Red Hat Security Advisory: Logging for Red Hat OpenShift - 6.4.6
🔗 CVE IDs covered (10)
📋 Description
CVE-2026-25681 — golang.org/x/net/html: golang.org/x/net/html: Arbitrary code execution via Cross-Site Scripting CVE-2026-32285 — github.com/buger/jsonparser: github.com/buger/jsonparser: Denial of Service via malformed JSON input CVE-2026-33186 — google.golang.org/grpc/grpc-go: google.golang.org/grpc/authz: gRPC-Go: Authorization bypass due to improper HTTP/2 path validation CVE-2026-33811 — net: golang: Go net package: Denial of Service via long CNAME response in LookupCNAME CVE-2026-33813 — golang.org/x/image: golang: golang.org/x/image: Denial of Service via malformed WEBP image parsing CVE-2026-34986 — github.com/go-jose/go-jose/v3: github.com/go-jose/go-jose/v4: Go JOSE: Denial of Service via crafted JSON Web Encryption (JWE) object CVE-2026-39820 — net/mail: golang: Go net/mail: Denial of Service via crafted email inputs CVE-2026-39821 — golang.org/x/net/idna: golang: golang.org/x/net/idna: Privilege escalation via incorrect Punycode label processing CVE-2026-42154 — github.com/prometheus/prometheus: Prometheus: Denial of Service via uncontrolled memory allocation in remote read endpoint CVE-2026-42499 — net/mail: golang: net/mail: Denial of Service via pathological email address parsing
🔗 References (13)
- selfhttps://access.redhat.com/errata/RHSA-2026:34364
- externalhttps://access.redhat.com/security/cve/CVE-2026-25681
- externalhttps://access.redhat.com/security/cve/CVE-2026-32285
- externalhttps://access.redhat.com/security/cve/CVE-2026-33186
- externalhttps://access.redhat.com/security/cve/CVE-2026-33811
- externalhttps://access.redhat.com/security/cve/CVE-2026-33813
- externalhttps://access.redhat.com/security/cve/CVE-2026-34986
- externalhttps://access.redhat.com/security/cve/CVE-2026-39820
- externalhttps://access.redhat.com/security/cve/CVE-2026-39821
- externalhttps://access.redhat.com/security/cve/CVE-2026-42154
- externalhttps://access.redhat.com/security/cve/CVE-2026-42499
- externalhttps://access.redhat.com/security/updates/classification/
- selfhttps://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_34364.json