RLSA-2026:19352 Important: grafana security update

Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Security Fixes: grafana: Grafana: Information disclosure of data-source passwords via public dashboards CVE-2026-27877 golang: internal/syscall/unix: Root.Chmod can follow symlinks out of...

RockyLinux 9 : git-lfs (RLSA-2026:19350)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:19350 advisory. net/url: Incorrect parsing of IPv6 host literals in net/url CVE-2026-25679 golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root...

RockyLinux 9 : grafana (RLSA-2026:19352)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:19352 advisory. grafana: Grafana: Information disclosure of data-source passwords via public dashboards CVE-2026-27877 golang: internal/syscall/unix: Root.Chmod can...

golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root

A flaw was found in the internal/syscall/unix package in the Go standard library. If the target of the Root.Chmod function is replaced with a symbolic link during execution, specifically after Root.Chmod checks the target but before acting, the chmod operation will be performed on the file the...

Important: golang-github-burntsushi-toml

Issue Overview: net/http: memory exhaustion in Request.ParseForm CVE-2025-61726 archive/zip: denial of service when parsing arbitrary ZIP archives CVE-2025-61728 Within HostnameError.Error, when constructing an error string, there is no limit to the number of hosts that will be printed out...

Important: amazon-cloudwatch-agent

Issue Overview: Arithmetic over induction variables in loops were not correctly checked for underflow or overflow in the Go compiler cmd/compile. As a result, the compiler would allow for invalid indexing to occur at runtime, potentially leading to memory corruption in programs compiled with...

Alibaba Cloud Linux 3 : 0134: git-lfs (ALINUX3-SA-2026:0134)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2026:0134 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2026-25679: url.Parse insufficiently...

golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root

A flaw was found in the internal/syscall/unix package in the Go standard library. If the target of the Root.Chmod function is replaced with a symbolic link during execution, specifically after Root.Chmod checks the target but before acting, the chmod operation will be performed on the file the...

golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root

A flaw was found in the internal/syscall/unix package in the Go standard library. If the target of the Root.Chmod function is replaced with a symbolic link during execution, specifically after Root.Chmod checks the target but before acting, the chmod operation will be performed on the file the...

Important: Red Hat Security Advisory: osbuild-composer security update

An update for osbuild-composer is now available for Red Hat Enterprise Linux 10.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

Important: Red Hat Security Advisory: opentelemetry-collector security update

An update for opentelemetry-collector is now available for Red Hat Enterprise Linux 9.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, ...

golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root

A flaw was found in the internal/syscall/unix package in the Go standard library. If the target of the Root.Chmod function is replaced with a symbolic link during execution, specifically after Root.Chmod checks the target but before acting, the chmod operation will be performed on the file the...

golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root

A flaw was found in the internal/syscall/unix package in the Go standard library. If the target of the Root.Chmod function is replaced with a symbolic link during execution, specifically after Root.Chmod checks the target but before acting, the chmod operation will be performed on the file the...

Important: Red Hat Security Advisory: opentelemetry-collector security update

An update for opentelemetry-collector is now available for Red Hat Enterprise Linux 9.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, ...

golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root

A flaw was found in the internal/syscall/unix package in the Go standard library. If the target of the Root.Chmod function is replaced with a symbolic link during execution, specifically after Root.Chmod checks the target but before acting, the chmod operation will be performed on the file the...

golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root

A flaw was found in the internal/syscall/unix package in the Go standard library. If the target of the Root.Chmod function is replaced with a symbolic link during execution, specifically after Root.Chmod checks the target but before acting, the chmod operation will be performed on the file the...

golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root

A flaw was found in the internal/syscall/unix package in the Go standard library. If the target of the Root.Chmod function is replaced with a symbolic link during execution, specifically after Root.Chmod checks the target but before acting, the chmod operation will be performed on the file the...

Amazon Linux 2023 : amazon-ecr-credential-helper (ALAS2023-2026-1645)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1645 advisory. Arithmetic over induction variables in loops were not correctly checked for underflow or overflow in the Go compiler cmd/compile. As a result, the compiler would allow for invalid indexing to...

RHEL 10 : osbuild-composer (RHSA-2026:19750)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:19750 advisory. A service for building customized OS artifacts, such as VM images and OSTree commits, that uses osbuild under the hood. Besides building...

Amazon Linux 2023 : runfinch-finch (ALAS2023-2026-1671)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1671 advisory. SSH clients receiving SSHAGENTSUCCESS when expecting a typed response will panic and cause early termination of the client process. CVE-2025-47913 Arithmetic over induction variables in loops...