RLSA-2026:22141
- Source
- https://errata.rockylinux.org/RLSA-2026:22141
- Import Source
- https://storage.googleapis.com/resf-osv-data/RLSA-2026:22141.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/RLSA-2026:22141
- Upstream
- Published
- 2026-06-05T12:04:50.053452Z
- Modified
- 2026-06-05T12:30:04.449881395Z
- Severity
-
- 7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H CVSS Calculator
- Summary
- Moderate: go-fdo-client and go-fdo-server security update
- Details
-
This package provides a server-side implementation of the FIDO Device Onboard (FDO) specification, written in Go. FDO is an open standard for the late binding of device credentials, allowing for automated and secure on-boarding of devices when they are first powered on in their final location.
Security Fix(es):
crypto/tls: Unexpected session resumption in crypto/tls (CVE-2025-68121)
crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation (CVE-2026-32281)
golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root (CVE-2026-32282)
crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building (CVE-2026-32280)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
- References
- Credits
-
-
- Rocky Enterprise Software Foundation
-
- Red Hat
-
Affected packages
Rocky Linux:10 / go-fdo-server
Package
- Name
- go-fdo-server
- Purl
- pkg:rpm/rocky-linux/go-fdo-server?distro=rocky-linux-10&epoch=0
Rocky Linux:10 / go-fdo-client
Package
- Name
- go-fdo-client
- Purl
- pkg:rpm/rocky-linux/go-fdo-client?distro=rocky-linux-10&epoch=0