image-builder security update

An update is available for image-builder. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list A local binary for building customized OS artifacts such as VM images a...

Important: Red Hat Security Advisory: rhc security update

An update for rhc is now available for Red Hat Enterprise Linux 10.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for ea...

Astra Linux - уязвимость в golang-1.19, golang-1.23

Canceling a query for example, by canceling the context passed to one of the query methods during a call to the Scan method of the returned Rows can lead to unexpected results if other queries are being executed in parallel. This can cause a race condition, which may overwrite the expected result...

RHEL 9 : grafana-pcp (RHSA-2026:19351)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:19351 advisory. The Grafana plugin for Performance Co-Pilot includes datasources for scalable time series from pmseries and Redis, live PCP metrics and...

ROS-20260507-73-0012

Vulnerability in golang related to unrestricted resource allocation. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...

Google Go 安全漏洞

Google Go is a static, strongly typed, compiled, concurrent programming language with garbage collection features from the American company Google. There is a security vulnerability in Google Go; this vulnerability arises from parsing email addresses according to RFC 5322. Pathological inputs may...

RHCOS 4 : OpenShift Container Platform 4.6.6 (RHSA-2020:5159)

The remote Red Hat Enterprise Linux CoreOS 4 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2020:5159 advisory. - golang: ReadUvarint and ReadVarint can read an unlimited number of bytes from invalid inputs CVE-2020-16845 Note that Nessus has not tested...

RHCOS 4 : OpenShift Container Platform 4.8.15 (RHSA-2021:3820)

The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:3820 advisory. - jenkins: improper permission checks allow canceling queue items and aborting builds CVE-2021-21670 - jenkins: session fixation...

crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate

A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the HostnameError.Error function. This flaw, caused by unbounded string concatenation, leads to excessive resource...

ROS-20260430-73-0016

Vulnerability in golang related to errors in certificate authentication procedure. The vulnerability can be exploited remotely...

crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate

A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the HostnameError.Error function. This flaw, caused by unbounded string concatenation, leads to excessive resource...

Google Go 安全漏洞

Google Go is a static, strongly typed, compiled, concurrent programming language with garbage collection features from the American company Google. There is a security vulnerability in Google Go, which stems from improper context tracking in JavaScript template literals. This can lead to content...

ROS-20260327-73-0016

Vulnerability in golang related to access control flaws. Exploitation of the vulnerability could allow an attacker to escalate his privileges...

crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate

A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the HostnameError.Error function. This flaw, caused by unbounded string concatenation, leads to excessive resource...

EulerOS 2.0 SP11 : golang (EulerOS-SA-2026-1606)

According to the versions of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Parsing a maliciously crafted DER payload could allocate large amounts of memory, causing memory exhaustion.CVE-2025-58185 When Conn.Handshake fai...

AlmaLinux 9 : osbuild-composer (ALSA-2026:3753)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:3753 advisory. crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate CVE-2025-61729 golang: archive/zip: Excessive CPU...

RHEL 10 : golang-github-openprinting-ipp-usb (RHSA-2026:3977)

The remote Redhat Enterprise Linux 10 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:3977 advisory. HTTP reverse proxy, backed by IPP-over-USB connection to device. It enables driverless support for USB devices capable of using IPP-over-US...

GO-2026-4403 Improper access to parent directory of root in os

It was possible to improperly access the parent directory of an os.Root by opening a filename ending in "../". For example, Root.Open"../" would open the parent directory of the Root. This escape only permits opening the parent directory itself, not ancestors of the parent or files contained with...

Security Bulletin: A vulnerability in Go affects IBM Robotic Process Automation for Cloud Pak and may result in tags incorrectly marked as self-closing (CVE-2025-22872).

Summary A vulnerability in Go affects IBM Robotic Process Automation for Cloud Pak and may result in tags incorrectly marked as self-closing. Go is used by IBM Robotic Process Automation for Cloud Pak as part of its deployment. This bulletin identifies the fixes required to resolve the...

Security Bulletin: HTTP request smuggling vulnerability in Go net/http due to improper LF handling in chunked encoding, affects watsonx.data

Summary The net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines. This can permit request smuggling if a net/http server is used in conjunction with a server that incorrectly accepts a bare LF as part of a chunk-ext. This could affect watsonx.data...