This update for google-osconfig-agent fixes the following issues
- CVE-2023-45288: golang.org/x/net/http2: close connections when receiving too many headers.
- CVE-2025-47911: golang.org/x/net/html: various algorithms with quadratic complexity when parsing HTML documents
(bsc#1251453).
- CVE-2025-58190: golang.org/x/net/html: excessive memory consumption by `html.ParseFragment` when processing specially
crafted input (bsc#1251704).
- CVE-2026-33186: google.golang.org/grpc: authorization bypass due to improper validation of the HTTP/2 :path pseudo-
header (bsc#1260264).
- CVE-2026-33814: golang.org/x/net/http2: infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE
(bsc#1265762).
- CVE-2026-34986: github.com/go-jose/go-jose/v4: crafted JWE input with a missing encrypted key can lead to a denial of
service (bsc#1262926).
- CVE-2026-39821: golang.org/x/net/idna: failure to reject ASCII-only Punycode-encoded labels allows for validation
bypass and privilege...
Read the Full Advisory- openSUSE Leap 16.0:
google-osconfig-agent-20260615.01-160000.1.1
* bsc#1210938
* bsc#1251453
* bsc#1251704
* bsc#1260264
* bsc#1262926
* bsc#1264923
* bsc#1265762
* bsc#1266171
* bsc#1266603
References:
* https://www.suse.com/security/cve/CVE-2023-45288.html
* https://www.suse.com/security/cve/CVE-2025-22868.html
* https://www.suse.com/security/cve/CVE-2025-47911.html
* https://www.suse.com/security/cve/CVE-2025-58190.html
* https://www.suse.com/security/cve/CVE-2026-33186.html
* https://www.suse.com/security/cve/CVE-2026-33814.html
* https://www.suse.com/security/cve/CVE-2026-34986.html
* https://www.suse.com/security/cve/CVE-2026-39821.html
* https://www.suse.com/security/cve/CVE-2026-39827.html
* https://www.suse.com/security/cve/CVE-2026-39828.html
* https://www.suse.com/security/cve/CVE-2026-39829.html
* https://www.suse.com/security/cve/CVE-2026-39830.html
* https://www.suse.com/security/cve/CVE-2026-39831.html
* https://www.suse.com/security/cve/CVE-2026-39832.html
* https://www.suse.com/security/cve/CVE-2026-39833.html
*...
Read the Full AdvisoryGet the latest Linux and open source security news straight to your inbox.