connection that should have been rejected. This could lead to an authentication bypass under specific conditions.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is a moderate flaw because it only occurs under specific conditions, such as TLS session resumption with runtime changes to certificate authority settings. Exploitation is not straightforward and requires a controlled setup. The impact is limited to certificate validation within the same component and does not affect system availability.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.4.0.Z.EUS:runc-4:1.2.9-1.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:runc-4:1.2.9-1.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:runc-4:1.2.9-1.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:runc-4:1.2.9-1.el9_4.1.src",
"AppStream-9.4.0.Z.EUS:runc-4:1.2.9-1.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:runc-debuginfo-4:1.2.9-1.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:runc-debuginfo-4:1.2.9-1.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:runc-debuginfo-4:1.2.9-1.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:runc-debuginfo-4:1.2.9-1.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:runc-debugsource-4:1.2.9-1.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:runc-debugsource-4:1.2.9-1.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:runc-debugsource-4:1.2.9-1.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:runc-debugsource-4:1.2.9-1.el9_4.1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-68121"
},
{
"category": "external",
"summary": "RHBZ#2437111",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2437111"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-68121",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68121"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-68121",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68121"
},
{
"category": "external",
"summary": "https://go.dev/cl/737700",
"url": "https://go.dev/cl/737700"
},
{
"category": "external",
"summary": "https://go.dev/issue/77217",
"url": "https://go.dev/issue/77217"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk",
"url": "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4337",
"url": "https://pkg.go.dev/vuln/GO-2026-4337"
}
],
"release_date": "2026-02-05T17:48:44.141000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-30T03:29:55+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.4.0.Z.EUS:runc-4:1.2.9-1.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:runc-4:1.2.9-1.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:runc-4:1.2.9-1.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:runc-4:1.2.9-1.el9_4.1.src",
"AppStream-9.4.0.Z.EUS:runc-4:1.2.9-1.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:runc-debuginfo-4:1.2.9-1.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:runc-debuginfo-4:1.2.9-1.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:runc-debuginfo-4:1.2.9-1.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:runc-debuginfo-4:1.2.9-1.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:runc-debugsource-4:1.2.9-1.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:runc-debugsource-4:1.2.9-1.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:runc-debugsource-4:1.2.9-1.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:runc-debugsource-4:1.2.9-1.el9_4.1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:12031"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"AppStream-9.4.0.Z.EUS:runc-4:1.2.9-1.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:runc-4:1.2.9-1.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:runc-4:1.2.9-1.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:runc-4:1.2.9-1.el9_4.1.src",
"AppStream-9.4.0.Z.EUS:runc-4:1.2.9-1.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:runc-debuginfo-4:1.2.9-1.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:runc-debuginfo-4:1.2.9-1.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:runc-debuginfo-4:1.2.9-1.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:runc-debuginfo-4:1.2.9-1.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:runc-debugsource-4:1.2.9-1.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:runc-debugsource-4:1.2.9-1.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:runc-debugsource-4:1.2.9-1.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:runc-debugsource-4:1.2.9-1.el9_4.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption"
},
{
"cve": "CVE-2026-25679",
"cwe": {
"id": "CWE-1286",
"name": "Improper Validation of Syntactic Correctness of Input"
},
"discovery_date": "2026-03-06T22:02:11.567841+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2445356"
}
],
"notes": [
{
"category": "description",
"text": "The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "net/url: Incorrect parsing of IPv6 host literals in net/url",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.4.0.Z.EUS:runc-4:1.2.9-1.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:runc-4:1.2.9-1.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:runc-4:1.2.9-1.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:runc-4:1.2.9-1.el9_4.1.src",
"AppStream-9.4.0.Z.EUS:runc-4:1.2.9-1.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:runc-debuginfo-4:1.2.9-1.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:runc-debuginfo-4:1.2.9-1.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:runc-debuginfo-4:1.2.9-1.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:runc-debuginfo-4:1.2.9-1.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:runc-debugsource-4:1.2.9-1.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:runc-debugsource-4:1.2.9-1.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:runc-debugsource-4:1.2.9-1.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:runc-debugsource-4:1.2.9-1.el9_4.1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-25679"
},
{
"category": "external",
"summary": "RHBZ#2445356",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445356"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-25679",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25679"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-25679",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25679"
},
{
"category": "external",
"summary": "https://go.dev/cl/752180",
"url": "https://go.dev/cl/752180"
},
{
"category": "external",
"summary": "https://go.dev/issue/77578",
"url": "https://go.dev/issue/77578"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk",
"url": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4601",
"url": "https://pkg.go.dev/vuln/GO-2026-4601"
}
],
"release_date": "2026-03-06T21:28:14.211000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-30T03:29:55+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.4.0.Z.EUS:runc-4:1.2.9-1.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:runc-4:1.2.9-1.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:runc-4:1.2.9-1.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:runc-4:1.2.9-1.el9_4.1.src",
"AppStream-9.4.0.Z.EUS:runc-4:1.2.9-1.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:runc-debuginfo-4:1.2.9-1.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:runc-debuginfo-4:1.2.9-1.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:runc-debuginfo-4:1.2.9-1.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:runc-debuginfo-4:1.2.9-1.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:runc-debugsource-4:1.2.9-1.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:runc-debugsource-4:1.2.9-1.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:runc-debugsource-4:1.2.9-1.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:runc-debugsource-4:1.2.9-1.el9_4.1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:12031"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.4.0.Z.EUS:runc-4:1.2.9-1.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:runc-4:1.2.9-1.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:runc-4:1.2.9-1.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:runc-4:1.2.9-1.el9_4.1.src",
"AppStream-9.4.0.Z.EUS:runc-4:1.2.9-1.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:runc-debuginfo-4:1.2.9-1.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:runc-debuginfo-4:1.2.9-1.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:runc-debuginfo-4:1.2.9-1.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:runc-debuginfo-4:1.2.9-1.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:runc-debugsource-4:1.2.9-1.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:runc-debugsource-4:1.2.9-1.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:runc-debugsource-4:1.2.9-1.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:runc-debugsource-4:1.2.9-1.el9_4.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.4.0.Z.EUS:runc-4:1.2.9-1.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:runc-4:1.2.9-1.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:runc-4:1.2.9-1.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:runc-4:1.2.9-1.el9_4.1.src",
"AppStream-9.4.0.Z.EUS:runc-4:1.2.9-1.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:runc-debuginfo-4:1.2.9-1.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:runc-debuginfo-4:1.2.9-1.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:runc-debuginfo-4:1.2.9-1.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:runc-debuginfo-4:1.2.9-1.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:runc-debugsource-4:1.2.9-1.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:runc-debugsource-4:1.2.9-1.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:runc-debugsource-4:1.2.9-1.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:runc-debugsource-4:1.2.9-1.el9_4.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "net/url: Incorrect parsing of IPv6 host literals in net/url"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…