The crypto/tls package of Go through 1.16.5 does not properly assert that the type of public key in an X.509 certificate matches the expected type when doing a RSA based key exchange, allowing a malicious TLS server to cause a TLS client to panic.

Уязвимость пакета crypto/tls языка программирования Go, позволяющая нарушителю вызвать отказ в обслуживании

Security update for go1.15

Security update for go1.16

Security update for go1.15

Security update for go1.15

Security update for go1.16

Moderate: grafana security, bug fix, and enhancement update

ELSA-2021-4226: grafana security, bug fix, and enhancement update (MODERATE)

ELSA-2022-7954: podman security and bug fix update (MODERATE)

Moderate: container-tools:rhel8 security update

ELSA-2024-2988: container-tools:ol8 security update (MODERATE)