Important: Red Hat Security Advisory: go-toolset:rhel8 security update

An update for the go-toolset:rhel8 module is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support and Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On. Red Hat Product Security has rated this update as having a security impact of Important. ...

RHEL 8 : go-toolset:rhel8 (RHSA-2026:7876)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:7876 advisory. Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. Security Fixes: cmd/go: cmd/go:...

golang security update

An update is available for golang. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The golang packages provide the Go programming language compiler. Security...

RockyLinux 8 : go-toolset:rhel8 (RLSA-2026:6949)

The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:6949 advisory. cmd/go: cmd/go: Arbitrary file write via malicious pkg-config directive CVE-2025-61731 net/url: Incorrect parsing of IPv6 host literals in net/url...

RockyLinux 9 : golang (RLSA-2026:5942)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:5942 advisory. cmd/go: cmd/go: Arbitrary file write via malicious pkg-config directive CVE-2025-61731 net/url: Incorrect parsing of IPv6 host literals in net/url...

Important: Red Hat Security Advisory: Red Hat OpenShift Service Mesh 3.0.9

Red Hat OpenShift Service Mesh 3.0.9 This update has a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section. Red Hat OpenShift Service Mesh 3.0....

Important: Red Hat Security Advisory: golang security update

An update for golang is now available for Red Hat Enterprise Linux 10.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

RHEL 10 : golang (RHSA-2026:5943)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:5943 advisory. The golang packages provide the Go programming language compiler. Security Fixes: cmd/go: cmd/go: Arbitrary file write via malicious...

Amazon Linux 2 : amazon-ssm-agent, --advisory ALAS2-2026-3207 (ALAS-2026-3207)

The version of amazon-ssm-agent installed on the remote host is prior to 3.3.3883.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3207 advisory. cmd/go: bypass of flag sanitization can lead to arbitrary code execution CVE-2025-61731 cmd/go: unexpected...

ROOT-OS-DEBIAN-13-CVE-2025-61731 CVE-2025-61731 in rootio-golang-1.24 - Patched by Root

Root has patched CVE-2025-61731 in the rootio-golang-1.24 package for Root:Debian:13. Multiple fixed versions available...

openSUSE 16 Security Update : go1.25-openssl (openSUSE-SU-2026:20301-1)

The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20301-1 advisory. - Update to version 1.25.7 jscSLE-18320 - CVE-2025-61730: crypto/tls: handshake messages may be processed at the incorrect encryption level...

OPENSUSE-SU-2026:20308-1 Security update for go1.24-openssl

This update for go1.24-openssl fixes the following issues: - Update to version 1.24.13 jscSLE-18320 - CVE-2025-58189: crypto/tls: ALPN negotiation error contains attacker controlled information. bsc1251255 - CVE-2025-61725: net/mail: excessive CPU consumption in ParseAddress. bsc1251253 -...

Important: Red Hat Security Advisory: Red Hat OpenShift Service Mesh 2.6.14

Red Hat OpenShift Service Mesh 2.6.14 This update has a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section. Red Hat OpenShift Service Mesh...

Medium: amazon-ecr-credential-helper

Issue Overview: net/http: memory exhaustion in Request.ParseForm CVE-2025-61726 archive/zip: denial of service when parsing arbitrary ZIP archives CVE-2025-61728 crypto/tls: handshake messages may be processed at the incorrect encryption level CVE-2025-61730 crypto/tls: Config.Clone copies...

Low: amazon-cloudwatch-agent

Issue Overview: No CVE associated with this advisory Affected Packages: amazon-cloudwatch-agent Issue Correction: Run dnf update amazon-cloudwatch-agent --releasever 2023.10.20260216 or dnf update --advisory ALAS2023-2026-1442 --releasever 2023.10.20260216 to update your system. More information ...

Mageia: Security Advisory (MGASA-2026-0035)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Amazon Linux 2023 : oci-add-hooks (ALAS2023-2026-1405)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1405 advisory. net/http: memory exhaustion in Request.ParseForm CVE-2025-61726 archive/zip: denial of service when parsing arbitrary ZIP archives CVE-2025-61728 crypto/tls: handshake messages may be processe...

Amazon Linux 2 : amazon-ecr-credential-helper, --advisory ALAS2ECS-2026-095 (ALASECS-2026-095)

The version of amazon-ecr-credential-helper installed on the remote host is prior to 0.11.0-3. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2ECS-2026-095 advisory. net/http: memory exhaustion in Request.ParseForm CVE-2025-61726 archive/zip: denial of service whe...

Amazon Linux 2023 : golang, golang-bin, golang-misc (ALAS2023-2026-1381)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1381 advisory. net/http: memory exhaustion in Request.ParseForm CVE-2025-61726 archive/zip: denial of service when parsing arbitrary ZIP archives CVE-2025-61728 crypto/tls: handshake messages may be processe...

Amazon Linux 2023 : captree, libcap, libcap-devel (ALAS2023-2026-1389)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1389 advisory. net/http: memory exhaustion in Request.ParseForm CVE-2025-61726 archive/zip: denial of service when parsing arbitrary ZIP archives CVE-2025-61728 crypto/tls: handshake messages may be processe...