Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
Does sandboxing completely stop hackers?
Loading...
Explore Latest Linux Security advisories
We found 9,991 articles for you...
100
security advisorydenial of serviceSuSESUSE Libarchive Important Denial of Service and Code Exec 2026-22241-1
An update that solves five vulnerabilities can now be installed.. # Security update for libarchive Announcement ID: SUSE-SU-2026:22241-1 Release Date: 2026-06-18T08:00:08Z Rating: important References: * bsc#1253088 * bsc#1259635 * bsc#1259928 * bsc#1259931 * bsc#1261186 Cross-References: * CVE-2025-60753 * CVE-2026-4111 * CVE-2026-4424 * CVE-2026-4426 * CVE-2026-5121 CVSS scores: * CVE-2025-60753 ( SUSE ): 5.6 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-60753 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2025-60753 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-4111 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-4111 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-4111 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-4424 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-4424 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2026-4424 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2026-4426 ( SUSE ): 8.3 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2026-4426 ( SUSE ): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H * CVE-2026-4426 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-5121 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-5121 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H * CVE-2026-5121 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-5121 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Affected Products: * SUSE Linux Micro 6.0 An update that solves five vulnerabilities can now be installed. ## Description: This update for libarchive fixes the following issues * CVE-2025-60753: bsdtar hangs and OOMs with zero-length patternmatches (bsc#1253088). * CVE-2026-4111: logical deadlock the RAR5 filter subsystem and the half- window output limiter leads to infinite loop and DoS (bsc#1259635). * CVE-2026-4424: information disclosure via heap out-of-bounds read in RAR archive processing (bsc#1259928). * CVE-2026-4426: undefined behavior due to unvalidated operand in shift expression of the zisofs decompression code (bsc#1259931). * CVE-2026-5121: arbitrary code execution via integer overflow in ISO9660 image processing (bsc#1261186). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.0 zypper in -t patch SUSE-SLE-Micro-6.0-762=1 ## Package List: * SUSE Linux Micro 6.0 (aarch64 s390x x86_64) * libarchive13-debuginfo-3.6.2-6.1 * libarchive13-3.6.2-6.1 * libarchive-debugsource-3.6.2-6.1 ## References: * https://www.suse.com/security/cve/CVE-2025-60753.html * https://www.suse.com/security/cve/CVE-2026-4111.html * https://www.suse.com/security/cve/CVE-2026-4424.html * https://www.suse.com/security/cve/CVE-2026-4426.html * https://www.suse.com/security/cve/CVE-2026-5121.html * https://bugzilla.suse.com/show_bug.cgi?id=1253088 * https://bugzilla.suse.com/show_bug.cgi?id=1259635 * https://bugzilla.suse.com/show_bug.cgi?id=1259928 * https://bugzilla.suse.com/show_bug.cgi?id=1259931 * https://bugzilla.suse.com/show_bug.cgi?id=1261186 . Five vulnerabilities in libarchive have received an important security update. Ensure system integrity with this patch.. SUSE vulnerabilities libarchive security update important. . Severity: Important. LinuxSecurity.com Team
Jun 25, 2026
•Important
SuSE
100
security advisorydenial of serviceSuSESUSE Google-Osconfig-Agent Important Denial of Service Vuln 2026-22242-1
An update that solves 23 vulnerabilities can now be installed.. # Security update for google-osconfig-agent Announcement ID: SUSE-SU-2026:22242-1 Release Date: 2026-06-22T09:17:37Z Rating: important References: * bsc#1210938 * bsc#1236533 * bsc#1239948 * bsc#1244304 * bsc#1244503 * bsc#1251453 * bsc#1251704 * bsc#1260264 * bsc#1262926 * bsc#1264923 * bsc#1265762 * bsc#1266171 * bsc#1266603 Cross-References: * CVE-2023-45288 * CVE-2024-45339 * CVE-2025-22868 * CVE-2025-47911 * CVE-2025-58190 * CVE-2026-33186 * CVE-2026-33814 * CVE-2026-34986 * CVE-2026-39821 * CVE-2026-39827 * CVE-2026-39828 * CVE-2026-39829 * CVE-2026-39830 * CVE-2026-39831 * CVE-2026-39832 * CVE-2026-39833 * CVE-2026-39834 * CVE-2026-39835 * CVE-2026-41506 * CVE-2026-42508 * CVE-2026-46595 * CVE-2026-46597 * CVE-2026-46598 CVSS scores: * CVE-2023-45288 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2023-45288 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2023-45288 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2024-45339 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-45339 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H * CVE-2024-45339 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N * CVE-2025-22868 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-22868 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-22868 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-47911 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2025-47911 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2025-47911 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2025-47911 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2025-58190 ( SUSE): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2025-58190 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2025-58190 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2025-58190 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-33186 ( SUSE ): 8.6 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-33186 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N * CVE-2026-33186 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N * CVE-2026-33814 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-33814 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-33814 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-34986 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-34986 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-34986 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-39821 ( SUSE ): 9.1 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-39821 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N * CVE-2026-39821 ( NVD ): 9.6 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N * CVE-2026-39827 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-39827 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-39827 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-39828 ( SUSE ): 8.6 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-39828 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N * CVE-2026-39828 ( NVD ): 6.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L * CVE-2026-39829 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-39829 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-39829 ( NVD): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-39830 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-39830 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-39830 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H * CVE-2026-39831 ( SUSE ): 8.6 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-39831 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N * CVE-2026-39831 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N * CVE-2026-39832 ( SUSE ): 6.2 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N * CVE-2026-39832 ( SUSE ): 8.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N * CVE-2026-39832 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N * CVE-2026-39833 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-39833 ( SUSE ): 7.7 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N * CVE-2026-39833 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N * CVE-2026-39834 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-39834 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-39834 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H * CVE-2026-39835 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-39835 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-39835 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-41506 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-41506 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N * CVE-2026-41506 ( NVD ): 4.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N * CVE-2026-41506 ( NVD ): 7.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N * CVE-2026-42508 ( SUSE ): 8.6 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-42508 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N * CVE-2026-42508 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N * CVE-2026-46595 ( SUSE ): 8.6 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-46595 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N * CVE-2026-46595 ( NVD ): 10.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L * CVE-2026-46597 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-46597 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-46597 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-46598 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-46598 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-46598 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Products: * SUSE Linux Micro 6.0 An update that solves 23 vulnerabilities can now be installed. ## Description: This update for google-osconfig-agent fixes the following issues * CVE-2023-45288: golang.org/x/net/http2: close connections when receiving too many headers (bsc#1236533). * CVE-2025-47911: golang.org/x/net/html: various algorithms with quadratic complexity when parsing HTML documents (bsc#1251453). * CVE-2025-58190: golang.org/x/net/html: excessive memory consumption by `html.ParseFragment` when processing specially crafted input (bsc#1251704). * CVE-2026-33186: google.golang.org/grpc: authorization bypass due to improper validation of the HTTP/2 :path pseudo- header (bsc#1260264). * CVE-2026-33814: golang.org/x/net/http2: infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE (bsc#1265762). * CVE-2026-34986: github.com/go-jose/go-jose/v4: crafted JWE input with a missing encrypted key can lead to a denial of service (bsc#1262926). * CVE-2026-39821: golang.org/x/net/idna: failure to reject ASCII-only Punycode-encoded labels allows for validation bypass and privilege escalation (bsc#1266603). * CVE-2026-39827: Invoking memory leak when rejecting channels can lead to DoS in golang.org/x/crypto/ssh (bsc#1266171). * CVE-2026-39828: Invoking bypass of certificate restrictions in golang.org/x/crypto/ssh (bsc#1266171). * CVE-2026-39829: Invoking pathological RSA/DSA parameters may cause DoS in golang.org/x/crypto/ssh (bsc#1266171). * CVE-2026-39830: Invoking client can cause server deadlock on unexpected responses in golang.org/x/crypto/ssh (bsc#1266171). * CVE-2026-39831: Invoking bypass of FIDO/U2F security keys physical interaction in golang.org/x/crypto/ssh (bsc#1266171). * CVE-2026-39832: Invoking agent constraints dropped when forwarding keys in golang.org/x/crypto/ssh/agent (bsc#1266171). * CVE-2026-39833: Invoking key constraints not enforced in golang.org/x/crypto/ssh/agent (bsc#1266171). * CVE-2026-39834: Invoking infinite loop on large channel writes in golang.org/x/crypto/ssh (bsc#1266171). * CVE-2026-39835: Invoking server panic during CheckHostKey/Authenticate in golang.org/x/crypto/ssh (bsc#1266171). * CVE-2026-42508: Invoking auth bypass via unenforced @revoked status in golang.org/x/crypto/ssh/knownhosts (bsc#1266171). * CVE-2026-46595: Invoking VerifiedPublicKeyCallback permissions skip enforcement in golang.org/x/crypto/ssh (bsc#1266171). * CVE-2026-46597: Invoking byte arithmetic causes underflow and panic in golang.org/x/crypto/ssh (bsc#1266171). * CVE-2026-46598: Invoking pathological inputs can lead to client panic in golang.org/x/crypto/ssh/agent (bsc#1266171). * CVE-2026-41506: github.com/go-git/go-git/v5: HTTP authentication credential leak when following redirects during smart-HTTP clone and fetch operations (bsc#1264923). Changes for google-osconfig-agent: * Update to version 20260615.01 * Upgrade golang.org/x/crypto & golang.org/x/net (#1006) * from version 20260615.00 * Add unit testsfor ospatch_apt_upgrade.go (#938) * Update to version 20260611.00 * Add unit tests for policies/policies.go PART 5 (#998) * from version 20260610.00 * Add unit tests for policies/policies.go PART 4 (#997) * from version 20260609.02 * squash commits (#936) * from version 20260609.01 * Add unit tests for policies/policies.go PART 3 (#996) * from version 20260609.00 * Add unit tests for policies/policies.go PART 2 (#991) * from version 20260602.01 * Align format of dates and timestamp collected across Windows packages (#973) * from version 20260602.00 * Add unit tests for config/config,go (#979) * from version 20260528.00 * Bump github.com/containerd/containerd (#990) * from version 20260521.00 * Cover agentconfig functionality by unit tests (#925) * from version 20260520.04 * Add unit tests for policies/googet.go (#961) * Bump github.com/go-git/go-git/v5 (#987) * from version 20260520.02 * Add unit tests for policies/yum.go (#952) * Add unit tests for policies/apt.go PART 3 (#951) * from version 20260520.00 * Add unit tests for policies/zypper.go (#953) * from version 20260519.00 * Add unit tests for policies/policies.go PART 1 (#949) * from version 20260513.01 * Bump github.com/go-git/go-git/v5 (#981), this also updates golang.org/x/net to v0.53.0 (bsc#1265762, CVE-2026-33814) * from version 20260513.00 * upgrade a few packages (#980) * from version 20260512.02 * Add/improve unit tests for agentendpoint/exec_task.go (#933) * from version 20260512.01 * Cover google_update.go by unit tests (#941) * from version 20260512.00 * Change zone for arm64 builds because of stockout (#978) * Update to version 20260511.00 * switch to t2a-standard-2 on ARM package build (#977) * from version 20260505.03 * Cover zypper_patch by unit tests (#958) * from version 20260505.02 * Remove unused functions DisableAutoUpdates (#970) * from version 20260505.01 * Bump go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc (#966) * from version 20260505.00 * Upgrade a few dependencies across the repo (#968) * github.com/go-git/go-git/v5 5.16.2-> 5.18.0 (bsc#1264923, CVE-2026-41506) * github.com/go-jose/go-jose/v4 4.1.3-> 4.1.4 (bsc#1262926, CVE-2026-34986) * github.com/go-viper/mapstructure/v2 2.3.0-> 2.4.0 * go.opentelemetry.io/otel 1.40.0-> 1.41.0 * go.opentelemetry.io/otel/sdk 1.39.0-> 1.43.0 * from version 20260504.01 * bump github.com/docker/cli to 29.2.0 (#962) * from version 20260504.00 * Bump github.com/opencontainers/selinux (#960) * Update to version 20260428.00 * Add/improve unit tests for agentendpoint/agentendpoint.go (#930) * from version 20260427.03 * Cover config/file.go by unit tests (#935) * from version 20260422.01 * Cover patch_linux.go by unit tests (#932) * from version 20260422.00 * upgrade grpc package in main package and e2e tests (#959) (bsc#1260264, CVE-2026-33186) * from version 20260417.04 * Bump OSV-Scalibr version to v0.4.3 (#956) * from version 20260417.03 * Add unit tests for updates_linux.go (#937) * from version 20260417.02 * Add zone to CreateDisk step (#955) * from version 20260417.01 * Change disk type for deb11 (#954) * from version 20260417.00 * Add unit tests for policies/apt.go PART 1 (#950) * from version 20260410.02 * Add unit tests for packages/pty_linux.go (#943) * from version 20260410.01 * fix disk type for arm workflows (#948) * from version 20260410.00 * Change machine type for arm based workflows (#946) * Update to version 20260330.00 * bump timeouts for all workflows (#940) * from version 20260326.00 * Cover exec_resource.go by unit tests (#934) * from version 20260318.00 * Integrate OSConfig agent with ReportVmInventory (#923) * from version 20260313.02 * remove cacheonly flag from yum upgrade (#924) * from version 20260313.01 * conditions python version override (#927) * from version 20260313.00 * Fixpresubmits by explicitly set python version for rpm based systems (#926) * from version 20260311.00 * Bump osconfig version (#922) * from version 20260309.02 * Extend OSV scalibr extractor (#921) * from version 20260309.01 * upgrade golang.org/x/crypto and it's transitive deps (#918) * from version 20260309.00 * Add purl to pkg info (#920) * from version 20260306.00 * Add 'Type' field to PkgInfo (#919) * from version 20260303.01 * Upgrade go.opentelemetry.io/otel/sdk (#913) * from version 20260303.00 * Bump github.com/vbatts/tar-split from 0.11.5 to 0.12.2 (#908) * from version 20260302.00 * Bump github.com/spdx/tools-golang from 0.5.3 to 0.5.7 (#906) * from version 20260126.00 * Bump go.opentelemetry.io/otel/sdk from 1.38.0 to 1.39.0 (#905) * Bump github.com/sirupsen/logrus (#894) * Update to version 20260119.00 * Bump cloud.google.com/go/storage from 1.56.0 to 1.58.0 (#899) * Update to version 20251230.00 * chore: Migrate gsutil usage to gcloud storage (#904) * from version 20251223.00 * fix e2e tests for report inventory (#903) * from version 20251222.01 * Revert "Bump cloud.google.com/go/longrunning from 0.6.3 to 0.7.0 (#882)" (#902) * from version 20251222.00 * Bump golang to the new version (#900) * from version 20251218.00 * add new CODEOWNERS (#901) * from version 20251217.00 * Bump cloud.google.com/go/longrunning from 0.6.3 to 0.7.0 (#882) * Bump the golang compiler version to 1.24.5 * Update to version 20251202.00 * Revert "Bump github.com/spdx/tools-golang from 0.5.3 to 0.5.5 (#887)" (#893) * Update to version 20251201.00 * Revert "Bump github.com/containerd/containerd (#890)" (#892) * Update to version 20251126.00 * Bump github.com/containerd/containerd (#890) * Bump github.com/spdx/tools-golang from 0.5.3 to 0.5.5 (#887) * Update to version 20251028.00 * Bump go.opentelemetry.io/otel/sdk/metric from 1.35.0 to 1.38.0 (#886) * Bump github.com/tidwall/pretty from 1.2.0 to 1.2.1 (#880) * from version20251023.02 * Create multiple_os.yaml (#883) * from version 20251023.00 * Bump github.com/docker/go-connections from 0.4.0 to 0.6.0 (#877) * Add test runner for e2e tests (#876) * Update to version 20250925.00 * Bump cloud.google.com/go/auth/oauth2adapt from 0.2.7 to 0.2.8 (#870) * Bump google.golang.org/protobuf from 1.36.6 to 1.36.9 (#874) * Bump go.opentelemetry.io/otel from 1.35.0 to 1.38.0 (#872) * Bump github.com/golang/glog from 1.2.4 to 1.2.5 (#830) * Update to version 20250902.01 * Bump github.com/googleapis/enterprise-certificate-proxy (#829) * from version 20250902.00 * update github.com/go-jose/go-jose/v4 (#869) * Upgrade scalibr and other deps (#866) * from version 20250901.00 * Fix possibility of path traversal for zip and tar archival (#868) * from version 20250825.00 * set CODEOWNERS file as required by org (#863) * from version 20250819.00 * Fix/rhel10 build centos image (#860) * from version 20250814.00 * Fix/rhel10 build image (#859) * from version 20250813.00 * Fix: Add RHEL 10 support to RPM startup script (#858) * from version 20250811.00 * Remove old/sles-15-sp4-sap as image is deprecated (#857) * Update to version 20250806.00 * Fixed JSON identifier for the universe domain (#855) * from version 20250729.00 * Bump github.com/google/s2a-go from 0.1.8 to 0.1.9 (#828) * from version 20250725.02 * Update utils.go (#854) * Upgrade golang.org/x/oauth2 package to the latest. (#853) * Bump golang.org/x/time from 0.9.0 to 0.12.0 (#839) * from version 20250725.01 * Bump golang.org/x/oauth2 (#848) * Port fix for debian 11 to goo package manager. (#852) * from version 20250725.00 * Update Golang version in common.sh and skip backports repo for debian 11 (#850) * from version 20250723.01 * Add workflows to build package for el10 (#849) * from version 20250721.00 * Make OS Config agent TPC aware (#846) * from version 20250718.00 * Create workflows for new Debian 13. (#847) * Update to version 20250703.00 *Fix sles images (#844) * from version 20250702.00 * Remove rhel-sap 8-4 add rhel-sap 8-10 (#843) * from version 20250701.00 * Bump the go_modules group across 1 directory with 2 updates (#840) * Update to version 20250606.00 * Change base docker images Google's official base images. (#838) * Update to version 20250523.01 * Add a simple no-op OS policy for user testing (#837) * from version 20250523.00 * Introduce scalibr inventory extractor for dpkg/rpm/cos os/filesystem extractors (linux) (#834) * Trace GetInstalledPackages memory levels (#835) * from version 20250520.00 * Update to version 20250513.00 * Fix rpm extractor, handle (none) value correctly. (#833) * from version 20250512.01 * Bump github.com/envoyproxy/go-control-plane from 0.13.1 to 0.13.4 (#816) * from version 20250512.00 * Bump golang.org/x/net from 0.39.0 to 0.40.0 (#819) * from version 20250508.01 * cosmetic refactoring to osinfo package (#826) * from version 20250508.00 * Refactor /inventory with dependency injection (#825) * Add debian, ubuntu (InstalledDebPackages) snapshots (#821) * cover packages_linux.go file with tests (#824) * Add debian (10,11,12) GetPackageUpdates output snapshots (#822) * from version 20250507.00 * Add InstalledRPMPackages snapshot tests (#823) * from version 20250506.02 * Yum tests: simplify initialization of exit errors (#820) * from version 20250506.01 * Improve test coverage for gem package manager (#818) * from version 20250506.00 * after go/x/crypto update 0.32.0 -> 0.37.0 (#817) * from version 20250505.01 * Improve packages package coverage (#814) * Bump golang.org/x/net from 0.34.0 to 0.39.0 (#807) * from version 20250505.00 * Bump golang.org/x/crypto from 0.32.0 to 0.37.0 (#806) * from version 20250430.00 * Snapshot YumUpdates (GetPackageUpdates) output (#813) * from version 20250428.00 * Snapshot ZypperPatches, ZypperUpdates (GetPackageUpdates) output for sles 12, 15 testdata (#812) * from version 20250423.00 *Introduce MatchSnapshot large test results matcher function, snapshot apt- deb GetPackageUpdates (#811) * from version 20250416.02 * defaultSleeper: tolerate 10% difference to reduce test flakiness (#810) * Add output of some packagemanagers to the testdata (#808) * from version 20250416.01 * Refactor OS Info package (#809) * from version 20250416.00 * Report RPM inventory as YUM instead of empty SoftwarePackage when neither Zypper nor YUM are installed. (#805) * from version 20250414.00 * Update hash computation algorithm (#799) * Update to version 20250320.00 * Bump github.com/envoyproxy/protoc-gen-validate from 1.1.0 to 1.2.1 (#797) * from version 20250318.00 * Bump go.opentelemetry.io/otel/sdk/metric from 1.32.0 to 1.35.0 (#793) * from version 20250317.02 * Bump cel.dev/expr from 0.18.0 to 0.22.0 (#792) * Bump github.com/golang/glog from 1.2.3 to 1.2.4 in the go_modules group (#785) * from version 20250317.01 * Bump cloud.google.com/go/logging from 1.12.0 to 1.13.0 (#774) * from version 20250317.00 * Add tests for retryutil package. (#795) * from version 20250306.00 * Update OWNERS (#794) * from version 20250206.01 * Use separate counters for pre- and post-patch reboots. (#788) * from version 20250206.00 * Update owners (#789) * from version 20250203.00 * Fix the vet errors for contants in logging (#786) * from version 20250122.00 * change available package check (#783) * from version 20250121.00 * Fix Inventory reporting e2e tests. (#782) * from version 20250120.00 * fix e2e tests (#781) * Add -buildmode=pie to go build command line (bsc#1239948) * from version 20240501.00 (bsc#1236533, CVE-2023-45288) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.0 zypper in -t patch SUSE-SLE-Micro-6.0-764=1 ## Package List: * SUSE Linux Micro 6.0(aarch64 s390x x86_64) * google-osconfig-agent-20260615.01-1.1 * google-osconfig-agent-debuginfo-20260615.01-1.1 ## References: * https://www.suse.com/security/cve/CVE-2023-45288.html * https://www.suse.com/security/cve/CVE-2024-45339.html * https://www.suse.com/security/cve/CVE-2025-22868.html * https://www.suse.com/security/cve/CVE-2025-47911.html * https://www.suse.com/security/cve/CVE-2025-58190.html * https://www.suse.com/security/cve/CVE-2026-33186.html * https://www.suse.com/security/cve/CVE-2026-33814.html * https://www.suse.com/security/cve/CVE-2026-34986.html * https://www.suse.com/security/cve/CVE-2026-39821.html * https://www.suse.com/security/cve/CVE-2026-39827.html * https://www.suse.com/security/cve/CVE-2026-39828.html * https://www.suse.com/security/cve/CVE-2026-39829.html * https://www.suse.com/security/cve/CVE-2026-39830.html * https://www.suse.com/security/cve/CVE-2026-39831.html * https://www.suse.com/security/cve/CVE-2026-39832.html * https://www.suse.com/security/cve/CVE-2026-39833.html * https://www.suse.com/security/cve/CVE-2026-39834.html * https://www.suse.com/security/cve/CVE-2026-39835.html * https://www.suse.com/security/cve/CVE-2026-41506.html * https://www.suse.com/security/cve/CVE-2026-42508.html * https://www.suse.com/security/cve/CVE-2026-46595.html * https://www.suse.com/security/cve/CVE-2026-46597.html * https://www.suse.com/security/cve/CVE-2026-46598.html * https://bugzilla.suse.com/show_bug.cgi?id=1210938 * https://bugzilla.suse.com/show_bug.cgi?id=1236533 * https://bugzilla.suse.com/show_bug.cgi?id=1239948 * https://bugzilla.suse.com/show_bug.cgi?id=1244304 * https://bugzilla.suse.com/show_bug.cgi?id=1244503 * https://bugzilla.suse.com/show_bug.cgi?id=1251453 * https://bugzilla.suse.com/show_bug.cgi?id=1251704 * https://bugzilla.suse.com/show_bug.cgi?id=1260264 * https://bugzilla.suse.com/show_bug.cgi?id=1262926 * https://bugzilla.suse.com/show_bug.cgi?id=1264923 *https://bugzilla.suse.com/show_bug.cgi?id=1265762 * https://bugzilla.suse.com/show_bug.cgi?id=1266171 * https://bugzilla.suse.com/show_bug.cgi?id=1266603 . A recent SUSE update addresses 23 important vulnerabilities in google-osconfig-agent. Implement updates promptly.. SUSE, google-osconfig-agent, security update, vulnerabilities, important patch. . Severity: Important. LinuxSecurity.com Team
Jun 25, 2026
•Important
SuSE
100
security advisorydenial of servicebuffer overflowSUSE Freeipmi Important Denial of Service Vulnerability 2026-22243-1
An update that solves one vulnerability can now be installed.. # Security update for freeipmi Announcement ID: SUSE-SU-2026:22243-1 Release Date: 2026-06-19T14:13:32Z Rating: important References: * bsc#1267605 Cross-References: * CVE-2026-50031 CVSS scores: * CVE-2026-50031 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-50031 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Micro 6.0 An update that solves one vulnerability can now be installed. ## Description: This update for freeipmi fixes the following issue * CVE-2026-50031: denial of service via buffer overflow in ipmi-oem client (bsc#1267605). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.0 zypper in -t patch SUSE-SLE-Micro-6.0-763=1 ## Package List: * SUSE Linux Micro 6.0 (aarch64) * libfreeipmi17-debuginfo-1.6.11-3.1 * libfreeipmi17-1.6.11-3.1 * freeipmi-debugsource-1.6.11-3.1 ## References: * https://www.suse.com/security/cve/CVE-2026-50031.html * https://bugzilla.suse.com/show_bug.cgi?id=1267605 . Critical update for SUSE Linux Micro solving denial of service risk in freeipmi application. Immediate action recommended!. SUSE Linux Micro, freeipmi security, buffer overflow, denial of service. . Severity: Important. LinuxSecurity.com Team
Jun 25, 2026
•Important
SuSE
100
security advisorydenial of servicebuffer overflowSUSE Linux Micro Freeipmi Important Denial of Service Fix 2026-22246-1
An update that solves one vulnerability can now be installed.. # Security update for freeipmi Announcement ID: SUSE-SU-2026:22246-1 Release Date: 2026-06-18T07:49:35Z Rating: important References: * bsc#1267605 Cross-References: * CVE-2026-50031 CVSS scores: * CVE-2026-50031 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-50031 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Micro 6.1 An update that solves one vulnerability can now be installed. ## Description: This update for freeipmi fixes the following issue * CVE-2026-50031: denial of service via buffer overflow in ipmi-oem client (bsc#1267605). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.1 zypper in -t patch SUSE-SLE-Micro-6.1-584=1 ## Package List: * SUSE Linux Micro 6.1 (aarch64) * libfreeipmi17-debuginfo-1.6.14-slfo.1.1_3.1 * libfreeipmi17-1.6.14-slfo.1.1_3.1 * freeipmi-debugsource-1.6.14-slfo.1.1_3.1 ## References: * https://www.suse.com/security/cve/CVE-2026-50031.html * https://bugzilla.suse.com/show_bug.cgi?id=1267605 . This update addresses important issues with SUSE freeipmi to resolve denial of service threats effectively.. SUSE Linux, freeipmi update, important security patch, buffer overflow fix, denial of service risk. . Severity: Important. LinuxSecurity.com Team
Jun 25, 2026
•Important
SuSE
100
security advisorymoderatebuffer overflowSUSE Linux Micro 6.1 Advisory 2026-22247-1 Crun Moderate Issue Fix
An update that solves one vulnerability can now be installed.. # Security update for crun Announcement ID: SUSE-SU-2026:22247-1 Release Date: 2026-06-22T07:17:05Z Rating: moderate References: * bsc#1268302 Cross-References: * CVE-2026-47766 CVSS scores: * CVE-2026-47766 ( SUSE ): 6.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L Affected Products: * SUSE Linux Micro 6.1 An update that solves one vulnerability can now be installed. ## Description: This update for crun fixes the following issue * CVE-2026-47766: crun follows rootfs /dev symlink while creating default devices (bsc#1268302). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.1 zypper in -t patch SUSE-SLE-Micro-6.1-585=1 ## Package List: * SUSE Linux Micro 6.1 (aarch64) * crun-debuginfo-1.15-slfo.1.1_2.1 * crun-1.15-slfo.1.1_2.1 ## References: * https://www.suse.com/security/cve/CVE-2026-47766.html * https://bugzilla.suse.com/show_bug.cgi?id=1268302 . Crun security fix addresses a moderate issue in SUSE Linux Micro 6.1, improving system access management and stability.. SUSE Linux Micro, Crun Update, System Access, Security Fix, SUSE Advisory. . Severity: moderate. LinuxSecurity.com Team
Jun 25, 2026
•moderate
SuSE
100
security advisorySuSEDoSSUSE Libarchive Important Fix DoS Information Disclosure 2026-22248-1
An update that solves five vulnerabilities can now be installed.. # Security update for libarchive Announcement ID: SUSE-SU-2026:22248-1 Release Date: 2026-06-22T09:08:13Z Rating: important References: * bsc#1253088 * bsc#1259635 * bsc#1259928 * bsc#1259931 * bsc#1261186 Cross-References: * CVE-2025-60753 * CVE-2026-4111 * CVE-2026-4424 * CVE-2026-4426 * CVE-2026-5121 CVSS scores: * CVE-2025-60753 ( SUSE ): 5.6 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-60753 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2025-60753 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-4111 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-4111 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-4111 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-4424 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-4424 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2026-4424 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2026-4426 ( SUSE ): 8.3 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2026-4426 ( SUSE ): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H * CVE-2026-4426 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-5121 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-5121 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H * CVE-2026-5121 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-5121 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Affected Products: * SUSE Linux Micro 6.1 An update that solves five vulnerabilities can now be installed. ## Description: This update for libarchive fixes the following issues * CVE-2025-60753: bsdtar hangs and OOMs with zero-length patternmatches (bsc#1253088). * CVE-2026-4111: logical deadlock the RAR5 filter subsystem and the half- window output limiter leads to infinite loop and DoS (bsc#1259635). * CVE-2026-4424: information disclosure via heap out-of-bounds read in RAR archive processing (bsc#1259928). * CVE-2026-4426: undefined behavior due to unvalidated operand in shift expression of the zisofs decompression code (bsc#1259931). * CVE-2026-5121: arbitrary code execution via integer overflow in ISO9660 image processing (bsc#1261186). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.1 zypper in -t patch SUSE-SLE-Micro-6.1-586=1 ## Package List: * SUSE Linux Micro 6.1 (aarch64) * libarchive13-debuginfo-3.7.4-slfo.1.1_4.1 * libarchive-debugsource-3.7.4-slfo.1.1_4.1 * libarchive13-3.7.4-slfo.1.1_4.1 ## References: * https://www.suse.com/security/cve/CVE-2025-60753.html * https://www.suse.com/security/cve/CVE-2026-4111.html * https://www.suse.com/security/cve/CVE-2026-4424.html * https://www.suse.com/security/cve/CVE-2026-4426.html * https://www.suse.com/security/cve/CVE-2026-5121.html * https://bugzilla.suse.com/show_bug.cgi?id=1253088 * https://bugzilla.suse.com/show_bug.cgi?id=1259635 * https://bugzilla.suse.com/show_bug.cgi?id=1259928 * https://bugzilla.suse.com/show_bug.cgi?id=1259931 * https://bugzilla.suse.com/show_bug.cgi?id=1261186 . An important security update for SUSE addressing multiple vulnerabilities in libarchive including DoS and information disclosure issues.. SUSE security update, libarchive vulnerabilities, SUSE Linux Micro patch, libarchive security advisory, important SUSE update. . Severity: Important. LinuxSecurity.com Team
Jun 25, 2026
•Important
SuSE
100
security advisorydenial of serviceSuSESUSE google-osconfig-agent Important Denial of Service Vuln 2026-22249-1
An update that solves 22 vulnerabilities can now be installed.. # Security update for google-osconfig-agent Announcement ID: SUSE-SU-2026:22249-1 Release Date: 2026-06-22T09:08:13Z Rating: important References: * bsc#1210938 * bsc#1251453 * bsc#1251704 * bsc#1260264 * bsc#1262926 * bsc#1264923 * bsc#1265762 * bsc#1266171 * bsc#1266603 Cross-References: * CVE-2023-45288 * CVE-2025-22868 * CVE-2025-47911 * CVE-2025-58190 * CVE-2026-33186 * CVE-2026-33814 * CVE-2026-34986 * CVE-2026-39821 * CVE-2026-39827 * CVE-2026-39828 * CVE-2026-39829 * CVE-2026-39830 * CVE-2026-39831 * CVE-2026-39832 * CVE-2026-39833 * CVE-2026-39834 * CVE-2026-39835 * CVE-2026-41506 * CVE-2026-42508 * CVE-2026-46595 * CVE-2026-46597 * CVE-2026-46598 CVSS scores: * CVE-2023-45288 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2023-45288 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2023-45288 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-22868 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-22868 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-22868 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-47911 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2025-47911 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2025-47911 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2025-47911 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2025-58190 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2025-58190 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2025-58190 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2025-58190 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-33186 ( SUSE ): 8.6 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-33186 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N * CVE-2026-33186 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N * CVE-2026-33814 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-33814 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-33814 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-34986 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-34986 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-34986 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-39821 ( SUSE ): 9.1 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-39821 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N * CVE-2026-39821 ( NVD ): 9.6 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N * CVE-2026-39827 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-39827 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-39827 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-39828 ( SUSE ): 8.6 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-39828 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N * CVE-2026-39828 ( NVD ): 6.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L * CVE-2026-39829 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-39829 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-39829 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-39830 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-39830 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-39830 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H * CVE-2026-39831 ( SUSE ): 8.6 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-39831 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N * CVE-2026-39831 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N * CVE-2026-39832 ( SUSE ): 6.2 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N * CVE-2026-39832 ( SUSE ): 8.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N * CVE-2026-39832 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N * CVE-2026-39833 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-39833 ( SUSE ): 7.7 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N * CVE-2026-39833 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N * CVE-2026-39834 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-39834 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-39834 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H * CVE-2026-39835 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-39835 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-39835 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-41506 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-41506 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N * CVE-2026-41506 ( NVD ): 4.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N * CVE-2026-41506 ( NVD ): 7.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N * CVE-2026-42508 ( SUSE ): 8.6 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-42508 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N * CVE-2026-42508 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N * CVE-2026-46595 ( SUSE ): 8.6 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-46595 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N *CVE-2026-46595 ( NVD ): 10.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L * CVE-2026-46597 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-46597 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-46597 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-46598 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-46598 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-46598 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Products: * SUSE Linux Micro 6.1 An update that solves 22 vulnerabilities can now be installed. ## Description: This update for google-osconfig-agent fixes the following issues * CVE-2023-45288: golang.org/x/net/http2: close connections when receiving too many headers. * CVE-2025-47911: golang.org/x/net/html: various algorithms with quadratic complexity when parsing HTML documents (bsc#1251453). * CVE-2025-58190: golang.org/x/net/html: excessive memory consumption by `html.ParseFragment` when processing specially crafted input (bsc#1251704). * CVE-2026-33186: google.golang.org/grpc: authorization bypass due to improper validation of the HTTP/2 :path pseudo- header (bsc#1260264). * CVE-2026-33814: golang.org/x/net/http2: infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE (bsc#1265762). * CVE-2026-34986: github.com/go-jose/go-jose/v4: crafted JWE input with a missing encrypted key can lead to a denial of service (bsc#1262926). * CVE-2026-39821: golang.org/x/net/idna: failure to reject ASCII-only Punycode-encoded labels allows for validation bypass and privilege escalation (bsc#1266603). * CVE-2026-39827: Invoking memory leak when rejecting channels can lead to DoS in golang.org/x/crypto/ssh (bsc#1266171). * CVE-2026-39828: Invoking bypass of certificate restrictions in golang.org/x/crypto/ssh (bsc#1266171). * CVE-2026-39829:Invoking pathological RSA/DSA parameters may cause DoS in golang.org/x/crypto/ssh (bsc#1266171). * CVE-2026-39830: Invoking client can cause server deadlock on unexpected responses in golang.org/x/crypto/ssh (bsc#1266171). * CVE-2026-39831: Invoking bypass of FIDO/U2F security keys physical interaction in golang.org/x/crypto/ssh (bsc#1266171). * CVE-2026-39832: Invoking agent constraints dropped when forwarding keys in golang.org/x/crypto/ssh/agent (bsc#1266171). * CVE-2026-39833: Invoking key constraints not enforced in golang.org/x/crypto/ssh/agent (bsc#1266171). * CVE-2026-39834: Invoking infinite loop on large channel writes in golang.org/x/crypto/ssh (bsc#1266171). * CVE-2026-39835: Invoking server panic during CheckHostKey/Authenticate in golang.org/x/crypto/ssh (bsc#1266171). * CVE-2026-42508: Invoking auth bypass via unenforced @revoked status in golang.org/x/crypto/ssh/knownhosts (bsc#1266171). * CVE-2026-46595: Invoking VerifiedPublicKeyCallback permissions skip enforcement in golang.org/x/crypto/ssh (bsc#1266171). * CVE-2026-46597: Invoking byte arithmetic causes underflow and panic in golang.org/x/crypto/ssh (bsc#1266171). * CVE-2026-46598: Invoking pathological inputs can lead to client panic in golang.org/x/crypto/ssh/agent (bsc#1266171). * CVE-2026-41506: github.com/go-git/go-git/v5: HTTP authentication credential leak when following redirects during smart-HTTP clone and fetch operations (bsc#1264923). Changes for google-osconfig-agent: * Update to version 20260615.01 * Upgrade golang.org/x/crypto & golang.org/x/net (#1006) * from version 20260615.00 * Add unit tests for ospatch_apt_upgrade.go (#938) * Update to version 20260611.00 * Add unit tests for policies/policies.go PART 5 (#998) * from version 20260610.00 * Add unit tests for policies/policies.go PART 4 (#997) * from version 20260609.02 * squash commits (#936) * from version 20260609.01 * Add unit tests for policies/policies.go PART 3(#996) * from version 20260609.00 * Add unit tests for policies/policies.go PART 2 (#991) * from version 20260602.01 * Align format of dates and timestamp collected across Windows packages (#973) * from version 20260602.00 * Add unit tests for config/config,go (#979) * from version 20260528.00 * Bump github.com/containerd/containerd (#990) * from version 20260521.00 * Cover agentconfig functionality by unit tests (#925) * from version 20260520.04 * Add unit tests for policies/googet.go (#961) * Bump github.com/go-git/go-git/v5 (#987) * from version 20260520.02 * Add unit tests for policies/yum.go (#952) * Add unit tests for policies/apt.go PART 3 (#951) * from version 20260520.00 * Add unit tests for policies/zypper.go (#953) * from version 20260519.00 * Add unit tests for policies/policies.go PART 1 (#949) * from version 20260513.01 * Bump github.com/go-git/go-git/v5 (#981), this also updates golang.org/x/net to v0.53.0 (bsc#1265762, CVE-2026-33814) * from version 20260513.00 * upgrade a few packages (#980) * from version 20260512.02 * Add/improve unit tests for agentendpoint/exec_task.go (#933) * from version 20260512.01 * Cover google_update.go by unit tests (#941) * from version 20260512.00 * Change zone for arm64 builds because of stockout (#978) * Update to version 20260511.00 * switch to t2a-standard-2 on ARM package build (#977) * from version 20260505.03 * Cover zypper_patch by unit tests (#958) * from version 20260505.02 * Remove unused functions DisableAutoUpdates (#970) * from version 20260505.01 * Bump go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc (#966) * from version 20260505.00 * Upgrade a few dependencies across the repo (#968) * github.com/go-git/go-git/v5 5.16.2-> 5.18.0 (bsc#1264923, CVE-2026-41506) * github.com/go-jose/go-jose/v4 4.1.3-> 4.1.4 (bsc#1262926, CVE-2026-34986) * github.com/go-viper/mapstructure/v2 2.3.0-> 2.4.0 * go.opentelemetry.io/otel 1.40.0->1.41.0 * go.opentelemetry.io/otel/sdk 1.39.0-> 1.43.0 * from version 20260504.01 * bump github.com/docker/cli to 29.2.0 (#962) * from version 20260504.00 * Bump github.com/opencontainers/selinux (#960) * Update to version 20260428.00 * Add/improve unit tests for agentendpoint/agentendpoint.go (#930) * from version 20260427.03 * Cover config/file.go by unit tests (#935) * from version 20260422.01 * Cover patch_linux.go by unit tests (#932) * from version 20260422.00 * upgrade grpc package in main package and e2e tests (#959) (bsc#1260264, CVE-2026-33186) * from version 20260417.04 * Bump OSV-Scalibr version to v0.4.3 (#956) * from version 20260417.03 * Add unit tests for updates_linux.go (#937) * from version 20260417.02 * Add zone to CreateDisk step (#955) * from version 20260417.01 * Change disk type for deb11 (#954) * from version 20260417.00 * Add unit tests for policies/apt.go PART 1 (#950) * from version 20260410.02 * Add unit tests for packages/pty_linux.go (#943) * from version 20260410.01 * fix disk type for arm workflows (#948) * from version 20260410.00 * Change machine type for arm based workflows (#946) * Update to version 20260330.00 * bump timeouts for all workflows (#940) * from version 20260326.00 * Cover exec_resource.go by unit tests (#934) * from version 20260318.00 * Integrate OSConfig agent with ReportVmInventory (#923) * from version 20260313.02 * remove cacheonly flag from yum upgrade (#924) * from version 20260313.01 * conditions python version override (#927) * from version 20260313.00 * Fix presubmits by explicitly set python version for rpm based systems (#926) * from version 20260311.00 * Bump osconfig version (#922) * from version 20260309.02 * Extend OSV scalibr extractor (#921) * from version 20260309.01 * upgrade golang.org/x/crypto and it's transitive deps (#918) * from version 20260309.00 * Add purl to pkg info (#920) * from version 20260306.00 * Add 'Type' field to PkgInfo(#919) * from version 20260303.01 * Upgrade go.opentelemetry.io/otel/sdk (#913) * from version 20260303.00 * Bump github.com/vbatts/tar-split from 0.11.5 to 0.12.2 (#908) * from version 20260302.00 * Bump github.com/spdx/tools-golang from 0.5.3 to 0.5.7 (#906) * from version 20260126.00 * Bump go.opentelemetry.io/otel/sdk from 1.38.0 to 1.39.0 (#905) * Bump github.com/sirupsen/logrus (#894) * Update to version 20260119.00 * Bump cloud.google.com/go/storage from 1.56.0 to 1.58.0 (#899) * Update to version 20251230.00 * chore: Migrate gsutil usage to gcloud storage (#904) * from version 20251223.00 * fix e2e tests for report inventory (#903) * from version 20251222.01 * Revert "Bump cloud.google.com/go/longrunning from 0.6.3 to 0.7.0 (#882)" (#902) * from version 20251222.00 * Bump golang to the new version (#900) * from version 20251218.00 * add new CODEOWNERS (#901) * from version 20251217.00 * Bump cloud.google.com/go/longrunning from 0.6.3 to 0.7.0 (#882) * Bump the golang compiler version to 1.24.5 * Update to version 20251202.00 * Revert "Bump github.com/spdx/tools-golang from 0.5.3 to 0.5.5 (#887)" (#893) * Update to version 20251201.00 * Revert "Bump github.com/containerd/containerd (#890)" (#892) * Update to version 20251126.00 * Bump github.com/containerd/containerd (#890) * Bump github.com/spdx/tools-golang from 0.5.3 to 0.5.5 (#887) * Update to version 20251028.00 * Bump go.opentelemetry.io/otel/sdk/metric from 1.35.0 to 1.38.0 (#886) * Bump github.com/tidwall/pretty from 1.2.0 to 1.2.1 (#880) * from version 20251023.02 * Create multiple_os.yaml (#883) * from version 20251023.00 * Bump github.com/docker/go-connections from 0.4.0 to 0.6.0 (#877) * Add test runner for e2e tests (#876) * Update to version 20250925.00 * Bump cloud.google.com/go/auth/oauth2adapt from 0.2.7 to 0.2.8 (#870) * Bump google.golang.org/protobuf from 1.36.6 to 1.36.9 (#874) * Bump go.opentelemetry.io/otel from 1.35.0 to 1.38.0 (#872) * Bumpgithub.com/golang/glog from 1.2.4 to 1.2.5 (#830) * Update to version 20250902.01 * Bump github.com/googleapis/enterprise-certificate-proxy (#829) * from version 20250902.00 * update github.com/go-jose/go-jose/v4 (#869) * Upgrade scalibr and other deps (#866) * from version 20250901.00 * Fix possibility of path traversal for zip and tar archival (#868) * from version 20250825.00 * set CODEOWNERS file as required by org (#863) * from version 20250819.00 * Fix/rhel10 build centos image (#860) * from version 20250814.00 * Fix/rhel10 build image (#859) * from version 20250813.00 * Fix: Add RHEL 10 support to RPM startup script (#858) * from version 20250811.00 * Remove old/sles-15-sp4-sap as image is deprecated (#857) * Update to version 20250806.00 * Fixed JSON identifier for the universe domain (#855) * from version 20250729.00 * Bump github.com/google/s2a-go from 0.1.8 to 0.1.9 (#828) * from version 20250725.02 * Update utils.go (#854) * Upgrade golang.org/x/oauth2 package to the latest. (#853) * Bump golang.org/x/time from 0.9.0 to 0.12.0 (#839) * from version 20250725.01 * Bump golang.org/x/oauth2 (#848) * Port fix for debian 11 to goo package manager. (#852) * from version 20250725.00 * Update Golang version in common.sh and skip backports repo for debian 11 (#850) * from version 20250723.01 * Add workflows to build package for el10 (#849) * from version 20250721.00 * Make OS Config agent TPC aware (#846) * from version 20250718.00 * Create workflows for new Debian 13. (#847) * Update to version 20250703.00 * Fix sles images (#844) * from version 20250702.00 * Remove rhel-sap 8-4 add rhel-sap 8-10 (#843) * from version 20250701.00 * Bump the go_modules group across 1 directory with 2 updates (#840) * Update to version 20250606.00 * Change base docker images Google's official base images. (#838) * Update to version 20250523.01 * Add a simple no-op OS policy for user testing (#837) * from version 20250523.00 *Introduce scalibr inventory extractor for dpkg/rpm/cos os/filesystem extractors (linux) (#834) * Trace GetInstalledPackages memory levels (#835) * from version 20250520.00 * Update to version 20250513.00 * Fix rpm extractor, handle (none) value correctly. (#833) * from version 20250512.01 * Bump github.com/envoyproxy/go-control-plane from 0.13.1 to 0.13.4 (#816) * from version 20250512.00 * Bump golang.org/x/net from 0.39.0 to 0.40.0 (#819) * from version 20250508.01 * cosmetic refactoring to osinfo package (#826) * from version 20250508.00 * Refactor /inventory with dependency injection (#825) * Add debian, ubuntu (InstalledDebPackages) snapshots (#821) * cover packages_linux.go file with tests (#824) * Add debian (10,11,12) GetPackageUpdates output snapshots (#822) * from version 20250507.00 * Add InstalledRPMPackages snapshot tests (#823) * from version 20250506.02 * Yum tests: simplify initialization of exit errors (#820) * from version 20250506.01 * Improve test coverage for gem package manager (#818) * from version 20250506.00 * after go/x/crypto update 0.32.0 -> 0.37.0 (#817) * from version 20250505.01 * Improve packages package coverage (#814) * Bump golang.org/x/net from 0.34.0 to 0.39.0 (#807) * from version 20250505.00 * Bump golang.org/x/crypto from 0.32.0 to 0.37.0 (#806) * from version 20250430.00 * Snapshot YumUpdates (GetPackageUpdates) output (#813) * from version 20250428.00 * Snapshot ZypperPatches, ZypperUpdates (GetPackageUpdates) output for sles 12, 15 testdata (#812) * from version 20250423.00 * Introduce MatchSnapshot large test results matcher function, snapshot apt- deb GetPackageUpdates (#811) * from version 20250416.02 ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.1 zypper in -t patch SUSE-SLE-Micro-6.1-587=1 ##Package List: * SUSE Linux Micro 6.1 (aarch64) * google-osconfig-agent-20260615.01-slfo.1.1_1.1 * google-osconfig-agent-debuginfo-20260615.01-slfo.1.1_1.1 ## References: * https://www.suse.com/security/cve/CVE-2023-45288.html * https://www.suse.com/security/cve/CVE-2025-22868.html * https://www.suse.com/security/cve/CVE-2025-47911.html * https://www.suse.com/security/cve/CVE-2025-58190.html * https://www.suse.com/security/cve/CVE-2026-33186.html * https://www.suse.com/security/cve/CVE-2026-33814.html * https://www.suse.com/security/cve/CVE-2026-34986.html * https://www.suse.com/security/cve/CVE-2026-39821.html * https://www.suse.com/security/cve/CVE-2026-39827.html * https://www.suse.com/security/cve/CVE-2026-39828.html * https://www.suse.com/security/cve/CVE-2026-39829.html * https://www.suse.com/security/cve/CVE-2026-39830.html * https://www.suse.com/security/cve/CVE-2026-39831.html * https://www.suse.com/security/cve/CVE-2026-39832.html * https://www.suse.com/security/cve/CVE-2026-39833.html * https://www.suse.com/security/cve/CVE-2026-39834.html * https://www.suse.com/security/cve/CVE-2026-39835.html * https://www.suse.com/security/cve/CVE-2026-41506.html * https://www.suse.com/security/cve/CVE-2026-42508.html * https://www.suse.com/security/cve/CVE-2026-46595.html * https://www.suse.com/security/cve/CVE-2026-46597.html * https://www.suse.com/security/cve/CVE-2026-46598.html * https://bugzilla.suse.com/show_bug.cgi?id=1210938 * https://bugzilla.suse.com/show_bug.cgi?id=1251453 * https://bugzilla.suse.com/show_bug.cgi?id=1251704 * https://bugzilla.suse.com/show_bug.cgi?id=1260264 * https://bugzilla.suse.com/show_bug.cgi?id=1262926 * https://bugzilla.suse.com/show_bug.cgi?id=1264923 * https://bugzilla.suse.com/show_bug.cgi?id=1265762 * https://bugzilla.suse.com/show_bug.cgi?id=1266171 * https://bugzilla.suse.com/show_bug.cgi?id=1266603 . Update resolves 22 critical issues in google-osconfig-agent for SUSE Linux Micro 6.1, enhancingsecurity and stability.. SUSE Linux Micro 6.1, google-osconfig-agent, important patch, security update. . Severity: Important. LinuxSecurity.com Team
Jun 25, 2026
•Important
SuSE
89
security advisoryunauthorized accessfedoraFedora 43 Goose Critical DNS Rebinding Threat Fix 2026-08bb036c3e
Update goose to 1.36.0. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-08bb036c3e 2026-06-25 16:24:07.917328+00:00 -------------------------------------------------------------------------------- Name : goose Product : Fedora 43 Version : 1.36.0 Release : 1.fc43 URL : https://github.com/block/goose Summary : Extensible AI agent client Description : Goose is your on-machine AI agent, capable of automating complex development tasks from start to finish. More than just code suggestions, goose can build entire projects from scratch, write and execute code, debug failures, orchestrate workflows, and interact with external APIs - autonomously. Whether you're prototyping an idea, refining existing code, or managing intricate engineering pipelines, goose adapts to your workflow and executes tasks with precision. Designed for maximum flexibility, goose works with any LLM and supports multi-model configuration to optimize performance and cost, seamlessly integrates with MCP servers, and is available as both a desktop app as well as CLI - making it the ultimate AI assistant for developers who want to move faster and focus on innovation. -------------------------------------------------------------------------------- Update Information: Update goose to 1.36.0 -------------------------------------------------------------------------------- ChangeLog: * Wed Jun 17 2026 Sam Doran - 1.36.0-1 - Update goose to 1.36.0 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2477786 - CVE-2026-42559 goose: rmcp: Unauthorized access to MCP server via DNS rebinding vulnerability [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2477786 [ 2 ] Bug #2477787 - CVE-2026-42559 goose: rmcp: Unauthorized access to MCP server via DNS rebinding vulnerability [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2477787 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-08bb036c3e' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Jun 25, 2026
•Critical
Fedora
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
Does sandboxing completely stop hackers?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!