RLSA-2026:19137

Опубликовано: 29 мая 2026

Источник: rocky

Оценка: Important

Описание

Important: go-fdo-server security update

This package provides a server-side implementation of the FIDO Device Onboard (FDO) specification, written in Go. FDO is an open standard for the late binding of device credentials, allowing for automated and secure on-boarding of devices when they are first powered on in their final location.

Security Fix(es):

github.com/jackc/pgx/v5: github.com/jackc/pgx: Memory-safety vulnerability (CVE-2026-33816)
crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages (CVE-2026-32283)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Затронутые продукты

Rocky Linux 10

Наименование	Архитектура	Релиз	RPM
go-fdo-server-rendezvous	noarch	1.el10_2	go-fdo-server-rendezvous-1.0.1-1.el10_2.noarch.rpm
go-fdo-server	x86_64	1.el10_2	go-fdo-server-1.0.1-1.el10_2.x86_64.rpm
go-fdo-server-owner	noarch	1.el10_2	go-fdo-server-owner-1.0.1-1.el10_2.noarch.rpm
go-fdo-server-manufacturer	noarch	1.el10_2	go-fdo-server-manufacturer-1.0.1-1.el10_2.noarch.rpm