Release date:
2026-06-09 11:23:12 UTC
Description:
- rebuild with newer golang 1.25.7-1.el9_6.tuxcare.els5 to fix the following CVEs
- CVE-2026-32280: fix denial-of-service in crypto/x509 certificate chain
building with a large number of intermediate certificates
- CVE-2026-32282: fix TOCTOU symlink race in os.Root.Chmod on Linux
- CVE-2026-32283: fix TLS 1.3 connection deadlock when multiple key update
messages arrive in a single record
- CVE-2026-32286: fix panic on negative DataRow field length in vendored
jackc/pgproto3
- CVE-2026-34986: fix panic on JWE decryption with key-wrapping algorithms in
vendored go-jose
Updated packages:
-
osbuild-composer-132.2-3.el9_6.alma.1.tuxcare.els3.x86_64.rpm
sha:9a93e12e443b91346dc94714f1cc11d1a6f5706dc224aac5fa67c7191ae4e08d
-
osbuild-composer-core-132.2-3.el9_6.alma.1.tuxcare.els3.x86_64.rpm
sha:8f4109ec556c80631bf6927fa1f78cd5aa2d14e1263e2a61e8929c582f3d9488
-
osbuild-composer-tests-132.2-3.el9_6.alma.1.tuxcare.els3.x86_64.rpm
sha:75e3271a62bd39c0086b3010e37c4f3fabf5b6e64c7f0e5a4a708ac5bd09bf8f
-
osbuild-composer-worker-132.2-3.el9_6.alma.1.tuxcare.els3.x86_64.rpm
sha:25b22a06493d39898ec6b13c120df585a0a69200b4d911558d3959a763373b4d
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.
