VYPR

rpm package

almalinux/yggdrasil-devel

pkg:rpm/almalinux/yggdrasil-devel

Vulnerabilities (7)

  • CVE-2026-32283HigApr 8, 2026
    affected < 0.4.8-5.el10_1fixed 0.4.8-5.el10_1

    If one side of the TLS connection sends multiple key update messages post-handshake in a single record, the connection can deadlock, causing uncontrolled consumption of resources. This can lead to a denial of service. This only affects TLS 1.3.

  • CVE-2026-32282MedApr 8, 2026
    affected < 0.4.8-5.el10_1fixed 0.4.8-5.el10_1

    On Linux, if the target of Root.Chmod is replaced with a symlink while the chmod operation is in progress, Chmod can operate on the target of the symlink, even when the target lies outside the root. The Linux fchmodat syscall silently ignores the AT_SYMLINK_NOFOLLOW flag, which R

  • CVE-2026-25679HigMar 6, 2026
    affected < 0.4.8-4.el10_1fixed 0.4.8-4.el10_1

    url.Parse insufficiently validated the host/authority component and accepted some invalid URLs.

  • CVE-2025-68121CriFeb 5, 2026
    affected < 0.4.8-3.el10_1fixed 0.4.8-3.el10_1

    During session resumption in crypto/tls, if the underlying Config has its ClientCAs or RootCAs fields mutated between the initial handshake and the resumed handshake, the resumed handshake may succeed when it should have failed. This may happen when a user calls Config.Clone and

  • CVE-2025-61726Jan 28, 2026
    affected < 0.4.8-3.el10_1fixed 0.4.8-3.el10_1

    The net/url package does not set a limit on the number of query parameters in a query. While the maximum size of query parameters in URLs is generally limited by the maximum request header size, the net/http.Request.ParseForm method can parse large URL-encoded forms. Parsing a la

  • CVE-2025-61729Dec 2, 2025
    affected < 0.4.8-3.el10_1fixed 0.4.8-3.el10_1

    Within HostnameError.Error(), when constructing an error string, there is no limit to the number of hosts that will be printed out. Furthermore, the error string is constructed by repeated string concatenation, leading to quadratic runtime. Therefore, a certificate provided by a

  • CVE-2025-3931HigMay 14, 2025
    affected < 0.4.5-3.el10_0fixed 0.4.5-3.el10_0

    A flaw was found in Yggdrasil, which acts as a system broker, allowing the processes to communicate to other children's "worker" processes through the DBus component. Yggdrasil creates a DBus method to dispatch messages to workers. However, it misses authentication and authorizat