ALSA-2026:3669 Important: go-rpm-macros security update

This package provides build-stage rpm automation to simplify the creation of Go language golang packages. It does not need to be included in the default build root: go-srpm-macros will pull it in for Go packages only. Security Fixes: golang: net/url: Memory exhaustion in query parameter parsing i...

MiracleLinux 8 : go-toolset:rhel8 (AXSA:2026-195:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2026-195:01 advisory. golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip CVE-2025-61728 golang: net/url: Memory exhaustion in query...

CVE-2025-47912

The Parse function permits values other than IPv6 addresses to be included in square brackets within the host component of a URL. RFC 3986 permits IPv6 addresses to be included within the host component, enclosed within square brackets. For example: "http://::1/". IPv4 addresses and hostnames mus...

RLSA-2025:13941 Important: golang security update

The golang packages provide the Go programming language compiler. Security Fixes: cmd/go: Go VCS Command Execution Vulnerability CVE-2025-4674 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE pages...

Oracle Linux 10 : golang (ELSA-2025-10677)

The remote Oracle Linux 10 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2025-10677 advisory. 1.24.4-1 - Update to Go 1.24.4 fips-1 1.24.3-3 - Update to Go 1.24.3 fips-3 1.24.3-2 - Update to Go 1.24.3 fips-2 1.24.3-1 - Update to Go 1.24.3 Tenable has...

MAL-2025-2544 Malicious code in github.com/belatedplanet/hypert (Go)

--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security ae6bd303b29130f3970f2f526b9c704e4fa0905fa4b3e015542213f4aaf5f701 Malcious typosquatting Go packages targeting Linux and macOS systems used to as a loader to download and run another malicious payload...

MAL-2025-2546 Malicious code in github.com/ornatedoctrin/layout (Go)

--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security 9edf608032bbc84563da5c04376d6add49123c8fdba94883c239857eb45afc40 Malcious typosquatting Go packages targeting Linux and macOS systems used to as a loader to download and run another malicious payload...

MAL-2025-2547 Malicious code in github.com/shadowybulk/hypert (Go)

--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security 80a941bac0303482eb50ebe17fbfa05f22640a3932940be16100c6a1c0357a04 Malcious typosquatting Go packages targeting Linux and macOS systems used to as a loader to download and run another malicious payload...

MAL-2025-2548 Malicious code in github.com/shallowmulti/hypert (Go)

--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security 25d0e55a48f82ab8ddd5e90d258c133505fa7fea03b775c1987e0dd7f9453f08 Malcious typosquatting Go packages targeting Linux and macOS systems used to as a loader to download and run another malicious payload...

MAL-2025-2549 Malicious code in github.com/thankfulmai/hypert (Go)

--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security 3fb8eb4f90f5b6657c77cd4876445c068cc53ec74237d2ec559dd21c3c876fc4 Malcious typosquatting Go packages targeting Linux and macOS systems used to as a loader to download and run another malicious payload...

MAL-2025-2550 Malicious code in github.com/utilizedsun/layout (Go)

--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security c1511f2ec5bec408a1a2febf7d6a7bc0db05b5af4870679ef43223ecff5f000d Malcious typosquatting Go packages targeting Linux and macOS systems used to as a loader to download and run another malicious payload...

MAL-2025-2551 Malicious code in github.com/vainreboot/layout (Go)

--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security cd535431a1bde903495e71799081c385016d84659ac004c1c57c0d81e311ee59 Malcious typosquatting Go packages targeting Linux and macOS systems used to as a loader to download and run another malicious payload...

Linux Distros Unpatched Vulnerability : CVE-2021-3115

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Go before 1.14.14 and 1.15.x before 1.15.7 on Windows is vulnerable to Command Injection and remote code execution when using the go get command to fetch module...

Linux Distros Unpatched Vulnerability : CVE-2019-14809

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - net/url in Go before 1.11.13 and 1.12.x before 1.12.8 mishandles malformed hosts in URLs, leading to an authorization bypass in some applications. This is relat...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : go1.22-openssl (SUSE-SU-2024:3938-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:3938-1 advisory. This update ships go1.22-openssl 1.22.7.1 jscSLE-18320 - Update to version 1.22.7.1 cut from the...

Important Photon OS Security Update - PHSA-2024-3.0-0799

Updates of 'go' packages of Photon OS have been released...

Important Photon OS Security Update - PHSA-2024-3.0-0783

Updates of 'go' packages of Photon OS have been released...

Security Bulletin: Security vulnerabilities may affect Go packages that are shipped with IBM CICS TX Standard.

Summary Security vulnerabilities may affect Go packages that are shipped with IBM CICS TX Standard. IBM CICS TX Standard has addressed the issues. Vulnerability Details CVEID:CVE-2024-24786 DESCRIPTION: Protocol Buffers protobuf-go is vulnerable to a denial of service, caused by an infinite loop...

Security Bulletin: Security vulnerabilities may affect Go packages that are shipped with IBM CICS TX Advanced.

Summary Security vulnerabilities may affect Go packages that are shipped with IBM CICS TX Advanced. IBM CICS TX Advanced has addressed the issues. Vulnerability Details CVEID:CVE-2023-45288 DESCRIPTION: Golang Go is vulnerable to a denial of service, caused by a memory exhaustion flaw due to floo...

AlmaLinux 8 : container-tools:4.0 (ALSA-2024:0121)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2024:0121 advisory. golang: archive/tar: unbounded memory consumption when reading headers CVE-2022-2879 golang: net/http/httputil: ReverseProxy should not forward unparseabl...