Security update for google-guest-agent SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2026:20483-1 Final 1 1 2026-02-17T09:37:33Z current 2026-02-17T09:37:33Z 2026-02-17T09:37:33Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for google-guest-agent This update for google-guest-agent fixes the following issues: - CVE-2023-45288: golang.org/x/net/http2: close connections when receiving too many headers (bsc#1236533). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-SLE-Micro-6.1-400 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2026/suse-su-202620483-1/ Link for SUSE-SU-2026:20483-1 https://lists.suse.com/pipermail/sle-security-updates/2026-February/024487.html E-Mail link for SUSE-SU-2026:20483-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1236533 SUSE Bug 1236533 https://www.suse.com/security/cve/CVE-2023-45288/ SUSE CVE CVE-2023-45288 page SUSE Linux Micro 6.1 google-guest-agent-20250116.00-slfo.1.1_2.1 google-guest-agent-20250116.00-slfo.1.1_2.1 as a component of SUSE Linux Micro 6.1 An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed MaxHeaderBytes, no memory is allocated to store the excess headers, but they are still parsed. This permits an attacker to cause an HTTP/2 endpoint to read arbitrary amounts of header data, all associated with a request which is going to be rejected. These headers can include Huffman-encoded data which is significantly more expensive for the receiver to decode than for an attacker to send. The fix sets a limit on the amount of excess header frames we will process before closing a connection. CVE-2023-45288 SUSE Linux Micro 6.1:google-guest-agent-20250116.00-slfo.1.1_2.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2026/suse-su-202620483-1/ https://www.suse.com/security/cve/CVE-2023-45288.html CVE-2023-45288 https://bugzilla.suse.com/1221400 SUSE Bug 1221400