openSUSE amazon-ecs-init Key DoS Privilege Escalation Fixes 2026-21013-1
opensuse
June 30, 2026
An update that solves 2 vulnerabilities and has 2 bug fixes can now be installed.
Description
This update for amazon-ecs-init fixes the following issues
Update to version 1.103.2:
- CVE-2026-33814: golang.org/x/net/http2: infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE
(bsc#1265843).
- CVE-2026-39821: golang.org/x/net/idna: failure to reject ASCII-only Punycode-encoded labels allows for validation
bypass and privilege escalation (bsc#1266652).
Changes:
* Enhancement - Bump github.com/aws/aws-sdk-go-v2/service/fsx from
1.53.1 to 1.65.10 in /agent (#4966)
* Enhancement - Add semgrep security scan for command injection (#4959)
* Enhancement - Bump golang.org/x/tools from 0.39.0 to 0.45.0 in
/ecs-agent (#4965), also updates x/net to 0.54.0 (bsc#1266652, CVE-2026-39821)
* Enhancement - Add integration test for credential refresher (#4961)
* Enhancement - Bump golang.org/x/tools from 0.42.0 to 0.45.0 in /agent (#4873)
* Enhancement - Update Go version to 1.25.10 (#4960)
* Enhancement - Bump go.etcd.io/bbolt from 1.3.9 to 1.4.3 in /ecs-agent...
Read the Full Advisory
Patch
Package List
- openSUSE Leap 16.0:
amazon-ecs-init-1.103.2-160000.1.1
References
* bsc#1265843
* bsc#1266652
References:
* https://www.suse.com/security/cve/CVE-2026-33814.html
* https://www.suse.com/security/cve/CVE-2026-39821.html
PREVIOUS
NEXT
Severity
important
Lowest
Low
Medium
High
Critical
Announcement ID: openSUSE-SU-2026:21013-1
Rating: important
Affected Products:
openSUSE Leap 16.0
-------------------------------------------------------------
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!