MiracleLinux 8 : go-toolset:rhel8 (AXSA:2024-7550:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-7550:01 advisory. golang: net/http/internal: Denial of Service DoS via Resource Consumption via HTTP requests CVE-2023-39326 golang: cmd/go: Protocol Fallback when...

SUSE-SU-2025:20716-1 Security update for sevctl

This update for sevctl fixes the following issues: - CVE-2025-3416: openssl: Fixed Use-After-Free in Md::fetch and Cipher::fetch bsc1242618 - CVE-2024-12224: idna: Fixed Punycode labels not producing any non-ASCII when decode bsc1243860...

Security Bulletin: There are multiple vulnerabilities in Go related packages that are shipped with IBM CICS TX Standard.

Summary There are multiple vulnerabilities in Go related packages that are shipped with IBM CICS TX Standard. An update to IBM CICS TX Standard has been released to address these vulnerabilities. Vulnerability Details CVEID:CVE-2023-48795 DESCRIPTION: OpenSSH is vulnerable to a...

golang: cmd/go: Protocol Fallback when fetching modules

A flaw was found in the Golang package cmd/go. This issue permits the fallback to insecure "git://" if trying to fetch a .git module that has no "https://" or "git+ssh://" available...

golang: cmd/go: Protocol Fallback when fetching modules

A flaw was found in the Golang package cmd/go. This issue permits the fallback to insecure "git://" if trying to fetch a .git module that has no "https://" or "git+ssh://" available...

OESA-2023-1935 golang security update

. Security Fixes: A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes from the network than are in the body. A malicious HTTP client can further exploit this to cause a server to automatically read a large amount of...

SUSE CVE-2023-45285

Using go get to fetch a module with the ".git" suffix may unexpectedly fallback to the insecure "git://" protocol if the module is unavailable via the secure "https://" and "git+ssh://" protocols, even if GOINSECURE is not set for said module. This only affects users who are not using the module...

AZL-32103 CVE-2023-45285 affecting package msft-golang for versions less than 1.22.3-1.

Using go get to fetch a module with the ".git" suffix may unexpectedly fallback to the insecure "git://" protocol if the module is unavailable via the secure "https://" and "git+ssh://" protocols, even if GOINSECURE is not set for said module. This only affects users who are not using the module...

AZL-79014 CVE-2023-45285 affecting package golang 1.25.7-1

Using go get to fetch a module with the ".git" suffix may unexpectedly fallback to the insecure "git://" protocol if the module is unavailable via the secure "https://" and "git+ssh://" protocols, even if GOINSECURE is not set for said module. This only affects users who are not using the module...