ALSA-2026:19139

See a problem?

Import Source

https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux10/ALSA-2026:19139.json

JSON Data

https://api.osv.dev/v1/vulns/ALSA-2026:19139

Related

CVE-2026-32283

Published

2026-05-19T00:00:00Z

Modified

2026-05-26T16:45:13.226316427Z

Summary

Important: go-fdo-client security update

Details

go-fdo-client is the device-side implementation of FIDO Device Onboard specification in Go. It provides an FDO client that interacts with FDO manufacturer and owner servers to perform device on-boarding.

Security Fix(es):

crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages (CVE-2026-32283)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References

Affected packages

AlmaLinux:10 / go-fdo-client

Package

Name: go-fdo-client
Purl: pkg:rpm/almalinux/go-fdo-client

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.0.0-3.el10_2

Database specific

source

"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux10/ALSA-2026:19139.json"