Security News

Cybersecurity news aggregator

🔄
HIGH Updates Red Hat Errata

RHSA-2026:19137: Important: go-fdo-server security update

cve-2026-33999redhatcve-2026-33816cve-2026-32283
This security update addresses two vulnerabilities in the go-fdo-server package for RHEL 10: a critical (CVSS 9.8) memory-safety flaw in the `pgx` PostgreSQL driver (CVE-2026-33816) and a high-severity (CVSS 7.5) denial-of-service vulnerability in Go's `crypto/tls` library triggered by multiple TLS 1.3 key update messages (CVE-2026-32283). The Go TLS flaw affects versions prior to 1.25.9 and versions 1.26.0 through 1.26.1, with fixes available in Go 1.25.9 and 1.26.2. Red Hat has rated this update as Important.
Read Full Article →

Red Hat Product Errata RHSA-2026:19137 - Security Advisory Issued: 2026-05-19 Updated: 2026-05-19 RHSA-2026:19137 - Security Advisory Overview Updated Packages Synopsis Important: go-fdo-server security update Type/Severity Security Advisory: Important Red Hat Lightspeed patch analysis Identify and remediate systems affected by this advisory. View affected systems Topic An update for go-fdo-server is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description This package provides a server-side implementation of the FIDO Device Onboard (FDO) specification, written in Go. FDO is an open standard for the late binding of device credentials, allowing for automated and secure on-boarding of devices when they are first powered on in their final location. Security Fix(es): github.com/jackc/pgx/v5: github.com/jackc/pgx: Memory-safety vulnerability (CVE-2026-33816) crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages (CVE-2026-32283) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 Affected Products Red Hat Enterprise Linux for x86_64 10 x86_64 Red Hat Enterprise Linux for x86_64 - Extended Update Support 10.2 x86_64 Red Hat Enterprise Linux for ARM 64 10 aarch64 Red Hat Enterprise Linux for ARM 64 - Extended Update Support 10.2 aarch64 Red Hat Enterprise Linux for ARM 64 - 4 years of updates 10.2 aarch64 Red Hat Enterprise Linux for x86_64 - 4 years of updates 10.2 x86_64 Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 10.2 x86_64 Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 10.2 aarch64 Fixes BZ - 2455972 - CVE-2026-33816 github.com/jackc/pgx/v5: github.com/jackc/pgx: Memory-safety vulnerability BZ - 2456338 - CVE-2026-32283 crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages CVEs CVE-2026-32283 CVE-2026-33816 References https://access.redhat.com/security/updates/classification/#important Note: More recent versions of these packages may be available. Click a package name for more details. Red Hat Enterprise Linux for x86_64 10 SRPM go-fdo-server-1.0.1-1.el10_2.src.rpm SHA-256: e10eeedda7e93b4f204bd689c35e9d1d0a5fc09aa7061d9b131162a267859a0a x86_64 go-fdo-server-1.0.1-1.el10_2.x86_64.rpm SHA-256: 5103cfde40116ec2b213961dd34c7b6669e28582eeecb28039a6883fc82a6ba5 go-fdo-server-debuginfo-1.0.1-1.el10_2.x86_64.rpm SHA-256: 50a8748fa57d3efc06da940847cd6519decc90e79b80cba8509c493d461625f4 go-fdo-server-debugsource-1.0.1-1.el10_2.x86_64.rpm SHA-256: 99531764cff32f5de2724963f13136e120cc75582632d586c33e5e85b4a663e7 go-fdo-server-manufacturer-1.0.1-1.el10_2.noarch.rpm SHA-256: d2edd2646d5d0d5c968d65c389dbc092763a31a542bb23565ffc5914796294d1 go-fdo-server-owner-1.0.1-1.el10_2.noarch.rpm SHA-256: 76f73c2f85879b54b41d7e9a839ce342115b297feb7090398558b38357431e4c go-fdo-server-rendezvous-1.0.1-1.el10_2.noarch.rpm SHA-256: 1b943de975e76c25c5f5b9705905080433d59d711b4725103695a592c84848c2 Red Hat Enterprise Linux for x86_64 - Extended Update Support 10.2 SRPM go-fdo-server-1.0.1-1.el10_2.src.rpm SHA-256: e10eeedda7e93b4f204bd689c35e9d1d0a5fc09aa7061d9b131162a267859a0a x86_64 go-fdo-server-1.0.1-1.el10_2.x86_64.rpm SHA-256: 5103cfde40116ec2b213961dd34c7b6669e28582eeecb28039a6883fc82a6ba5 go-fdo-server-debuginfo-1.0.1-1.el10_2.x86_64.rpm SHA-256: 50a8748fa57d3efc06da940847cd6519decc90e79b80cba8509c493d461625f4 go-fdo-server-debugsource-1.0.1-1.el10_2.x86_64.rpm SHA-256: 99531764cff32f5de2724963f13136e120cc75582632d586c33e5e85b4a663e7 go-fdo-server-manufacturer-1.0.1-1.el10_2.noarch.rpm SHA-256: d2edd2646d5d0d5c968d65c389dbc092763a31a542bb23565ffc5914796294d1 go-fdo-server-owner-1.0.1-1.el10_2.noarch.rpm SHA-256: 76f73c2f85879b54b41d7e9a839ce342115b297feb7090398558b38357431e4c go-fdo-server-rendezvous-1.0.1-1.el10_2.noarch.rpm SHA-256: 1b943de975e76c25c5f5b9705905080433d59d711b4725103695a592c84848c2 Red Hat Enterprise Linux for ARM 64 10 SRPM go-fdo-server-1.0.1-1.el10_2.src.rpm SHA-256: e10eeedda7e93b4f204bd689c35e9d1d0a5fc09aa7061d9b131162a267859a0a aarch64 go-fdo-server-1.0.1-1.el10_2.aarch64.rpm SHA-256: 4b3cb966b4cdddd5dd09d4cb5fdde051f5c37742badc97f5a5225128926390e2 go-fdo-server-debuginfo-1.0.1-1.el10_2.aarch64.rpm SHA-256: b61c4425e25e9ee5a681d1007e3fa3441324da9658227c6ce0b3669cb1a231b1 go-fdo-server-debugsource-1.0.1-1.el10_2.aarch64.rpm SHA-256: 63f2d45e1c3229c902e3fd2443b285ded12c7bafc9805ab43513facf3531905d go-fdo-server-manufacturer-1.0.1-1.el10_2.noarch.rpm SHA-256: d2edd2646d5d0d5c968d65c389dbc092763a31a542bb23565ffc5914796294d1 go-fdo-server-owner-1.0.1-1.el10_2.noarch.rpm SHA-256: 76f73c2f85879b54b41d7e9a839ce342115b297feb7090398558b38357431e4c go-fdo-server-rendezvous-1.0.1-1.el10_2.noarch.rpm SHA-256: 1b943de975e76c25c5f5b9705905080433d59d711b4725103695a592c84848c2 Red Hat Enterprise Linux for ARM 64 - Extended Update Support 10.2 SRPM go-fdo-server-1.0.1-1.el10_2.src.rpm SHA-256: e10eeedda7e93b4f204bd689c35e9d1d0a5fc09aa7061d9b131162a267859a0a aarch64 go-fdo-server-1.0.1-1.el10_2.aarch64.rpm SHA-256: 4b3cb966b4cdddd5dd09d4cb5fdde051f5c37742badc97f5a5225128926390e2 go-fdo-server-debuginfo-1.0.1-1.el10_2.aarch64.rpm SHA-256: b61c4425e25e9ee5a681d1007e3fa3441324da9658227c6ce0b3669cb1a231b1 go-fdo-server-debugsource-1.0.1-1.el10_2.aarch64.rpm SHA-256: 63f2d45e1c3229c902e3fd2443b285ded12c7bafc9805ab43513facf3531905d go-fdo-server-manufacturer-1.0.1-1.el10_2.noarch.rpm SHA-256: d2edd2646d5d0d5c968d65c389dbc092763a31a542bb23565ffc5914796294d1 go-fdo-server-owner-1.0.1-1.el10_2.noarch.rpm SHA-256: 76f73c2f85879b54b41d7e9a839ce342115b297feb7090398558b38357431e4c go-fdo-server-rendezvous-1.0.1-1.el10_2.noarch.rpm SHA-256: 1b943de975e76c25c5f5b9705905080433d59d711b4725103695a592c84848c2 Red Hat Enterprise Linux for ARM 64 - 4 years of updates 10.2 SRPM go-fdo-server-1.0.1-1.el10_2.src.rpm SHA-256: e10eeedda7e93b4f204bd689c35e9d1d0a5fc09aa7061d9b131162a267859a0a aarch64 go-fdo-server-1.0.1-1.el10_2.aarch64.rpm SHA-256: 4b3cb966b4cdddd5dd09d4cb5fdde051f5c37742badc97f5a5225128926390e2 go-fdo-server-debuginfo-1.0.1-1.el10_2.aarch64.rpm SHA-256: b61c4425e25e9ee5a681d1007e3fa3441324da9658227c6ce0b3669cb1a231b1 go-fdo-server-debugsource-1.0.1-1.el10_2.aarch64.rpm SHA-256: 63f2d45e1c3229c902e3fd2443b285ded12c7bafc9805ab43513facf3531905d go-fdo-server-manufacturer-1.0.1-1.el10_2.noarch.rpm SHA-256: d2edd2646d5d0d5c968d65c389dbc092763a31a542bb23565ffc5914796294d1 go-fdo-server-owner-1.0.1-1.el10_2.noarch.rpm SHA-256: 76f73c2f85879b54b41d7e9a839ce342115b297feb7090398558b38357431e4c go-fdo-server-rendezvous-1.0.1-1.el10_2.noarch.rpm SHA-256: 1b943de975e76c25c5f5b9705905080433d59d711b4725103695a592c84848c2 Red Hat Enterprise Linux for x86_64 - 4 years of updates 10.2 SRPM go-fdo-server-1.0.1-1.el10_2.src.rpm SHA-256: e10eeedda7e93b4f204bd689c35e9d1d0a5fc09aa7061d9b131162a267859a0a x86_64 go-fdo-server-1.0.1-1.el10_2.x86_64.rpm SHA-256: 5103cfde40116ec2b213961dd34c7b6669e28582eeecb28039a6883fc82a6ba5 go-fdo-server-debuginfo-1.0.1-1.el10_2.x86_64.rpm SHA-256: 50a8748fa57d3efc06da940847cd6519decc90e79b80cba8509c493d461625f4 go-fdo-server-debugsource-1.0.1-1.el10_2.x86_64.rpm SHA-256: 99531764cff32f5de2724963f13136e120cc75582632d586c33e5e85b4a663e7 go-fdo-server-manufacturer-1.0.1-1.el10_2.noarch.rpm SHA-256: d2edd2646d5d0d5c968d65c389dbc092763a31a542bb23565ffc5914796294d1 go-fdo-server-owner-1.0.1-1.el10_2.noarch.rpm SHA-256: 76f73c2f85879b54b41d7e9a839ce342115b297feb7090398558b38357431e4c go-fdo-server-rendezvous-1.0.1-1.el10_2.noarch.rpm SHA-256: 1b943de975e76c25c5f5b9705905080433d59d711b4725103695a592c84848c2 Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 10.2 SRPM go-fdo-server-1.0.1-1.el10_2.src.rpm SHA-256: e10eeedda7e93b4f204bd689c35e9d1d0a5fc09aa7061d9b131162a267859a0a x86_64 go-fdo-server-1.0.1-1.el10_2.x86_64.rpm SHA-256: 5103cfde40116ec2b213961dd34c7b6669e28582eeecb28039a6883fc82a6ba5 go-fdo-server-debuginfo-1.0.1-1.el10_2.x86_64.rpm SHA-256: 50a8748fa57d3efc06da940847cd6519decc90e79b80cba8509c493d461625f4 go-fdo-server-debugsource-1.0.1-1.el10_2.x86_64.rpm SHA-256: 99531764cff32f5de2724963f13136e120cc75582632d586c33e5e85b4a663e7 go-fdo-server-manufacturer-1.0.1-1.el10_2.noarch.rpm SHA-256: d2edd2646d5d0d5c968d65c389dbc092763a31a542bb23565ffc5914796294d1 go-fdo-server-owner-1.0.1-1.el10_2.noarch.rpm SHA-256: 76f73c2f85879b54b41d7e9a839ce342115b297feb7090398558b38357431e4c go-fdo-server-rendezvous-1.0.1-1.el10_2.noarch.rpm SHA-256: 1b943de975e76c25c5f5b9705905080433d59d711b4725103695a592c84848c2 Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 10.2 SRPM go-fdo-server-1.0.1-1.el10_2.src.rpm SHA-256: e10eeedda7e93b4f204bd689c35e9d1d0a5fc09aa7061d9b131162a267859a0a aarch64 go-fdo-server-1.0.1-1.el10_2.aarch64.rpm SHA-256: 4b3cb966b4cdddd5dd09d4cb5fdde051f5c37742badc97f5a5225128926390e2 go-fdo-server-debuginfo-1.0.1-1.el10_2.aarch64.rpm SHA-256: b61c4425e25e9ee5a681d1007e3fa3441324da9658227c6ce0b3669cb1a231b1 go-fdo-server-debugsource-1.0.1-1.el10_2.aarch64.rpm SHA-256: 63f2d45e1c3229c902e3fd2443b285ded12c7bafc9805ab43513facf3531905d go-fdo-server-manufacturer-1.0.1-1.el10_2.noarch.rpm SHA-256: d2edd2646d5d0d5c968d65c389dbc092763a31a542bb23565ffc5914796294d1 go-fdo-server-owner-1.0.1-1.el10_2.noarch.rpm SHA-256: 76f73c2f85879b54b41d7e9a839ce342115b297feb7090398558b38357431e4c go-fdo-server-rendezvous-1.0.1-1.el10_2.noarch.rpm SHA-256: 1b943de975e76c25c5f5b9705905080433d59d711b4725103695a592c84848c2 The Red Hat security contact is secalert@redhat.com . More conta

Related Articles

MEDIUM RHSA-2026:17789: Important: Red Hat build of Cryostat 4.2.0: new RHEL 9 container image security update Red Hat Errata HIGH RHSA-2026:19126: Important: yggdrasil security update Red Hat Errata INFO RHSA-2026:11388: Important: xorg-x11-server security update Red Hat Errata INFO RHSA-2026:11692: Important: xorg-x11-server security update Red Hat Errata
Read Full Article → ← Back to News

Share this article

Twitter Facebook LinkedIn