Release date:
2026-05-25 09:38:19 UTC
Description:
- Rebuild with golang >= 1.25.7-1.el9_6.tuxcare.els5 to fix Go standard library CVEs:
- CVE-2026-32280: cap intermediate certificates in crypto/x509 chain building
to mitigate denial-of-service via excessive chain construction work
- CVE-2026-32283: prevent crypto/tls deadlock when a TLS 1.3 peer sends
multiple key update messages in a single record
- CVE-2026-34986: fix panic in vendored go-jose/v3 when decrypting a JWE whose
alg field requests a key-wrapping algorithm (suffix KW, excluding GCMKW
variants) with an empty encrypted_key
Updated packages:
-
podman-5.4.0-13.el9_6.tuxcare.els5.x86_64.rpm
sha:4f2307e0b47b587eccedd60d2b771e0b57876e3f13c57e5387f26801910a1f35
-
podman-docker-5.4.0-13.el9_6.tuxcare.els5.noarch.rpm
sha:926723c892a0637ade0aab206e1166f4f7459927558a9019e8b718bbf0f667e6
-
podman-plugins-5.4.0-13.el9_6.tuxcare.els5.x86_64.rpm
sha:1cc4d3d4979c4914ad60fa611341fb01e063d2aef8745908b0497da169993d71
-
podman-remote-5.4.0-13.el9_6.tuxcare.els5.x86_64.rpm
sha:d2d28d6f8bb2388b69599c5d2db1c888177072bd42e10a66c0b09372a408e85a
-
podman-tests-5.4.0-13.el9_6.tuxcare.els5.x86_64.rpm
sha:0f81bf055da40cc5e2be6a3d76370591b404a6f40baf91ad248920ada6fd115d
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.
