CLSA-2026-1773314910 git-lfs: Fix of 3 CVEs

rebuild with newer golang version 1.22.9-1.el92.tuxcare.els6 to fix the following CVE - CVE-2025-61726: limit parsed URL query parameters to mitigate excessive memory consumption during form parsing - CVE-2025-68121: fix TLS session resumption bypass by preventing shared auto-rotated ticket keys...

CLSA-2026-1772624338 grafana-pcp: Fix of CVE-2025-68121

rebuild with newer golang version 1.22.9-1.el92.tuxcare.els6 to fix the following CVE's - CVE-2025-68121: fix TLS session resumption bypass by preventing shared auto-rotated ticket keys in Config and validating full certificate chain expiry...

USN-6038-1 golang-1.18 vulnerabilities

It was discovered that the Go net/http module incorrectly handled Transfer-Encoding headers in the HTTP/1 client. A remote attacker could possibly use this issue to perform an HTTP Request Smuggling attack. CVE-2022-1705 It was discovered that Go did not properly manage memory under certain...

UBUNTU-CVE-2021-22890

curl 7.63.0 to and including 7.75.0 includes vulnerability that allows a malicious HTTPS proxy to MITM a connection due to bad handling of TLS 1.3 session tickets. When using a HTTPS proxy and TLS 1.3, libcurl can confuse session tickets arriving from the HTTPS proxy but work as if they arrived...

ALPINE-CVE-2016-6302

The tlsdecryptticket function in ssl/t1lib.c in OpenSSL before 1.1.0 does not consider the HMAC size during validation of the ticket length, which allows remote attackers to cause a denial of service via a ticket that is too short...