rpm package
almalinux/osbuild-selinux
pkg:rpm/almalinux/osbuild-selinux
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-9355 | Med | 6.5 | < 141-1.el9.alma.1 | 141-1.el9.alma.1 | Oct 1, 2024 | A vulnerability was found in Golang FIPS OpenSSL. This flaw allows a malicious user to randomly cause an uninitialized buffer length variable with a zeroed buffer to be returned in FIPS mode. It may also be possible to force a false positive match between non-equal hashes when co | |
| CVE-2024-34158 | Hig | 7.5 | < 141-1.el9.alma.1 | 141-1.el9.alma.1 | Sep 6, 2024 | Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion. | |
| CVE-2024-1394 | Hig | 7.5 | < 141-1.el9.alma.1 | 141-1.el9.alma.1 | Mar 21, 2024 | A memory leak flaw was found in Golang in the RSA encrypting/decrypting code, which might lead to a resource exhaustion vulnerability using attacker-controlled inputs. The memory leak happens in github.com/golang-fips/openssl/openssl/rsa.go#L113. The objects leaked are pkey and |
- affected < 141-1.el9.alma.1fixed 141-1.el9.alma.1
A vulnerability was found in Golang FIPS OpenSSL. This flaw allows a malicious user to randomly cause an uninitialized buffer length variable with a zeroed buffer to be returned in FIPS mode. It may also be possible to force a false positive match between non-equal hashes when co
- affected < 141-1.el9.alma.1fixed 141-1.el9.alma.1
Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion.
- affected < 141-1.el9.alma.1fixed 141-1.el9.alma.1
A memory leak flaw was found in Golang in the RSA encrypting/decrypting code, which might lead to a resource exhaustion vulnerability using attacker-controlled inputs. The memory leak happens in github.com/golang-fips/openssl/openssl/rsa.go#L113. The objects leaked are pkey and