{"id":"CLSA-2026-1772575666","summary":"containernetworking-plugins: Fix of 3 CVEs","details":"- rebuild with newer golang version 1.22.9-1.el9_2.tuxcare.els6 to fix the following CVE\n  - CVE-2025-61729: fix excessive resource consumption when constructing hostname\n    error messages for certificates with many SANs\n  - CVE-2025-61726: limit parsed URL query parameters to mitigate excessive memory\n    consumption during form parsing\n  - CVE-2025-68121: fix TLS session resumption bypass by preventing shared\n    auto-rotated ticket keys in Config and validating full certificate chain expiry","modified":"2026-06-01T00:31:56.643063687Z","published":"2026-05-06T09:14:32Z","upstream":["CVE-2025-61729","CVE-2025-61726","CVE-2025-68121"],"references":[{"type":"ADVISORY","url":"https://errata.tuxcare.com/els_os/almalinux9.2esu/CLSA-2026-1772575666.html"}],"affected":[{"package":{"name":"containernetworking-plugins","ecosystem":"TuxCare:AlmaLinux:9.2","purl":"pkg:rpm/tuxcare/containernetworking-plugins?distro=almalinux-9.2"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:1.2.0-1.el9.tuxcare.els3"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/almalinux9.2esu/CLSA-2026-1772575666.json"}}],"schema_version":"1.7.5"}