[CLSA-2026:1775054341] Fix CVE(s): CVE-2026-21218
Type:
security
Severity:
Important
Release date:
2026-04-01 14:39:07 UTC
Description:
* SECURITY UPDATE: COSE header validation bypass via indefinite-length CBOR - debian/patches/CVE-2026-21218.patch: fix DecodeBucket and AreAllMandatoryHeadersPresent to iterate CBOR maps/arrays using PeekState loop instead of length-based for loop, preventing indefinite-length encodings from skipping header validation; wrap ArgumentException from CoseHeaderMap.Add into CryptographicException - CVE-2026-21218
Updated packages:
  • aspnetcore-runtime-7.0_7.0.120-1+tuxcare.els6_amd64.deb
    sha:e00714ea7f5fdbd815cf20da7e33826351a631e9
  • aspnetcore-targeting-pack-7.0_7.0.120-1+tuxcare.els6_amd64.deb
    sha:ecd21b920afd7ada4e5cce98599d81beb97adc3b
  • dotnet7_7.0.120-1+tuxcare.els6_amd64.deb
    sha:68546bdd31b0df0f1db660749619becc4f8985a8
  • dotnet7-apphost-pack-7.0_7.0.120-1+tuxcare.els6_amd64.deb
    sha:2827520694b34f383577ab910d2c85e4542abdc2
  • dotnet7-host-7.0_7.0.120-1+tuxcare.els6_amd64.deb
    sha:90946cffa71f057c03d0bd8c660c08d2bfdfd444
  • dotnet7-hostfxr-7.0_7.0.120-1+tuxcare.els6_amd64.deb
    sha:1fbdbe289e5c57d3c90e41060c3e66fe4ee33f44
  • dotnet7-runtime-7.0_7.0.120-1+tuxcare.els6_amd64.deb
    sha:9084692c874230272fca74f6f2be7cde48d54323
  • dotnet7-sdk-7.0_7.0.120-1+tuxcare.els6_amd64.deb
    sha:1affd1e5bfed19555b7004d9d5ec50056f7ad61f
  • dotnet7-sdk-7.0-source-built-artifacts_7.0.120-1+tuxcare.els6_amd64.deb
    sha:47818ed0731a631ac3ca873238b589e16822a01d
  • dotnet7-targeting-pack-7.0_7.0.120-1+tuxcare.els6_amd64.deb
    sha:8a46323f84d89bf719637d843222ef70f20a8271
  • dotnet7-templates-7.0_7.0.120-1+tuxcare.els6_amd64.deb
    sha:c3dc0992a8b1cee9b644c70c0f05aed1e6364ab6
  • netstandard-targeting-pack-2.1-7.0_7.0.120-1+tuxcare.els6_amd64.deb
    sha:4b76c43179902bb84ffc8e3e39da9069dbaf10e0
  • aspnetcore-runtime-7.0_7.0.120-1+tuxcare.els6_arm64.deb
    sha:a9a5c2010044018258320700570451c6b4ca25e7
  • aspnetcore-targeting-pack-7.0_7.0.120-1+tuxcare.els6_arm64.deb
    sha:7f964759c95379ae121035ad349959fd2f7b2340
  • dotnet7_7.0.120-1+tuxcare.els6_arm64.deb
    sha:0a515fcf2631ce9937b46e37abfed09b23fe0af4
  • dotnet7-apphost-pack-7.0_7.0.120-1+tuxcare.els6_arm64.deb
    sha:4b4c6e819ed69bb1c8268f6fade17487ba235320
  • dotnet7-host-7.0_7.0.120-1+tuxcare.els6_arm64.deb
    sha:beca6bc2a35a11e31879dd7ba23c90a1914a168d
  • dotnet7-hostfxr-7.0_7.0.120-1+tuxcare.els6_arm64.deb
    sha:60364a207d3d35471c0cb453ce91a422fc311268
  • dotnet7-runtime-7.0_7.0.120-1+tuxcare.els6_arm64.deb
    sha:cf0aaa8e7b9a6c0d09bd8a4e6116e3f81a4dc1b6
  • dotnet7-sdk-7.0_7.0.120-1+tuxcare.els6_arm64.deb
    sha:1cf34c45fb43be8a1a9803a38699da62156f04ac
  • dotnet7-sdk-7.0-source-built-artifacts_7.0.120-1+tuxcare.els6_arm64.deb
    sha:a3e344325ec7f017d6acd558f0c68d409b80b68c
  • dotnet7-targeting-pack-7.0_7.0.120-1+tuxcare.els6_arm64.deb
    sha:ea4409113d2b1776be02a51d51c36f71366837ab
  • dotnet7-templates-7.0_7.0.120-1+tuxcare.els6_arm64.deb
    sha:5cd87e92b429ec6750ff080dac4c43eaa1159f74
  • netstandard-targeting-pack-2.1-7.0_7.0.120-1+tuxcare.els6_arm64.deb
    sha:816411a615d6f93601b3f01aea5f07a5faa75cfa
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.