Moderate: Red Hat Security Advisory: golang security, bug fix, and enhancement update

An update for golang is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

SUSE SLED15 / SLES15 Security Update : go1.26 (SUSE-SU-2026:1861-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1861-1 advisory. This update for go1.26 fixes the following issues Security issues: - CVE-2026-33811: net: crash when handling...

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization in the processing of HTTP/2 :path pseudo-headers in handleStream. An attacker can gain unauthorized access to restricted resources by sending requests with malformed :path headers that omit the leading slash. Thi...

SUSE SLES16 Security Update : go1.25-openssl (SUSE-SU-2026:20623-1)

The remote SUSE Linux SLES16 / SLESSAP16 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:20623-1 advisory. - Update to version 1.25.7 jscSLE-18320 - CVE-2025-61730: crypto/tls: handshake messages may be processed at the incorrect...

CLSA-2026-1772455449 buildah: Fix of 3 CVEs

rebuild with newer golang version 1.22.9-1.el92.tuxcare.els6 to fix the following CVE's - CVE-2025-68121: fix TLS session resumption bypass by preventing shared auto-rotated ticket keys in Config and validating full certificate chain expiry - CVE-2025-61726: limit parsed URL query parameters to...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : go1.24 (SUSE-SU-2026:0426-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0426-1 advisory. Update to version 1.24.13. Security issues fixed: - CVE-2025-61732: cmd/go: discrepancy between ...

CLSA-2025-1765985189 delve: Fix of CVE-2025-58183

rebuild with newer golang to fix CVE-2025-58183 fix unbounded memory consumption when reading GNU pax 1.0 sparse files...

delve and golang security update

delve 1.25.2-1.0.1 - Disable DWARF compression which has issues Alex Burmashev 1.25.2-1 - Update to Delve 1.25.2 - Resolves: RHEL-111801 golang 1.25.3-1 - Update to Go 1.25.3 - Resolves: RHEL-121220 1.25.1-1 - Update to Go 1.25.1 - Resolves: RHEL-116850 1.25.0-2 - Revert DWARF5 defaults - Add elf...

Reachable Assertion

Overview Affected versions of this package are vulnerable to Reachable Assertion in the handshake phase. An attacker can cause the client to crash by sending a premature HANDSHAKEDONE frame. Remediation Upgrade github.com/quic-go/quic-go to version 0.49.1, 0.54.1 or higher. References - GitHub PR...

Linux Distros Unpatched Vulnerability : CVE-2025-47909

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Hosts listed in TrustedOrigins implicitly allow requests from the corresponding HTTP origins, allowing network MitMs to perform CSRF attacks. After the...

Security update for v2ray-core (important)

openSUSE Security Update: Security update for v2ray-core Announcement ID: openSUSE-SU-2025:0322-1 Rating: important References: 1222488 1235164 1243946 Cross-References: CVE-2024-22189 CVE-2025-297850 CVSS scores: CVE-2024-22189 SUSE: 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected...

SUSE-SU-2025:02769-1 Security update for amber-cli

This update for amber-cli fixes the following issues: - Update to version 1.13.1+git20250329.c2e3bb8: CVE-2025-30204: Fixed jwt-go excessive memory allocation during header parsing bsc1240511 jwt version upgrade 174 Update policy size limit to 20k 173 Update tenant user model with latest changes...

PT-2022-20221 · Go +9 · Go +9

Name of the Vulnerable Software and Affected Versions: Go versions prior to 1.17.12 Go versions prior to 1.18.4 Description: The issue is related to uncontrolled recursion in Glob in path/filepath, which allows an attacker to cause a panic due to stack exhaustion via a path containing a large...

Improper Removal of Sensitive Information Before Storage or Transfer

Overview Affected versions of this package are vulnerable to Improper Removal of Sensitive Information Before Storage or Transfer via the rest.AnonymousClientConfig method that does not effectively clear service account credentials loaded using rest.InClusterConfig. An attacker can gain...

Uncontrolled Recursion

Overview std/encoding/pem is a Go standard library package std/encoding/pem Affected versions of this package are vulnerable to Uncontrolled Recursion. Go Vulnerability Report: Stack overflow via a large amount of PEM data via the Decode function. An attacker can cause a stack overflow and...