Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: golang (UTSA-2026-016816)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016816 advisory. If the PATH environment variable contains paths which are executables rather than just directories, passing certain strings to LookPath , ., and .., can result in th...

Moderate: Red Hat Security Advisory: go-toolset:rhel8 security update

An update for the go-toolset:rhel8 module is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support and Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On. Red Hat Product Security has rated this update as having a security impact of Moderate. A...

Moderate: Red Hat Security Advisory: go-toolset:rhel8 security update

An update for the go-toolset:rhel8 module is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity ratin...

CLSA-2025-1765379145 golang: Fix of CVE-2025-47906

CVE-2025-47906: fix issue where certain strings could cause executables in PATH variable to be returned by LookPath function...

os/exec: Unexpected paths returned from LookPath in os/exec

A path handling flaw has been discovered in the os/exec go package. If the PATH environment variable contains paths which are executables rather than just directories, passing certain strings to LookPath "", ".", and "..", can result in the binaries listed in the PATH being unexpectedly returned...

AlmaLinux 8 : go-toolset:rhel8 (ALSA-2025:22668)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2025:22668 advisory. os/exec: Unexpected paths returned from LookPath in os/exec CVE-2025-47906 golang: archive/tar: Unbounded allocation when parsing GNU sparse map...

go-toolset:rhel8 security update

An update is available for module.delve, module.golang, delve, golang. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Go Toolset provides the Go programming...

RockyLinux 9 : go-rpm-macros (RLSA-2025:22005)

The remote RockyLinux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2025:22005 advisory. os/exec: Unexpected paths returned from LookPath in os/exec CVE-2025-47906 Tenable has extracted the preceding description block directly from the RockyLinux...

Moderate: go-toolset:rhel8 security update

Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. Security Fixes: os/exec: Unexpected paths returned from LookPath in os/exec CVE-2025-47906 golang: archive/tar: Unbounded allocation when parsing GNU sparse map CVE-2025-58183 For more detail...

ALSA-2025:22668 Moderate: go-toolset:rhel8 security update

Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. Security Fixes: os/exec: Unexpected paths returned from LookPath in os/exec CVE-2025-47906 golang: archive/tar: Unbounded allocation when parsing GNU sparse map CVE-2025-58183 For more detail...

RLSA-2025:22005 Moderate: go-rpm-macros security update

This package provides build-stage rpm automation to simplify the creation of Go language golang packages. It does not need to be included in the default build root: go-srpm-macros will pull it in for Go packages only. Security Fixes: os/exec: Unexpected paths returned from LookPath in os/exec...

ALSA-2025:22005 Moderate: go-rpm-macros security update

This package provides build-stage rpm automation to simplify the creation of Go language golang packages. It does not need to be included in the default build root: go-srpm-macros will pull it in for Go packages only. Security Fixes: os/exec: Unexpected paths returned from LookPath in os/exec...

TencentOS Server 4: grafana (TSSA-2025:0834)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0834 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

GO-2025-3956 Unexpected paths returned from LookPath in os/exec

If the PATH environment variable contains paths which are executables rather than just directories, passing certain strings to LookPath "", ".", and "..", can result in the binaries listed in the PATH being unexpectedly returned...

Updated golang packages fix vulnerabilities

LookPath may return unexpected paths, CVE-2025-47906. incorrect results returned from Rows.Scan, CVE-2025-47907. These packages fix the issues for the compiler only; applications using the functions still need to be rebuilt...