Incorrect enforcement of email constraints in crypto/x509
Summary
Incorrect enforcement of email constraints in crypto/x509. Red Hat rates this important (CVSS 7.5). Weakness: CWE-295. Affected package(s): rhc-worker-playbook, golang1, golang, openshift-gitops, rh-lightspeed-runtimes/runtimes-inventory-rhel9-operator:1.0.2, delve. Resolved in Red Hat advisory RHSA-2026:28047 — update the affected packages (`sudo dnf update`).
- rhc-worker-playbook-0:0.2.3-4.el10_1
- golang1-26-main-1.26.2-1.hum1
- golang-0:1.26.2-1.el9_8
- openshift-gitops-1/dex-rhel9:1776773421
- rh-lightspeed-runtimes/runtimes-inventory-rhel9-operator:1.0.2-1776288486
- delve-0:1.25.2-3.el10_1
- multicluster-globalhub/multicluster-globalhub-agent-rhel9:1773650627
- openshift-gitops-1/dex-rhel8:1776755965
- devworkspace/devworkspace-rhel9-operator:1776457293
- openshift-builds/openshift-builds-waiters-rhel9:1774334066
- web-terminal/web-terminal-exec-rhel9:1776197785
- web-terminal/web-terminal-exec-rhel9:1775672762
Official advisory · high-confidence parse· fetched 2 hours ago·verify at source
- RHSA-2026:28047
Official advisory · high-confidence parse· fetched 2 hours ago·verify at source
Mitigation checklist
- Update the affected package(s) to the fixed version shipped in RHSA-2026:28047 (`sudo dnf update` / `yum update`).
Official advisory · high-confidence parse· fetched 2 hours ago·verify at source
Discussion(0)
No comments yet. Share field notes, upgrade gotchas, or questions — verify against the vendor advisory before acting on community advice.
Sign in to join the discussion.