RLSA-2025:23087 Moderate: grafana security update

Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Security Fixes: golang: archive/tar: Unbounded allocation when parsing GNU sparse map CVE-2025-58183 For more details about the security issues, including the impact, a CVSS score,...

golang: archive/tar: Unbounded allocation when parsing GNU sparse map

A flaw was found in the archive/tar package in the Go standard library. tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A specially crafted tar archive with a pax header indicating a big number of sparse regions can cause a Go...

golang: archive/tar: Unbounded allocation when parsing GNU sparse map

A flaw was found in the archive/tar package in the Go standard library. tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A specially crafted tar archive with a pax header indicating a big number of sparse regions can cause a Go...

Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.04 / 25.10 : GNU binutils vulnerabilities (USN-7919-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.04 / 25.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7919-1 advisory. It was discovered that GNU binutils' dumpdwarfsection function could be...

RockyLinux 9 : grafana (RLSA-2025:23087)

The remote RockyLinux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2025:23087 advisory. golang: archive/tar: Unbounded allocation when parsing GNU sparse map CVE-2025-58183 Tenable has extracted the preceding description block directly from the...

ALSA-2025:23087 Moderate: grafana security update

Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Security Fixes: golang: archive/tar: Unbounded allocation when parsing GNU sparse map CVE-2025-58183 For more details about the security issues, including the impact, a CVSS score,...

RHEL 9 : grafana (RHSA-2025:23087)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:23087 advisory. Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Security Fixes: golang: archive/tar:...

ALSA-2025:23088 Moderate: grafana security update

Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Security Fixes: golang: archive/tar: Unbounded allocation when parsing GNU sparse map CVE-2025-58183 For more details about the security issues, including the impact, a CVSS score,...

Huawei EulerOS: Security Advisory for binutils (EulerOS-SA-2025-2494)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-7919-1: GNU binutils vulnerabilities

It was discovered that GNU binutils' dumpdwarfsection function could be manipulated to perform an out-of-bounds read. A local attacker could possibly use this issue to cause GNU binutils to crash, resulting in a denial of service. This issue only affected Ubuntu 25.10. CVE-2025-11081 It was...

golang: archive/tar: Unbounded allocation when parsing GNU sparse map

A flaw was found in the archive/tar package in the Go standard library. tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A specially crafted tar archive with a pax header indicating a big number of sparse regions can cause a Go...

CLSA-2025-1765293700 buildah: Fix of CVE-2025-58183

CVE-2025-58183: fix cap GNU tar pax 1.0 sparse region size to prevent unbounded memory allocation...

golang: archive/tar: Unbounded allocation when parsing GNU sparse map

A flaw was found in the archive/tar package in the Go standard library. tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A specially crafted tar archive with a pax header indicating a big number of sparse regions can cause a Go...

USN-7412-3 gnupg2 vulnerability

USN-7412-1 fixed a vulnerability in GnuPG. This update provides the corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Original advisory details: It was discovered that GnuPG incorrectly handled importing keys with certain crafted subkey data. If a user or automated system were trick...

Unity Linux 20.1070e Security Update: gnupg2 (UTSA-2025-991107)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-991107 advisory. In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the...

Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: gnupg2 (UTSA-2025-991068)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-991068 advisory. In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the...

Amazon Linux 2023 : ecs-init (ALAS2023-2025-1295)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1295 advisory. net/url: insufficient validation of bracketed IPv6 hostnames The Parse function permitted values other than IPv6 addresses to be included in square brackets within the host component of a URL...

Amazon Linux 2023 : cni-plugins (ALAS2023-2025-1287)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1287 advisory. net/url: insufficient validation of bracketed IPv6 hostnames The Parse function permitted values other than IPv6 addresses to be included in square brackets within the host component of a URL...

RHEL 9 : golang (RHSA-2025:22899)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:22899 advisory. The golang packages provide the Go programming language compiler. Security Fixes: os/exec: Unexpected paths returned from LookPath in os/ex...

Amazon Linux 2023 : binutils, binutils-devel, binutils-gprofng (ALAS2023-2025-1301)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-1301 advisory. A vulnerability has been found in GNU Binutils 2.45. This impacts the function bfdelfgcrecordvtentry of the file bfd/elflink.c of the component Linker. The manipulation leads to out-of-bounds read. Loc...