CLSA-2026-1772448804

See a problem?
Import Source
https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/almalinux9.6esu/CLSA-2026-1772448804.json
JSON Data
https://api.osv.dev/v1/vulns/CLSA-2026-1772448804
Upstream
Published
2026-03-02T10:53:28Z
Modified
2026-06-01T00:32:41.765282112Z
Summary
grafana-pcp: Fix of 3 CVEs
Details
  • Rebuild against recent Go compiler
  • CVE-2025-61726: fix net/url excessive memory consumption when parsing large forms with many unique query parameters
  • CVE-2025-61729: fix crypto/x509 certificate verification allowing excessive resource consumption via HostnameError.Error()
  • CVE-2025-68121: fix crypto/tls session resumption succeeding when it should fail due to mutated ClientCAs or RootCAs between handshakes
References

Affected packages

TuxCare:AlmaLinux:9.6 / grafana-pcp

Package

Name
grafana-pcp
Purl
pkg:rpm/tuxcare/grafana-pcp?distro=almalinux-9.6

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.1.1-11.el9_6.tuxcare.els1

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/almalinux9.6esu/CLSA-2026-1772448804.json"