3 matches found
Unity Linux 20.1050e / 20.1070e Security Update: golang (UTSA-2026-017392)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017392 advisory. A certificate with a URI which has a IPv6 address with a zone ID may incorrectly satisfy a URI name constraint that applies to the certificate chain. Certificates...
Ubuntu 22.04 LTS / 24.04 LTS / 24.10 : Go vulnerabilities (USN-7574-1)
The remote Ubuntu 22.04 LTS / 24.04 LTS / 24.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7574-1 advisory. Kyle Seely discovered that the Go net/http module did not properly handle sensitive headers during repeated redirects. An attacker...
golang: crypto/x509: crypto/x509: usage of IPv6 zone IDs can bypass URI name constraints
A flaw was found in the crypto/x509 package of the Golang standard library. A certificate with a URI, which has a IPv6 address with a zone ID, may incorrectly satisfy a URI name constraint that applies to the certificate chain. Certificates containing URIs are not permitted in the web PKI; this...