openSUSE mcphost Important Security Update DoS Issues 2026-21120-1
opensuse
June 30, 2026
An update that solves 20 vulnerabilities and has 4 bug fixes can now be installed.
Description
This update for mcphost fixes the following issues
- CVE-2026-25680,CVE-2026-25681,CVE-2026-27136,CVE-2026-42502,CVE-2026-42506: golang.org/x/net/html: multiple issues
when parsing HTML files (bsc#1267109).
- CVE-2026-33814: golang.org/x/net/http2: infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE
(bsc#1265730).
- CVE-2026-39821: golang.org/x/net/idna: failure to reject ASCII-only Punycode-encoded labels allows for validation
bypass and privilege escalation (bsc#1266572).
- CVE-2026-39827: Invoking memory leak when rejecting channels can lead to DoS in golang.org/x/crypto/ssh (bsc#1266145).
- CVE-2026-39828: Invoking bypass of certificate restrictions in golang.org/x/crypto/ssh (bsc#1266145).
- CVE-2026-39829: Invoking pathological RSA/DSA parameters may cause DoS in golang.org/x/crypto/ssh (bsc#1266145).
- CVE-2026-39830: Invoking client can cause server deadlock on unexpected responses in golang.org/x/crypto/ssh
(bsc#1266145).
- CVE-2026-39831:...
Read the Full Advisory
Topics Covered
Patch
Package List
- openSUSE Leap 16.0:
mcphost-0.34.0-160000.2.1
mcphost-bash-completion-0.34.0-160000.2.1
mcphost-fish-completion-0.34.0-160000.2.1
mcphost-zsh-completion-0.34.0-160000.2.1
References
* bsc#1265730
* bsc#1266145
* bsc#1266572
* bsc#1267109
References:
* https://www.suse.com/security/cve/CVE-2026-25680.html
* https://www.suse.com/security/cve/CVE-2026-25681.html
* https://www.suse.com/security/cve/CVE-2026-27136.html
* https://www.suse.com/security/cve/CVE-2026-33814.html
* https://www.suse.com/security/cve/CVE-2026-39821.html
* https://www.suse.com/security/cve/CVE-2026-39827.html
* https://www.suse.com/security/cve/CVE-2026-39828.html
* https://www.suse.com/security/cve/CVE-2026-39829.html
* https://www.suse.com/security/cve/CVE-2026-39830.html
* https://www.suse.com/security/cve/CVE-2026-39831.html
* https://www.suse.com/security/cve/CVE-2026-39832.html
* https://www.suse.com/security/cve/CVE-2026-39833.html
* https://www.suse.com/security/cve/CVE-2026-39834.html
* https://www.suse.com/security/cve/CVE-2026-39835.html
* https://www.suse.com/security/cve/CVE-2026-42502.html
* https://www.suse.com/security/cve/CVE-2026-42506.html
* https://www.suse.com/security/cve/CVE-2026-42508.html
*...
Read the Full Advisory
PREVIOUS
NEXT
Severity
important
Lowest
Low
Medium
High
Critical
Announcement ID: openSUSE-SU-2026:21120-1
Rating: important
Affected Products:
openSUSE Leap 16.0
-------------------------------------------------------------
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!