Fix issues related to MSRC case #110341; update packages per CVE-2026-33186

[adreed-msft]

Description

• Related Links:
• ICM # 31000000567327
• Internal customer report via teams about Trivy reporting the vulnerable package.

Type of Change

• Bug fix
• New feature
• Documentation update required
• Code quality improvement
• Other (describe): Update packages to align with CVE-2026-33186

How Has This Been Tested?

TestMaliciousRelativeSDDLCrashPrevented in sddl/sddlHelper_linux_test.go

[Copilot]

Pull request overview

Addresses MSRC case #110341 / CVE-2026-33186 by hardening Linux SDDL parsing/validation to prevent crashes from maliciously crafted relative security descriptors, and updates several Go dependencies accordingly.

Changes:

• Add uint32 overflow-safe range validation during Linux SDDL parsing to prevent crashes on malformed descriptors.
• Replace panic paths in Linux local SDDL retrieval with returned errors.
• Bump multiple golang.org/x/* and gRPC-related dependencies; add a Linux regression test and update changelog.

Reviewed changes

Copilot reviewed 6 out of 7 changed files in this pull request and generated 4 comments.

Show a summary per file

File	Description
ste/sourceInfoProvider-Local_linux.go	Returns errors instead of panicking when SDDL parsing/sanity checks fail.
sddl/sddlHelper_linux.go	Adds overflow-safe range checks for offsets/lengths when validating/parsing relative security descriptors.
sddl/sddlHelper_linux_test.go	Adds a Linux regression test ensuring malicious offsets don’t crash validation/parsing.
go.mod	Updates vulnerable/transitive dependency versions.
go.sum	Records module checksum updates for dependency bumps.
build-1es-pipeline.yaml	Enables disableNetworkIsolation feature flag for the official 1ES pipeline template.
ChangeLog.md	Documents dependency updates and the Linux SDDL crash fix under 10.32.3.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.