9 matches found
CLSA-2026-1779182426 buildah: Fix of CVE-2026-32283
rebuild on tuxcare9.6esu with newer golang version 1.25.7-1.el96.tuxcare.els4 - CVE-2026-32283: fix TLS 1.3 deadlock in crypto/tls handleKeyUpdate...
CLSA-2026-1776968105 skopeo: Fix of CVE-2026-25679
rebuild with newer golang version 1.25.7-1.el96.tuxcare.els2 to fix the following CVE - CVE-2026-25679: fix insufficient validation of host/authority in net/url.Parse by rejecting invalid URLs with IPv6 literals not at the start of the host...
CLSA-2026-1776966842 go-rpm-macros: Fix of CVE-2026-25679
CVE-2026-25679: rebuild against golang-1.25.7-1.tuxcare.els2 which contains the net/url IPv6 host-literal parsing fix...
AZL-79610 CVE-2026-27138 affecting package golang 1.25.7-1
Certificate verification can panic when a certificate in the chain has an empty DNS name and another certificate in the chain has excluded name constraints. This can crash programs that are either directly verifying X.509 certificate chains, or those that use TLS...
AZL-79613 CVE-2026-27137 affecting package golang 1.25.7-1
When verifying a certificate chain which contains a certificate containing multiple email address constraints which share common local portions but different domain portions, these constraints will not be properly applied, and only the last constraint will be considered...
AZL-78929 CVE-2025-61728 affecting package golang 1.25.7-1
archive/zip uses a super-linear file name indexing algorithm that is invoked the first time a file in an archive is opened. This can lead to a denial of service when consuming a maliciously constructed ZIP archive...
AZL-78907 CVE-2025-58183 affecting package golang 1.25.7-1
tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A maliciously-crafted archive containing a large number of sparse regions can cause a Reader to read an unbounded amount of data from the archive into memory. When reading from a...
AZL-78986 CVE-2025-22874 affecting package golang 1.25.7-1
Calling Verify with a VerifyOptions.KeyUsages that contains ExtKeyUsageAny unintentionally disabledpolicy validation. This only affected certificate chains which contain policy graphs, which are rather uncommon...
AZL-78966 CVE-2019-9634 affecting package golang 1.25.7-1
Go through 1.12 on Windows misuses certain LoadLibrary functionality, leading to DLL injection...