High7.5Red Hat & Ubuntu Linux
Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages
CVE-2026-32283 Published Apr 8, 2026
CVE-2026-32283
Affected products & platforms
Red Hat & Ubuntu LinuxUnclassified
Summary
Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages. Red Hat rates this important (CVSS 7.5). Weakness: CWE-764. Affected package(s): rhc, grafana-pcp, skopeo, host-metering, container-tools:rhel8, git-lfs. Resolved in Red Hat advisory RHSA-2026:11507 — update the affected packages (`sudo dnf update`).
Affected versions
- rhc-1:0.2.5-7.el8_10
- grafana-pcp-0:5.1.1-14.el9_7
- grafana-pcp-0:5.1.1-14.el9_6
- skopeo-2:1.22.2-2.el10_2
- host-metering-0:1.4.0-7.el7_9
- container-tools:rhel8-8060020260515174849.ad008a3a
- git-lfs-0:3.4.1-10.el8_10
- buildah-2:1.43.1-2.el9_8
- yggdrasil-worker-forwarder-0:0.0.3-5.el9sat
- git-lfs-0:3.7.1-4.el9_8
- git-lfs-0:3.6.1-2.el9_6.4
- etcd-0:3.4.26-9.5.el9ost
Official advisory · high-confidence parse· fetched 5 hours ago·verify at source
Fixed versions
- RHSA-2026:11507
Official advisory · high-confidence parse· fetched 5 hours ago·verify at source
Mitigation checklist
Recommended fix / mitigation
- Update the affected package(s) to the fixed version shipped in RHSA-2026:11507 (`sudo dnf update` / `yum update`).
Official advisory · high-confidence parse· fetched 5 hours ago·verify at source
Discussion(0)
No comments yet. Share field notes, upgrade gotchas, or questions — verify against the vendor advisory before acting on community advice.
Sign in to join the discussion.