openSUSE 15 Security Update : vexctl (SUSE-SU-2026:0592-1)

The remote openSUSE 15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0592-1 advisory. - Update to version 0.4.1+git78.f951e3a: - CVE-2025-22868: Unexpected memory consumption during token parsing in golang.org/x/oauth2. bsc1239186 -...

EUVD-2025-6690

Malicious code in bioql PyPI...

Security update for ignition

This update for ignition fixes the following issues: CVE-2025-22870: golang.org/x/net/http/httpproxy: proxy bypass using IPv6 zone IDs bsc1238681. CVE-2025-22868: golang.org/x/oauth2/jws: Unexpected memory consumption during token parsing in golang.org/x/oauth2 bsc1239192. Patch Instructions: To...

Security update for go1.23-openssl

This update for go1.23-openssl fixes the following issues: Update to version 1.23.9 bsc1229122: Security fixes: CVE-2024-45336: net/http: sensitive headers incorrectly sent after cross-domain redirect bsc1236046 CVE-2024-45341: crypto/x509: usage of IPv6 zone IDs can bypass URI name constraints...

ALSA-2025:7466 Moderate: delve and golang security update

Delve is a debugger for the Go programming language. The goal of the project is to provide a simple, full featured debugging tool for Go. Delve should be easy to invoke and easy to use. Chances are if you're using a debugger, things aren't going your way. With that in mind, Delve should stay out ...

ALSA-2025:3772 Moderate: go-toolset:rhel8 security update

Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. Security Fixes: golang: crypto/x509: crypto/x509: usage of IPv6 zone IDs can bypass URI name constraints CVE-2024-45341 golang: net/http: net/http: sensitive headers incorrectly sent after...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : skopeo (SUSE-SU-2025:1055-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2025:1055-1 advisory. - CVE-2025-22870: Fixed proxy bypass using IPv6 zone IDs bsc1238685. Tenable has extracted the preceding...

SUSE-SU-2025:1055-1 Security update for skopeo

This update for skopeo fixes the following issues: - CVE-2025-22870: Fixed proxy bypass using IPv6 zone IDs bsc1238685...

SUSE-SU-2025:1007-1 Security update for helm

This update for helm fixes the following issues: - CVE-2025-22870: Fixed proxy bypass using IPv6 zone IDs bsc1238688. Other fixes: - Updated to version 3.17.2 - Updated to 0.37.0 for x/net...

Improper Hostname Validation

golang.org/x/net is vulnerable to improper hostname validation. The vulnerability is due to improper handling of IPv6 zone IDs in host matching against proxy patterns, allowing an attacker to bypass proxy restrictions and potentially send traffic through unintended network paths...

AZL-58422 CVE-2025-22870 affecting package prometheus-node-exporter for versions less than 1.7.0-3

Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NOPROXY environment variable is set to ".example.com", a request to "::1%25.example.com:80 will incorrectly match and not be proxied...

CVE-2025-22870 HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net

Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NOPROXY environment variable is set to ".example.com", a request to "::1%25.example.com:80 will incorrectly match and not be proxied...

openSUSE Security Advisory (SUSE-SU-2025:0802-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : go1.24 (SUSE-SU-2025:0802-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2025:0802-1 advisory. - CVE-2025-22870: golang.org/x/net/proxy, golang.org/x/net/http/httpproxy: Fixed proxy bypass using IPv6...

Security update for go1.24

This update for go1.24 fixes the following issues: CVE-2025-22870: golang.org/x/net/proxy, golang.org/x/net/http/httpproxy: Fixed proxy bypass using IPv6 zone IDs bsc1238572 Other fixes: Updated go version to go1.24.1 bsc1236217: go71986 go71984 bsc1238572 security: fix CVE-2025-22870 net/http,...

CVE-2024-45341 Usage of IPv6 zone IDs can bypass URI name constraints in crypto/x509

A certificate with a URI which has a IPv6 address with a zone ID may incorrectly satisfy a URI name constraint that applies to the certificate chain. Certificates containing URIs are not permitted in the web PKI, so this only affects users of private PKIs which make use of URIs...

CVE-2024-45341 Usage of IPv6 zone IDs can bypass URI name constraints in crypto/x509

A certificate with a URI which has a IPv6 address with a zone ID may incorrectly satisfy a URI name constraint that applies to the certificate chain. Certificates containing URIs are not permitted in the web PKI, so this only affects users of private PKIs which make use of URIs...

GO-2025-3373 Usage of IPv6 zone IDs can bypass URI name constraints in crypto/x509

A certificate with a URI which has a IPv6 address with a zone ID may incorrectly satisfy a URI name constraint that applies to the certificate chain. Certificates containing URIs are not permitted in the web PKI, so this only affects users of private PKIs which make use of URIs...

MGASA-2025-0021 Updated golang packages fix security vulnerabilities

net/http: sensitive headers incorrectly sent after cross-domain redirect, CVE-2024-45336. crypto/x509: usage of IPv6 zone IDs can bypass URI name constraints, CVE-2024-45341...

FreeBSD : go -- multiple vulnerabilities (704aa72a-d840-11ef-a205-901b0e9408dc)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 704aa72a-d840-11ef-a205-901b0e9408dc advisory. The Go project reports: crypto/x509: usage of IPv6 zone IDs can bypass URI name constraints A...