Release date:
2026-05-25 11:36:08 UTC
Description:
- Rebuild with golang 1.22.9-1.el9_2.tuxcare.els9 and patch go-jose to fix
CVE-2026-32280, CVE-2026-34986
- CVE-2026-32280: limit processing of attacker-supplied intermediate
certificates during chain building and introduce bound on number of
intermediates, preventing uncontrolled work and denial of service
- CVE-2026-34986: reject too-short ciphertext in vendored go-jose
cipher.KeyUnwrap to prevent a denial-of-service panic when decrypting
a JWE with an attacker-controlled Encrypted Key
Updated packages:
-
podman-4.4.1-13.el9_2.tuxcare.els12.x86_64.rpm
sha:c033fd95d454e9c536eea6ef0735749d6387a0154d6bdf7557992049ec91d7f5
-
podman-docker-4.4.1-13.el9_2.tuxcare.els12.noarch.rpm
sha:fdde041cb2f7ae7641447482ee9a6c995373d306eaed8a6b7bbedf7aded21659
-
podman-gvproxy-4.4.1-13.el9_2.tuxcare.els12.x86_64.rpm
sha:363cf4bda23531856d4177bb5921ab08f264c6bf7e48e69f600c2941f97d2c04
-
podman-plugins-4.4.1-13.el9_2.tuxcare.els12.x86_64.rpm
sha:f8b7f3c005a8793f5c3e5450dfabce3963a9290145df9eb39782f735f99aa041
-
podman-remote-4.4.1-13.el9_2.tuxcare.els12.x86_64.rpm
sha:55f23759d002a306fa8c4fe01d9215bc11a7378532307e00ea38d11e0a10e324
-
podman-tests-4.4.1-13.el9_2.tuxcare.els12.x86_64.rpm
sha:e8e54a9ad09de0916317ad35fa72fd08e96e81bdb362531b325139f9ff5ca4fa
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.
