Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 573
Alerts This Week
Warning Icon 1 573

openSUSE Podman Important DoS Issues Fixed 2026-21244-1

opensuse
Calendar Grey July 8, 2026
Dist Opensuse Esm H88
This security update resolves 20 issues in podman on openSUSE, ensuring system integrity and performance. Recommended action: update.
An update that solves 20 vulnerabilities and has 2 bug fixes can now be installed.

Description

This update for podman fixes the following issues

- CVE-2026-34986: github.com/go-jose/go-jose/v4,github.com/go-jose/go-jose/v3: crafted JWE input with a missing

encrypted key can lead to a denial of service (bsc#1262856).

- CVE-2026-39827: Invoking memory leak when rejecting channels can lead to DoS in golang.org/x/crypto/ssh (bsc#1266125).

- CVE-2026-39828: Invoking bypass of certificate restrictions in golang.org/x/crypto/ssh (bsc#1266125).

- CVE-2026-39829: Invoking pathological RSA/DSA parameters may cause DoS in golang.org/x/crypto/ssh (bsc#1266125).

- CVE-2026-39830: Invoking client can cause server deadlock on unexpected responses in golang.org/x/crypto/ssh

(bsc#1266125).

- CVE-2026-39831: Invoking bypass of FIDO/U2F security keys physical interaction in golang.org/x/crypto/ssh

(bsc#1266125).

- CVE-2026-39832: Invoking agent constraints dropped when forwarding keys in golang.org/x/crypto/ssh/agent

(bsc#1266125).

- CVE-2026-39833: Invoking key constraints not enforced...

Read the Full Advisory

Patch

Package List

- openSUSE Leap 16.0:

podman-5.4.2-160000.5.1

podman-docker-5.4.2-160000.5.1

podman-remote-5.4.2-160000.5.1

podmansh-5.4.2-160000.5.1

References

* bsc#1262856

* bsc#1266125

References:

* https://www.suse.com/security/cve/CVE-2025-22869.html

* https://www.suse.com/security/cve/CVE-2025-47913.html

* https://www.suse.com/security/cve/CVE-2025-47914.html

* https://www.suse.com/security/cve/CVE-2025-52881.html

* https://www.suse.com/security/cve/CVE-2025-6032.html

* https://www.suse.com/security/cve/CVE-2025-9566.html

* https://www.suse.com/security/cve/CVE-2026-34986.html

* https://www.suse.com/security/cve/CVE-2026-39827.html

* https://www.suse.com/security/cve/CVE-2026-39828.html

* https://www.suse.com/security/cve/CVE-2026-39829.html

* https://www.suse.com/security/cve/CVE-2026-39830.html

* https://www.suse.com/security/cve/CVE-2026-39831.html

* https://www.suse.com/security/cve/CVE-2026-39832.html

* https://www.suse.com/security/cve/CVE-2026-39833.html

* https://www.suse.com/security/cve/CVE-2026-39834.html

* https://www.suse.com/security/cve/CVE-2026-39835.html

* https://www.suse.com/security/cve/CVE-2026-42508.html

*...

Read the Full Advisory

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: openSUSE-SU-2026:21244-1
Rating: important
Affected Products: openSUSE Leap 16.0 -------------------------------------------------------------

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.