[Apollo] Advisories Statistics light light Login

RLSA-2026:22141

Security Mirrored from RHSA-2026:22141
Issued at: 2026-06-05
Updated at: 2026-06-05

Synopsis

Moderate: go-fdo-client and go-fdo-server security update



Description

This package provides a server-side implementation of the FIDO Device Onboard (FDO) specification, written in Go. FDO is an open standard for the late binding of device credentials, allowing for automated and secure on-boarding of devices when they are first powered on in their final location.

Security Fix(es):

* crypto/tls: Unexpected session resumption in crypto/tls (CVE-2025-68121)

* crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation (CVE-2026-32281)

* golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root (CVE-2026-32282)

* crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building (CVE-2026-32280)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.



Affected products

Rocky Linux 10 aarch64 Rocky Linux 10 ppc64le Rocky Linux 10 riscv64 Rocky Linux 10 s390x Rocky Linux 10 x86_64

Fixes

2456336 2456339 2437111 2456333

CVEs

CVE-2025-68121 CVE-2026-32280 CVE-2026-32281 CVE-2026-32282

Affected packages

Rocky Linux 10 aarch64 - AppStream

go-fdo-client-0:1.0.0-4.el10_2.aarch64.rpm go-fdo-server-manufacturer-0:1.0.1-2.el10_2.noarch.rpm go-fdo-server-0:1.0.1-2.el10_2.src.rpm go-fdo-server-0:1.0.1-2.el10_2.aarch64.rpm go-fdo-server-debugsource-0:1.0.1-2.el10_2.aarch64.rpm go-fdo-server-debuginfo-0:1.0.1-2.el10_2.aarch64.rpm go-fdo-client-debuginfo-0:1.0.0-4.el10_2.aarch64.rpm go-fdo-server-rendezvous-0:1.0.1-2.el10_2.noarch.rpm go-fdo-client-0:1.0.0-4.el10_2.src.rpm go-fdo-server-owner-0:1.0.1-2.el10_2.noarch.rpm go-fdo-client-debugsource-0:1.0.0-4.el10_2.aarch64.rpm

Rocky Linux 10 x86_64 - AppStream

go-fdo-server-debuginfo-0:1.0.1-2.el10_2.x86_64.rpm go-fdo-client-debugsource-0:1.0.0-4.el10_2.x86_64.rpm go-fdo-server-manufacturer-0:1.0.1-2.el10_2.noarch.rpm go-fdo-server-0:1.0.1-2.el10_2.src.rpm go-fdo-client-0:1.0.0-4.el10_2.x86_64.rpm go-fdo-server-rendezvous-0:1.0.1-2.el10_2.noarch.rpm go-fdo-server-debugsource-0:1.0.1-2.el10_2.x86_64.rpm go-fdo-client-0:1.0.0-4.el10_2.src.rpm go-fdo-client-debuginfo-0:1.0.0-4.el10_2.x86_64.rpm go-fdo-server-owner-0:1.0.1-2.el10_2.noarch.rpm go-fdo-server-0:1.0.1-2.el10_2.x86_64.rpm

Rocky Linux 10 ppc64le - AppStream

go-fdo-server-0:1.0.1-2.el10_2.src.rpm go-fdo-client-0:1.0.0-4.el10_2.src.rpm

Rocky Linux 10 riscv64 - AppStream

go-fdo-server-0:1.0.1-2.el10_2.src.rpm go-fdo-client-0:1.0.0-4.el10_2.src.rpm

Rocky Linux 10 s390x - AppStream

go-fdo-server-0:1.0.1-2.el10_2.src.rpm go-fdo-client-0:1.0.0-4.el10_2.src.rpm