59 matches found
Important: Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update
An update for Red Hat Hardened Images RPMs is now available. This update includes the following RPMs: golang1.25: golang1.25-1.25.11-2.hum1 aarch64, x8664 golang1.25-bin-1.25.11-2.hum1 aarch64, x8664 golang1.25-docs-1.25.11-2.hum1 noarch golang1.25-misc-1.25.11-2.hum1 noarch...
Astra Linux - уязвимость в golang-1.19
Using Parse with a build tag line like "// +build" and deeply nested expressions can lead to a panic due to stack exhaustion...
Astra Linux - уязвимость в golang-1.19
Not all valid JavaScript whitespace characters are considered to be whitespace. Templates containing whitespace characters outside of the character set "\t\n\f\r\u0020\u2028\u2029" in JavaScript contexts that also contain actions may not be properly sanitized during execution...
Astra Linux - уязвимость в golang-1.19, golang-1.23
The matching of hosts against proxy patterns may improperly treat an IPv6 zone ID as a hostname component. For example, when the NOPROXY environment variable is set to “.example.com”, a request to “::1%25.example.com:80” will be incorrectly matched and not be proxied...
Golang 1.25.x < 1.25.10 / 1.26.x < 1.26.3 Multiple Vulnerabilities
The version of Golang running on the remote host is 1.25.x prior to 1.25.10, or 1.26.x prior to 1.26.3. It is, therefore, affected by multiple vulnerabilities, including: - The net package's LookupCNAME function could trigger a double-free crash when using the cgo DNS resolver with very long CNAM...
CLSA-2026-1772575666 containernetworking-plugins: Fix of 3 CVEs
rebuild with newer golang version 1.22.9-1.el92.tuxcare.els6 to fix the following CVE - CVE-2025-61729: fix excessive resource consumption when constructing hostname error messages for certificates with many SANs - CVE-2025-61726: limit parsed URL query parameters to mitigate excessive memory...
Astra Linux – Vulnerability in Golang-1.19
The go command may generate unexpected code during build time when using cgo. This can lead to unexpected behavior when running a Go program that uses cgo. This issue may occur when running a trusted module that contains directories with newline characters in their names. Modules retrieved using...
Astra Linux – Vulnerability in Golang-1.19
On Unix platforms, the Go runtime behaves differently when a binary is run with the setuid/setgid bits enabled. This can be dangerous in certain situations, such as when dumping memory state or assuming the status of standard I/O file descriptors. If a setuid/setgid binary is executed with standa...
Astra Linux – Vulnerability in Golang-1.19
Verifying a certificate chain that contains a certificate with an unknown public key algorithm will cause Certificate.Verify to panic. This affects all crypto/TLS clients, as well as servers that have Config.ClientAuth set to VerifyClientCertIfGiven or RequireAndVerifyClientCert. The default...
Astra Linux – Vulnerability in Golang 1.19, Golang 1.23
Due to the use of a variable time instruction in the assembly implementation of an internal function, a small number of bits from secret scalars are leaked on the ppc64le architecture. Given the way this function is used, we believe that this leakage is not sufficient to allow recovery of the...
Amazon Linux 2 : golang, --advisory ALAS2-2026-3203 (ALAS-2026-3203)
The version of golang installed on the remote host is prior to 1.25.8-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3203 advisory. url.Parse insufficiently validated the host/authority component and accepted some invalid URLs. CVE-2026-25679 On Unix...
CLSA-2026-1773309522 osbuild-composer: Fix of 4 CVEs
rebuild with newer golang version 1.22.9-1.el92.tuxcare.els6 to fix the following CVEs - CVE-2025-61729: fix excessive resource consumption when constructing hostname error messages for certificates with many SANs - CVE-2025-61728: reduce CPU usage in index construction - CVE-2025-61726: limit...
AZL-79628 CVE-2026-27137 affecting package golang 1.26.0-1
When verifying a certificate chain which contains a certificate containing multiple email address constraints which share common local portions but different domain portions, these constraints will not be properly applied, and only the last constraint will be considered...
ROOT-OS-DEBIAN-13-CVE-2025-58189 CVE-2025-58189 in rootio-golang-1.24 - Patched by Root
Root has patched CVE-2025-58189 in the rootio-golang-1.24 package for Root:Debian:13. Multiple fixed versions available...
ROOT-OS-DEBIAN-13-CVE-2025-61732 CVE-2025-61732 in rootio-golang-1.24 - Patched by Root
Root has patched CVE-2025-61732 in the rootio-golang-1.24 package for Root:Debian:13. Multiple fixed versions available...
runc security update
4:1.4.0-2 - Rebuild for new golang to address CVE-2025-68121 - Resolves: RHEL-149630...
Amazon Linux 2 : golang, --advisory ALAS2-2026-3172 (ALAS-2026-3172)
The version of golang installed on the remote host is prior to 1.24.13-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3172 advisory. A discrepancy between how Go and C/C++ comments were parsed allowed for code smuggling into the resulting cgo binary. CVE-2025-617...
Amazon Linux 2 : golang, --advisory ALAS2-2026-3136 (ALAS-2026-3136)
The version of golang installed on the remote host is prior to 1.24.12-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3136 advisory. net/http: memory exhaustion in Request.ParseForm CVE-2025-61726 archive/zip: denial of service when parsing arbitrary ZIP...
CVE-2025-61726 affecting package golang for versions less than 1.25.6-1
CVE-2025-61726 affecting package golang for versions less than 1.25.6-1. A patched version of the package is available...
AZL-75707 CVE-2025-61728 affecting package golang for versions less than 1.24.12-1
archive/zip uses a super-linear file name indexing algorithm that is invoked the first time a file in an archive is opened. This can lead to a denial of service when consuming a maliciously constructed ZIP archive...