Release date:
2026-06-12 09:03:39 UTC
Description:
- CVE-2026-34986: fix denial-of-service panic in vendored go-jose (v3 and v4)
cipher.KeyUnwrap when decrypting a JWE whose key-wrapping algorithm has an
empty or too-short Encrypted Key, by guarding against a non-positive block
count before allocating
- rebuild with newer golang version 1.25.7-1.el9_6.tuxcare.els5 to fix the following CVEs
- CVE-2026-32280: fix denial-of-service in crypto/x509 Certificate.Verify
during certificate chain building with many candidate intermediates
- CVE-2026-32283: fix TLS 1.3 deadlock in crypto/tls when a peer sends
multiple post-handshake key update messages in a single record
Updated packages:
-
skopeo-1.18.1-2.el9_6.tuxcare.els3.x86_64.rpm
sha:8202408ab38de0b7a8a5510a098fd2cb7745b6187c51c86864a4ca3cd84e54c2
-
skopeo-tests-1.18.1-2.el9_6.tuxcare.els3.x86_64.rpm
sha:0c8d46fc7e0a02198af23d5a05ce3187777a60131ed8129f4ae2ddec40701c16
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.
