Fedora 42 : gum (2026-bebf3b0544)

The remote Fedora 42 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-bebf3b0544 advisory. Rebuild with latest golang to resolve CVE-2025-47906. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note...

Important: golang

Issue Overview: A discrepancy between how Go and C/C++ comments were parsed allowed for code smuggling into the resulting cgo binary. CVE-2025-61732 Affected Packages: golang Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the difference between...

Important: golang

Issue Overview: A discrepancy between how Go and C/C++ comments were parsed allowed for code smuggling into the resulting cgo binary. CVE-2025-61732 Affected Packages: golang Issue Correction: Run dnf update golang --releasever 2023.10.20260216 or dnf update --advisory ALAS2023-2026-1438...

Important: golang

Issue Overview: net/http: memory exhaustion in Request.ParseForm CVE-2025-61726 archive/zip: denial of service when parsing arbitrary ZIP archives CVE-2025-61728 crypto/tls: handshake messages may be processed at the incorrect encryption level CVE-2025-61730 cmd/go: bypass of flag sanitization ca...

Medium: golang

Issue Overview: crypto/x509: excluded subdomain constraint does not restrict wildcard SANs An excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate. For example a constraint that excludes the subdomain test.example.com does not...

Important: golang

Issue Overview: cmd/go: unexpected command execution in untrusted VCS repositories CVE-2025-4674 Affected Packages: golang Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories. Issue Correctio...

AlmaLinux 9 : golang (ALSA-2025:10676)

The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2025:10676 advisory. net/http: Sensitive headers not cleared on cross-origin redirect in net/http CVE-2025-4673 Tenable has extracted the preceding description block directly from the...

Oracle Linux 9 : golang (ELSA-2025-10676)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2025-10676 advisory. - Fix for CVE-2025-4673, CVE-2025-0913, and CVE-2025-22874 Tenable has extracted the preceding description block directly from the Oracle Linux security...

Important: golang

Issue Overview: The net/http package accepted data in the chunked transfer encoding containing an invalid chunk-size line terminated by a bare LF. When used in conjunction with a server or proxy which incorrectly interprets a bare LF in a chunk extension as part of the extension, this could permi...

Important: golang

Issue Overview: The net/http package accepted data in the chunked transfer encoding containing an invalid chunk-size line terminated by a bare LF. When used in conjunction with a server or proxy which incorrectly interprets a bare LF in a chunk extension as part of the extension, this could permi...

Important: golang

Issue Overview: Calling any of the Parse functions on Go source code which contains deeply nested literals can cause a panic due to stack exhaustion. CVE-2024-34155 Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a...

Moderate: Red Hat Security Advisory: podman security update

An update for podman is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

git-lfs security and bug fix update

2.13.3-3 - Rebuild with new Golang - Resolves: rhbz2131795...

[SECURITY] Fedora 36 Update: golang-github-path-network-mmproxy-2.1-4.fc36

go-mmproxy is a standalone application that unwraps HAProxy's PROXY protocol also adopted by other projects such as NGINX so that the network connection to the end server comes from client's - instead of proxy server's - IP address and port number...

OPENSUSE-SU-2021:2664-1 Security update for golang-github-prometheus-prometheus

This update for golang-github-prometheus-prometheus fixes the following issues: - Provide and reload firewalld configuration only for: + openSUSE Leap 15.0, 15.1, 15.2 + SUSE SLE15, SLE15 SP1, SLE15 SP2 - Upgrade to upstream version 2.27.1 jscSLE-18254 + Bugfix: SECURITY: Fix arbitrary redirects...

SUSE-SU-2020:2606-1 Security update for golang-github-prometheus-prometheus

This update for golang-github-prometheus-prometheus to version 2.18.0 fixes the following issues: - Fixed some building issues bsc1175478 - prometheus components systemd units should depend on network target bsc1143913. Update to 2.18.0 + Features Tracing: Added experimental Jaeger support 7148 +...