RockyLinux 9 : grafana (RLSA-2026:19185)

The remote RockyLinux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:19185 advisory. net/url: Incorrect parsing of IPv6 host literals in net/url CVE-2026-25679 Tenable has extracted the preceding description block directly from the RockyLinux...

net/url: Incorrect parsing of IPv6 host literals in net/url

The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid...

ALSA-2026:13671 Important: image-builder security update

A local binary for building customized OS artifacts such as VM images and OSTree commits. Uses osbuild under the hood. Security Fixes: net/url: Incorrect parsing of IPv6 host literals in net/url CVE-2026-25679 For more details about the security issues, including the impact, a CVSS score,...

Important: Red Hat Security Advisory: buildah security update

An update for buildah is now available for Red Hat Enterprise Linux 9.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

JLSEC-2026-268 Issue summary: An application using the OpenSSL HTTP client API functions may trigger an out-of...

Issue summary: An application using the OpenSSL HTTP client API functions may trigger an out-of-bounds read if the 'noproxy' environment variable is set and the host portion of the authority component of the HTTP URL is an IPv6 address. Impact summary: An out-of-bounds read can trigger a crash...

Important: Red Hat Security Advisory: grafana security update

An update for grafana is now available for Red Hat Enterprise Linux 10.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available fo...

Important: osbuild-composer security update

A service for building customized OS artifacts, such as VM images and OSTree commits, that uses osbuild under the hood. Besides building images for local usage, it can also upload images directly to cloud. It is compatible with composer-cli and cockpit-composer clients. Security Fixes: net/url:...

RHEL 8 : go-toolset:rhel8 (RHSA-2026:6949)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:6949 advisory. Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. Security Fixes: cmd/go: cmd/go:...

AlmaLinux 9 : golang (ALSA-2026:5942)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:5942 advisory. cmd/go: cmd/go: Arbitrary file write via malicious pkg-config directive CVE-2025-61731 net/url: Incorrect parsing of IPv6 host literals in net/url...

ALSA-2026:5942 Important: golang security update

The golang packages provide the Go programming language compiler. Security Fixes: cmd/go: cmd/go: Arbitrary file write via malicious pkg-config directive CVE-2025-61731 net/url: Incorrect parsing of IPv6 host literals in net/url CVE-2026-25679 For more details about the security issues, including...