Go crypto/x509: Denial of Service via inefficient certificate chain validation
Summary
Go crypto/x509: Denial of Service via inefficient certificate chain validation. Red Hat rates this moderate (CVSS 5.9). Weakness: CWE-1050. Affected package(s): grafana-pcp, skopeo, host-metering, multicluster-globalhub/multicluster-globalhub-grafana-rhel9:1778867753, openshift-service-mesh/kiali-rhel9:1779520708, quay/quay-rhel9:1779922205. Resolved in Red Hat advisory RHSA-2026:10217 — update the affected packages (`sudo dnf update`).
- grafana-pcp-0:5.1.1-14.el9_6
- skopeo-2:1.22.2-2.el10_2
- host-metering-0:1.4.0-7.el7_9
- multicluster-globalhub/multicluster-globalhub-grafana-rhel9:1778867753
- openshift-service-mesh/kiali-rhel9:1779520708
- quay/quay-rhel9:1779922205
- quay/quay-rhel8:1779822261
- buildah-2:1.43.1-2.el9_8
- openshift-logging/logging-loki-rhel9:1781193075
- yggdrasil-worker-forwarder-0:0.0.3-5.el9sat
- custom-metrics-autoscaler/custom-metrics-autoscaler-adapter-rhel9:1780101236
- compliance/openshift-compliance-operator-bundle:1781605005
Official advisory · high-confidence parse· fetched 4 hours ago·verify at source
- RHSA-2026:10217
Official advisory · high-confidence parse· fetched 4 hours ago·verify at source
Mitigation checklist
- Update the affected package(s) to the fixed version shipped in RHSA-2026:10217 (`sudo dnf update` / `yum update`).
Official advisory · high-confidence parse· fetched 4 hours ago·verify at source
Discussion(0)
No comments yet. Share field notes, upgrade gotchas, or questions — verify against the vendor advisory before acting on community advice.
Sign in to join the discussion.