golang: archive/tar: Unbounded allocation when parsing GNU sparse map

A flaw was found in the archive/tar package in the Go standard library. tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A specially crafted tar archive with a pax header indicating a big number of sparse regions can cause a Go...

golang: archive/tar: Unbounded allocation when parsing GNU sparse map

A flaw was found in the archive/tar package in the Go standard library. tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A specially crafted tar archive with a pax header indicating a big number of sparse regions can cause a Go...

RHEL 9 : buildah (RHSA-2025:22011)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:22011 advisory. The buildah package provides a tool for facilitating building OCI container images. Among other things, buildah enables you to: Create a...

ALSA-2025:22011 Important: buildah security update

The buildah package provides a tool for facilitating building OCI container images. Among other things, buildah enables you to: Create a working container, either from scratch or using an image as a starting point; Create an image, either from a working container or using the instructions in a...

Photon OS 5.0: Gdb PHSA-2025-5.0-0648

An update of the gdb package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2025-5.0-0648. The text itself is copyright C VMware, Inc. include'compat.inc'; if description scriptid27671...

ALSA-2025:22012 Important: buildah security update

The buildah package provides a tool for facilitating building OCI container images. Among other things, buildah enables you to: Create a working container, either from scratch or using an image as a starting point; Create an image, either from a working container or using the instructions in a...

delve and golang security update

An update is available for golang, delve. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The Go Programming Language. Security Fixes: golang: archive/tar:...

golang: archive/tar: Unbounded allocation when parsing GNU sparse map

A flaw was found in the archive/tar package in the Go standard library. tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A specially crafted tar archive with a pax header indicating a big number of sparse regions can cause a Go...

golang: archive/tar: Unbounded allocation when parsing GNU sparse map

A flaw was found in the archive/tar package in the Go standard library. tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A specially crafted tar archive with a pax header indicating a big number of sparse regions can cause a Go...

Moderate: Red Hat Security Advisory: delve and golang security update

An update for multiple packages is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

golang: archive/tar: Unbounded allocation when parsing GNU sparse map

A flaw was found in the archive/tar package in the Go standard library. tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A specially crafted tar archive with a pax header indicating a big number of sparse regions can cause a Go...

SUSE CVE-2025-54771

A use-after-free vulnerability has been identified in the GNU GRUB Grand Unified Bootloader. The flaw occurs because the file-closing process incorrectly retains a memory pointer, leaving an invalid reference to a file system structure. An attacker could exploit this vulnerability to cause grub t...

Moderate: Red Hat Security Advisory: golang security update

An update for golang is now available for Red Hat Enterprise Linux 10.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

TencentOS Server 4: binutils (TSSA-2025:0852)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2025:0852 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...

TencentOS Server 4: gsl (TSSA-2025:0302)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0302 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

TencentOS Server 3: wget (TSSA-2024:0395)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2024:0395 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...

TencentOS Server 2: emacs (TSSA-2023:0127)

The version of Tencent Linux installed on the remote TencentOS Server 2 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2023:0127 advisory. Package updates are available for TencentOS Server 2 that fix the following vulnerabilities:...

RHEL 10 : golang (RHSA-2025:21779)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:21779 advisory. The golang packages provide the Go programming language compiler. Security Fixes: golang: archive/tar: Unbounded allocation when parsing GNU sparse...

TencentOS Server 4: gnupg2 (TSSA-2025:0283)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0283 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

Moderate: delve and golang security update

The Go Programming Language. Security Fixes: golang: archive/tar: Unbounded allocation when parsing GNU sparse map CVE-2025-58183 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE pages listed in the...