CVE-2025-47906
published 2025-09-18CVE-2025-47906: If the PATH environment variable contains paths which are executables (rather than just directories), passing certain strings to LookPath ("", ".", and "..")…
PriorityP433medium6.5CVSS 3.1
AVNACLPRNUINSUCLINAL
EPSS
0.49%
38.5th percentile
If the PATH environment variable contains paths which are executables (rather than just directories), passing certain strings to LookPath ("", ".", and ".."), can result in the binaries listed in the PATH being unexpectedly returned.
Affected
11 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | golang-1.15 | < golang-1.24 1.24.7-1 (forky) | golang-1.24 1.24.7-1 (forky) |
| debian | golang-1.19 | < golang-1.24 1.24.7-1 (forky) | golang-1.24 1.24.7-1 (forky) |
| debian | golang-1.24 | < golang-1.24 1.24.7-1 (forky) | golang-1.24 1.24.7-1 (forky) |
| go_standard_library | os_exec | < 1.23.12 | 1.23.12 |
| go_standard_library | os_exec | >= 1.24.0 < 1.24.6 | 1.24.6 |
| golang | go | < 1.23.12 | 1.23.12 |
| golang | go | >= 1.24.0 < 1.24.6 | 1.24.6 |
| msrc | azl3_golang_1.24.5-1_on_azure_linux_3.0 | — | — |
| msrc | cbl2_golang_1.18.8-9_on_cbl_mariner_2.0 | — | — |
| msrc | cbl2_golang_1.22.7-4_on_cbl_mariner_2.0 | — | — |
| msrc | cbl2_golang_1.22.7-5_on_cbl_mariner_2.0 | — | — |
CVSS provenance
nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
osv6.5MEDIUM
vendor_msrc8.8HIGH
vendor_debian6.5MEDIUM
vendor_redhat6.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Unexpected paths returned from LookPath in os/exec
osv·2025-09-18
CVE-2025-47906 Unexpected paths returned from LookPath in os/exec
Unexpected paths returned from LookPath in os/exec
If the PATH environment variable contains paths which are executables (rather than just directories), passing certain strings to LookPath ("", ".", and ".."), can result in the binaries listed in the PATH being unexpectedly returned.
OSV
CVE-2025-47906: If the PATH environment variable contains paths which are executables (rather than just directories), passing certain strings to LookPath ("", "
osv·2025-09-18·CVSS 6.5
CVE-2025-47906 [MEDIUM] CVE-2025-47906: If the PATH environment variable contains paths which are executables (rather than just directories), passing certain strings to LookPath ("", "
If the PATH environment variable contains paths which are executables (rather than just directories), passing certain strings to LookPath ("", ".", and ".."), can result in the binaries listed in the PATH being unexpectedly returned.
GHSA
GHSA-gwrf-jf3h-w649: If the PATH environment variable contains paths which are executables (rather than just directories), passing certain strings to LookPath ("", "
ghsa_unreviewed·2025-09-18
CVE-2025-47906 [MEDIUM] GHSA-gwrf-jf3h-w649: If the PATH environment variable contains paths which are executables (rather than just directories), passing certain strings to LookPath ("", "
If the PATH environment variable contains paths which are executables (rather than just directories), passing certain strings to LookPath ("", ".", and ".."), can result in the binaries listed in the PATH being unexpectedly returned.
Red Hat
os/exec: Unexpected paths returned from LookPath in os/exec
vendor_redhat·2025-09-18·CVSS 6.5
CVE-2025-47906 [MEDIUM] CWE-440 os/exec: Unexpected paths returned from LookPath in os/exec
os/exec: Unexpected paths returned from LookPath in os/exec
If the PATH environment variable contains paths which are executables (rather than just directories), passing certain strings to LookPath ("", ".", and ".."), can result in the binaries listed in the PATH being unexpectedly returned.
A path handling flaw has been discovered in the os/exec go package. If the PATH environment variable contains paths which are executables (rather than just directories), passing certain strings to LookPath ("", ".", and ".."), can result in the binaries listed in the PATH being unexpectedly returned.
Mitigation: Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability t
Microsoft
Unexpected paths returned from LookPath in os/exec
vendor_msrc·2025-09-09·CVSS 8.8
CVE-2025-47906 [MEDIUM] Unexpected paths returned from LookPath in os/exec
Unexpected paths returned from LookPath in os/exec
FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?
One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See this blog post for more information. If impact to additional products is identified, we will update the CVE to reflect this.
Mariner: Mariner
Go: Go
Customer Action Required: Yes
Remediation: CBL-Mariner Releases
Reference: https://learn.microsoft.
Debian
CVE-2025-47906: golang-1.15 - If the PATH environment variable contains paths which are executables (rather th...
vendor_debian·2025·CVSS 6.5
CVE-2025-47906 [MEDIUM] CVE-2025-47906: golang-1.15 - If the PATH environment variable contains paths which are executables (rather th...
If the PATH environment variable contains paths which are executables (rather than just directories), passing certain strings to LookPath ("", ".", and ".."), can result in the binaries listed in the PATH being unexpectedly returned.
Scope: local
bullseye: open
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2025-47906 golang-entgo-ent: Unexpected paths returned from LookPath in os/exec [fedora-42]
bugzilla·2025-09-26·CVSS 6.5
CVE-2025-47906 [MEDIUM] CVE-2025-47906 golang-entgo-ent: Unexpected paths returned from LookPath in os/exec [fedora-42]
CVE-2025-47906 golang-entgo-ent: Unexpected paths returned from LookPath in os/exec [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close
Bugzilla
CVE-2025-47906 golang-mongodb-mongo-driver: Unexpected paths returned from LookPath in os/exec [fedora-42]
bugzilla·2025-09-26·CVSS 6.5
CVE-2025-47906 [MEDIUM] CVE-2025-47906 golang-mongodb-mongo-driver: Unexpected paths returned from LookPath in os/exec [fedora-42]
CVE-2025-47906 golang-mongodb-mongo-driver: Unexpected paths returned from LookPath in os/exec [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's polic
Bugzilla
CVE-2025-47906 golang-github-mailru-easyjson: Unexpected paths returned from LookPath in os/exec [fedora-42]
bugzilla·2025-09-26·CVSS 6.5
CVE-2025-47906 [MEDIUM] CVE-2025-47906 golang-github-mailru-easyjson: Unexpected paths returned from LookPath in os/exec [fedora-42]
CVE-2025-47906 golang-github-mailru-easyjson: Unexpected paths returned from LookPath in os/exec [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's pol
Bugzilla
CVE-2025-47906 git-credential-oauth: Unexpected paths returned from LookPath in os/exec [fedora-42]
bugzilla·2025-09-26·CVSS 6.5
CVE-2025-47906 [MEDIUM] CVE-2025-47906 git-credential-oauth: Unexpected paths returned from LookPath in os/exec [fedora-42]
CVE-2025-47906 git-credential-oauth: Unexpected paths returned from LookPath in os/exec [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to cl
Bugzilla
CVE-2025-47906 golang-github-schollz-cli-2: Unexpected paths returned from LookPath in os/exec [fedora-42]
bugzilla·2025-09-26·CVSS 6.5
CVE-2025-47906 [MEDIUM] CVE-2025-47906 golang-github-schollz-cli-2: Unexpected paths returned from LookPath in os/exec [fedora-42]
CVE-2025-47906 golang-github-schollz-cli-2: Unexpected paths returned from LookPath in os/exec [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's polic
Bugzilla
CVE-2025-47906 netdata: Unexpected paths returned from LookPath in os/exec [fedora-42]
bugzilla·2025-09-26·CVSS 6.5
CVE-2025-47906 [MEDIUM] CVE-2025-47906 netdata: Unexpected paths returned from LookPath in os/exec [fedora-42]
CVE-2025-47906 netdata: Unexpected paths returned from LookPath in os/exec [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all bug r
Bugzilla
CVE-2025-47906 golang-github-gdamore-tcell: Unexpected paths returned from LookPath in os/exec [fedora-42]
bugzilla·2025-09-26·CVSS 6.5
CVE-2025-47906 [MEDIUM] CVE-2025-47906 golang-github-gdamore-tcell: Unexpected paths returned from LookPath in os/exec [fedora-42]
CVE-2025-47906 golang-github-gdamore-tcell: Unexpected paths returned from LookPath in os/exec [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's polic
Bugzilla
CVE-2025-47906 gops: Unexpected paths returned from LookPath in os/exec [fedora-42]
bugzilla·2025-09-26·CVSS 6.5
CVE-2025-47906 [MEDIUM] CVE-2025-47906 gops: Unexpected paths returned from LookPath in os/exec [fedora-42]
CVE-2025-47906 gops: Unexpected paths returned from LookPath in os/exec [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all bug repo
Bugzilla
CVE-2025-47906 deepin-api: Unexpected paths returned from LookPath in os/exec [fedora-42]
bugzilla·2025-09-26·CVSS 6.5
CVE-2025-47906 [MEDIUM] CVE-2025-47906 deepin-api: Unexpected paths returned from LookPath in os/exec [fedora-42]
CVE-2025-47906 deepin-api: Unexpected paths returned from LookPath in os/exec [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all bu
Bugzilla
CVE-2025-47906 golang-github-posener-complete: Unexpected paths returned from LookPath in os/exec [fedora-42]
bugzilla·2025-09-26·CVSS 6.5
CVE-2025-47906 [MEDIUM] CVE-2025-47906 golang-github-posener-complete: Unexpected paths returned from LookPath in os/exec [fedora-42]
CVE-2025-47906 golang-github-posener-complete: Unexpected paths returned from LookPath in os/exec [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's po
Bugzilla
CVE-2025-47906 dnscrypt-proxy: Unexpected paths returned from LookPath in os/exec [fedora-42]
bugzilla·2025-09-26·CVSS 6.5
CVE-2025-47906 [MEDIUM] CVE-2025-47906 dnscrypt-proxy: Unexpected paths returned from LookPath in os/exec [fedora-42]
CVE-2025-47906 dnscrypt-proxy: Unexpected paths returned from LookPath in os/exec [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close al
Bugzilla
CVE-2025-47906 golang-github-moby-buildkit: Unexpected paths returned from LookPath in os/exec [fedora-42]
bugzilla·2025-09-26·CVSS 6.5
CVE-2025-47906 [MEDIUM] CVE-2025-47906 golang-github-moby-buildkit: Unexpected paths returned from LookPath in os/exec [fedora-42]
CVE-2025-47906 golang-github-moby-buildkit: Unexpected paths returned from LookPath in os/exec [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's polic
Bugzilla
CVE-2025-47906 golang-github-apache-beam-2: Unexpected paths returned from LookPath in os/exec [fedora-42]
bugzilla·2025-09-26·CVSS 6.5
CVE-2025-47906 [MEDIUM] CVE-2025-47906 golang-github-apache-beam-2: Unexpected paths returned from LookPath in os/exec [fedora-42]
CVE-2025-47906 golang-github-apache-beam-2: Unexpected paths returned from LookPath in os/exec [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's polic
Bugzilla
CVE-2025-47906 xe-guest-utilities-latest: Unexpected paths returned from LookPath in os/exec [fedora-42]
bugzilla·2025-09-26·CVSS 6.5
CVE-2025-47906 [MEDIUM] CVE-2025-47906 xe-guest-utilities-latest: Unexpected paths returned from LookPath in os/exec [fedora-42]
CVE-2025-47906 xe-guest-utilities-latest: Unexpected paths returned from LookPath in os/exec [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy
Bugzilla
CVE-2025-47906 golang-k8s-sample-controller: Unexpected paths returned from LookPath in os/exec [fedora-42]
bugzilla·2025-09-26·CVSS 6.5
CVE-2025-47906 [MEDIUM] CVE-2025-47906 golang-k8s-sample-controller: Unexpected paths returned from LookPath in os/exec [fedora-42]
CVE-2025-47906 golang-k8s-sample-controller: Unexpected paths returned from LookPath in os/exec [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's poli
Bugzilla
CVE-2025-47906 golang-google-appengine: Unexpected paths returned from LookPath in os/exec [fedora-42]
bugzilla·2025-09-26·CVSS 6.5
CVE-2025-47906 [MEDIUM] CVE-2025-47906 golang-google-appengine: Unexpected paths returned from LookPath in os/exec [fedora-42]
CVE-2025-47906 golang-google-appengine: Unexpected paths returned from LookPath in os/exec [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to
Bugzilla
CVE-2025-47906 golang-github-atotto-clipboard: Unexpected paths returned from LookPath in os/exec [fedora-42]
bugzilla·2025-09-26·CVSS 6.5
CVE-2025-47906 [MEDIUM] CVE-2025-47906 golang-github-atotto-clipboard: Unexpected paths returned from LookPath in os/exec [fedora-42]
CVE-2025-47906 golang-github-atotto-clipboard: Unexpected paths returned from LookPath in os/exec [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's po
Bugzilla
CVE-2025-47906 golang-github-joho-godotenv: Unexpected paths returned from LookPath in os/exec [fedora-42]
bugzilla·2025-09-26·CVSS 6.5
CVE-2025-47906 [MEDIUM] CVE-2025-47906 golang-github-joho-godotenv: Unexpected paths returned from LookPath in os/exec [fedora-42]
CVE-2025-47906 golang-github-joho-godotenv: Unexpected paths returned from LookPath in os/exec [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's polic
Bugzilla
CVE-2025-47906 git-credential-azure: Unexpected paths returned from LookPath in os/exec [fedora-42]
bugzilla·2025-09-26·CVSS 6.5
CVE-2025-47906 [MEDIUM] CVE-2025-47906 git-credential-azure: Unexpected paths returned from LookPath in os/exec [fedora-42]
CVE-2025-47906 git-credential-azure: Unexpected paths returned from LookPath in os/exec [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to cl
Bugzilla
CVE-2025-47906 cri-tools: Unexpected paths returned from LookPath in os/exec [fedora-42]
bugzilla·2025-09-26·CVSS 6.5
CVE-2025-47906 [MEDIUM] CVE-2025-47906 cri-tools: Unexpected paths returned from LookPath in os/exec [fedora-42]
CVE-2025-47906 cri-tools: Unexpected paths returned from LookPath in os/exec [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all bug
Bugzilla
CVE-2025-47906 exercism: Unexpected paths returned from LookPath in os/exec [fedora-42]
bugzilla·2025-09-26·CVSS 6.5
CVE-2025-47906 [MEDIUM] CVE-2025-47906 exercism: Unexpected paths returned from LookPath in os/exec [fedora-42]
CVE-2025-47906 exercism: Unexpected paths returned from LookPath in os/exec [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all bug
Bugzilla
CVE-2025-47906 browserpass: Unexpected paths returned from LookPath in os/exec [fedora-42]
bugzilla·2025-09-26·CVSS 6.5
CVE-2025-47906 [MEDIUM] CVE-2025-47906 browserpass: Unexpected paths returned from LookPath in os/exec [fedora-42]
CVE-2025-47906 browserpass: Unexpected paths returned from LookPath in os/exec [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all b
Bugzilla
CVE-2025-47906 golang-k8s-kube-openapi: Unexpected paths returned from LookPath in os/exec [fedora-42]
bugzilla·2025-09-26·CVSS 6.5
CVE-2025-47906 [MEDIUM] CVE-2025-47906 golang-k8s-kube-openapi: Unexpected paths returned from LookPath in os/exec [fedora-42]
CVE-2025-47906 golang-k8s-kube-openapi: Unexpected paths returned from LookPath in os/exec [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to
Bugzilla
CVE-2025-47906 golang-x-vuln: Unexpected paths returned from LookPath in os/exec [fedora-42]
bugzilla·2025-09-26·CVSS 6.5
CVE-2025-47906 [MEDIUM] CVE-2025-47906 golang-x-vuln: Unexpected paths returned from LookPath in os/exec [fedora-42]
CVE-2025-47906 golang-x-vuln: Unexpected paths returned from LookPath in os/exec [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all
Bugzilla
CVE-2025-47906 aerc: Unexpected paths returned from LookPath in os/exec [fedora-42]
bugzilla·2025-09-26·CVSS 6.5
CVE-2025-47906 [MEDIUM] CVE-2025-47906 aerc: Unexpected paths returned from LookPath in os/exec [fedora-42]
CVE-2025-47906 aerc: Unexpected paths returned from LookPath in os/exec [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all bug repo
Bugzilla
CVE-2025-47906 golang-github-containerd-fuse-overlayfs-snapshotter: Unexpected paths returned from LookPath in os/exec [fedora-42]
bugzilla·2025-09-26·CVSS 6.5
CVE-2025-47906 [MEDIUM] CVE-2025-47906 golang-github-containerd-fuse-overlayfs-snapshotter: Unexpected paths returned from LookPath in os/exec [fedora-42]
CVE-2025-47906 golang-github-containerd-fuse-overlayfs-snapshotter: Unexpected paths returned from LookPath in os/exec [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-
Bugzilla
CVE-2025-47906 vhs: Unexpected paths returned from LookPath in os/exec [fedora-42]
bugzilla·2025-09-26·CVSS 6.5
CVE-2025-47906 [MEDIUM] CVE-2025-47906 vhs: Unexpected paths returned from LookPath in os/exec [fedora-42]
CVE-2025-47906 vhs: Unexpected paths returned from LookPath in os/exec [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
https://pkg.go.dev/vuln/GO-2025-3956
This CVE affects golang apps built with golang "before go1.23.12, from go1.24.0 before go1.24.6". Here is the status across all current Fedora versions.
* vhs-0.11.0
Bugzilla
CVE-2025-47906 clash-meta: Unexpected paths returned from LookPath in os/exec [fedora-42]
bugzilla·2025-09-26·CVSS 6.5
CVE-2025-47906 [MEDIUM] CVE-2025-47906 clash-meta: Unexpected paths returned from LookPath in os/exec [fedora-42]
CVE-2025-47906 clash-meta: Unexpected paths returned from LookPath in os/exec [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all bu
Bugzilla
CVE-2025-47906 yggdrasil-worker-package-manager: Unexpected paths returned from LookPath in os/exec [fedora-42]
bugzilla·2025-09-26·CVSS 6.5
CVE-2025-47906 [MEDIUM] CVE-2025-47906 yggdrasil-worker-package-manager: Unexpected paths returned from LookPath in os/exec [fedora-42]
CVE-2025-47906 yggdrasil-worker-package-manager: Unexpected paths returned from LookPath in os/exec [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's
Bugzilla
CVE-2025-47906 golang-github-cucumber-godog: Unexpected paths returned from LookPath in os/exec [fedora-42]
bugzilla·2025-09-26·CVSS 6.5
CVE-2025-47906 [MEDIUM] CVE-2025-47906 golang-github-cucumber-godog: Unexpected paths returned from LookPath in os/exec [fedora-42]
CVE-2025-47906 golang-github-cucumber-godog: Unexpected paths returned from LookPath in os/exec [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's poli
Bugzilla
CVE-2025-47906 snapd: Unexpected paths returned from LookPath in os/exec [fedora-42]
bugzilla·2025-09-26·CVSS 6.5
CVE-2025-47906 [MEDIUM] CVE-2025-47906 snapd: Unexpected paths returned from LookPath in os/exec [fedora-42]
CVE-2025-47906 snapd: Unexpected paths returned from LookPath in os/exec [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all bug rep
Bugzilla
CVE-2025-47906 kappanhang: Unexpected paths returned from LookPath in os/exec [fedora-42]
bugzilla·2025-09-26·CVSS 6.5
CVE-2025-47906 [MEDIUM] CVE-2025-47906 kappanhang: Unexpected paths returned from LookPath in os/exec [fedora-42]
CVE-2025-47906 kappanhang: Unexpected paths returned from LookPath in os/exec [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all bu
Bugzilla
CVE-2025-47906 golang-github-bobesa-domain-util: Unexpected paths returned from LookPath in os/exec [fedora-42]
bugzilla·2025-09-26·CVSS 6.5
CVE-2025-47906 [MEDIUM] CVE-2025-47906 golang-github-bobesa-domain-util: Unexpected paths returned from LookPath in os/exec [fedora-42]
CVE-2025-47906 golang-github-bobesa-domain-util: Unexpected paths returned from LookPath in os/exec [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's
Bugzilla
CVE-2025-47906 cri-tools1.31: Unexpected paths returned from LookPath in os/exec [fedora-42]
bugzilla·2025-09-26·CVSS 6.5
CVE-2025-47906 [MEDIUM] CVE-2025-47906 cri-tools1.31: Unexpected paths returned from LookPath in os/exec [fedora-42]
CVE-2025-47906 cri-tools1.31: Unexpected paths returned from LookPath in os/exec [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all
Bugzilla
CVE-2025-47906 opentofu: Unexpected paths returned from LookPath in os/exec [fedora-42]
bugzilla·2025-09-26·CVSS 6.5
CVE-2025-47906 [MEDIUM] CVE-2025-47906 opentofu: Unexpected paths returned from LookPath in os/exec [fedora-42]
CVE-2025-47906 opentofu: Unexpected paths returned from LookPath in os/exec [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all bug
Bugzilla
CVE-2025-47906 cri-tools1.34: Unexpected paths returned from LookPath in os/exec [fedora-42]
bugzilla·2025-09-26·CVSS 6.5
CVE-2025-47906 [MEDIUM] CVE-2025-47906 cri-tools1.34: Unexpected paths returned from LookPath in os/exec [fedora-42]
CVE-2025-47906 cri-tools1.34: Unexpected paths returned from LookPath in os/exec [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all
Bugzilla
CVE-2025-47906 powerline-go: Unexpected paths returned from LookPath in os/exec [fedora-42]
bugzilla·2025-09-26·CVSS 6.5
CVE-2025-47906 [MEDIUM] CVE-2025-47906 powerline-go: Unexpected paths returned from LookPath in os/exec [fedora-42]
CVE-2025-47906 powerline-go: Unexpected paths returned from LookPath in os/exec [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all
Bugzilla
CVE-2025-47906 nwg-drawer: Unexpected paths returned from LookPath in os/exec [fedora-42]
bugzilla·2025-09-26·CVSS 6.5
CVE-2025-47906 [MEDIUM] CVE-2025-47906 nwg-drawer: Unexpected paths returned from LookPath in os/exec [fedora-42]
CVE-2025-47906 nwg-drawer: Unexpected paths returned from LookPath in os/exec [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all bu
Bugzilla
CVE-2025-47906 syncthing: Unexpected paths returned from LookPath in os/exec [fedora-42]
bugzilla·2025-09-26·CVSS 6.5
CVE-2025-47906 [MEDIUM] CVE-2025-47906 syncthing: Unexpected paths returned from LookPath in os/exec [fedora-42]
CVE-2025-47906 syncthing: Unexpected paths returned from LookPath in os/exec [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all bug
Bugzilla
CVE-2025-47906 golang-github-gogo-protobuf: Unexpected paths returned from LookPath in os/exec [fedora-42]
bugzilla·2025-09-26·CVSS 6.5
CVE-2025-47906 [MEDIUM] CVE-2025-47906 golang-github-gogo-protobuf: Unexpected paths returned from LookPath in os/exec [fedora-42]
CVE-2025-47906 golang-github-gogo-protobuf: Unexpected paths returned from LookPath in os/exec [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's polic
Bugzilla
CVE-2025-47906 golang-github-rogpeppe-internal: Unexpected paths returned from LookPath in os/exec [fedora-42]
bugzilla·2025-09-26·CVSS 6.5
CVE-2025-47906 [MEDIUM] CVE-2025-47906 golang-github-rogpeppe-internal: Unexpected paths returned from LookPath in os/exec [fedora-42]
CVE-2025-47906 golang-github-rogpeppe-internal: Unexpected paths returned from LookPath in os/exec [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's p
Bugzilla
CVE-2025-47906 golang-github-leonelquinteros-gotext: Unexpected paths returned from LookPath in os/exec [fedora-42]
bugzilla·2025-09-26·CVSS 6.5
CVE-2025-47906 [MEDIUM] CVE-2025-47906 golang-github-leonelquinteros-gotext: Unexpected paths returned from LookPath in os/exec [fedora-42]
CVE-2025-47906 golang-github-leonelquinteros-gotext: Unexpected paths returned from LookPath in os/exec [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedor
Bugzilla
CVE-2025-47906 chisel: Unexpected paths returned from LookPath in os/exec [fedora-42]
bugzilla·2025-09-26·CVSS 6.5
CVE-2025-47906 [MEDIUM] CVE-2025-47906 chisel: Unexpected paths returned from LookPath in os/exec [fedora-42]
CVE-2025-47906 chisel: Unexpected paths returned from LookPath in os/exec [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all bug re
Bugzilla
CVE-2025-47906 golang-uber-mock: Unexpected paths returned from LookPath in os/exec [fedora-42]
bugzilla·2025-09-26·CVSS 6.5
CVE-2025-47906 [MEDIUM] CVE-2025-47906 golang-uber-mock: Unexpected paths returned from LookPath in os/exec [fedora-42]
CVE-2025-47906 golang-uber-mock: Unexpected paths returned from LookPath in os/exec [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close
Bugzilla
CVE-2025-47906 suseconnect-ng: Unexpected paths returned from LookPath in os/exec [fedora-42]
bugzilla·2025-09-26·CVSS 6.5
CVE-2025-47906 [MEDIUM] CVE-2025-47906 suseconnect-ng: Unexpected paths returned from LookPath in os/exec [fedora-42]
CVE-2025-47906 suseconnect-ng: Unexpected paths returned from LookPath in os/exec [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close al
Bugzilla
CVE-2025-47906 ollama: Unexpected paths returned from LookPath in os/exec [fedora-42]
bugzilla·2025-09-26·CVSS 6.5
CVE-2025-47906 [MEDIUM] CVE-2025-47906 ollama: Unexpected paths returned from LookPath in os/exec [fedora-42]
CVE-2025-47906 ollama: Unexpected paths returned from LookPath in os/exec [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all bug re
Bugzilla
CVE-2025-47906 golang-k8s-sample-apiserver: Unexpected paths returned from LookPath in os/exec [fedora-42]
bugzilla·2025-09-26·CVSS 6.5
CVE-2025-47906 [MEDIUM] CVE-2025-47906 golang-k8s-sample-apiserver: Unexpected paths returned from LookPath in os/exec [fedora-42]
CVE-2025-47906 golang-k8s-sample-apiserver: Unexpected paths returned from LookPath in os/exec [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's polic
Bugzilla
CVE-2025-47906 golang-github-hashicorp-hc-install: Unexpected paths returned from LookPath in os/exec [fedora-42]
bugzilla·2025-09-26·CVSS 6.5
CVE-2025-47906 [MEDIUM] CVE-2025-47906 golang-github-hashicorp-hc-install: Unexpected paths returned from LookPath in os/exec [fedora-42]
CVE-2025-47906 golang-github-hashicorp-hc-install: Unexpected paths returned from LookPath in os/exec [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora'
Bugzilla
CVE-2025-47906 golang-github-d5-tengo-2: Unexpected paths returned from LookPath in os/exec [fedora-42]
bugzilla·2025-09-26·CVSS 6.5
CVE-2025-47906 [MEDIUM] CVE-2025-47906 golang-github-d5-tengo-2: Unexpected paths returned from LookPath in os/exec [fedora-42]
CVE-2025-47906 golang-github-d5-tengo-2: Unexpected paths returned from LookPath in os/exec [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy t
Bugzilla
CVE-2025-47906 golang-github-katalix-l2tp: Unexpected paths returned from LookPath in os/exec [fedora-42]
bugzilla·2025-09-26·CVSS 6.5
CVE-2025-47906 [MEDIUM] CVE-2025-47906 golang-github-katalix-l2tp: Unexpected paths returned from LookPath in os/exec [fedora-42]
CVE-2025-47906 golang-github-katalix-l2tp: Unexpected paths returned from LookPath in os/exec [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
It's not clear to me whether this CVE is due to golang-github-katalix-l2tp's use of an older Go which is subject to the upstream Golang vulnerability? In that case would updating th
Bugzilla
CVE-2025-47906 apache-cloudstack-cloudmonkey: Unexpected paths returned from LookPath in os/exec [fedora-42]
bugzilla·2025-09-26·CVSS 6.5
CVE-2025-47906 [MEDIUM] CVE-2025-47906 apache-cloudstack-cloudmonkey: Unexpected paths returned from LookPath in os/exec [fedora-42]
CVE-2025-47906 apache-cloudstack-cloudmonkey: Unexpected paths returned from LookPath in os/exec [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's pol
Bugzilla
CVE-2025-47906 golang-github-google-pprof: Unexpected paths returned from LookPath in os/exec [fedora-42]
bugzilla·2025-09-26·CVSS 6.5
CVE-2025-47906 [MEDIUM] CVE-2025-47906 golang-github-google-pprof: Unexpected paths returned from LookPath in os/exec [fedora-42]
CVE-2025-47906 golang-github-google-pprof: Unexpected paths returned from LookPath in os/exec [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy
Bugzilla
CVE-2025-47906 golang-github-opencontainers-runtime-tools: Unexpected paths returned from LookPath in os/exec [fedora-42]
bugzilla·2025-09-26·CVSS 6.5
CVE-2025-47906 [MEDIUM] CVE-2025-47906 golang-github-opencontainers-runtime-tools: Unexpected paths returned from LookPath in os/exec [fedora-42]
CVE-2025-47906 golang-github-opencontainers-runtime-tools: Unexpected paths returned from LookPath in os/exec [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is
Bugzilla
CVE-2025-47906 godotenv: Unexpected paths returned from LookPath in os/exec [fedora-42]
bugzilla·2025-09-26·CVSS 6.5
CVE-2025-47906 [MEDIUM] CVE-2025-47906 godotenv: Unexpected paths returned from LookPath in os/exec [fedora-42]
CVE-2025-47906 godotenv: Unexpected paths returned from LookPath in os/exec [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all bug
Bugzilla
CVE-2025-47906 yq: Unexpected paths returned from LookPath in os/exec [fedora-42]
bugzilla·2025-09-26·CVSS 6.5
CVE-2025-47906 [MEDIUM] CVE-2025-47906 yq: Unexpected paths returned from LookPath in os/exec [fedora-42]
CVE-2025-47906 yq: Unexpected paths returned from LookPath in os/exec [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all bug report
Bugzilla
CVE-2025-47906 golang-github-uber-athenadriver: Unexpected paths returned from LookPath in os/exec [fedora-42]
bugzilla·2025-09-26·CVSS 6.5
CVE-2025-47906 [MEDIUM] CVE-2025-47906 golang-github-uber-athenadriver: Unexpected paths returned from LookPath in os/exec [fedora-42]
CVE-2025-47906 golang-github-uber-athenadriver: Unexpected paths returned from LookPath in os/exec [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's p
Bugzilla
CVE-2025-47906 glow: Unexpected paths returned from LookPath in os/exec [fedora-42]
bugzilla·2025-09-26·CVSS 6.5
CVE-2025-47906 [MEDIUM] CVE-2025-47906 glow: Unexpected paths returned from LookPath in os/exec [fedora-42]
CVE-2025-47906 glow: Unexpected paths returned from LookPath in os/exec [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
FEDORA-2026-9d0e7df23a (glow-2.1.2-1.fc42) has been submitted as an update to Fedora 42.
https://bodhi.fedoraproject.org/updates/FEDORA-2026-9d0e7df23a
Bugzilla
CVE-2025-47906 golang-github-task: Unexpected paths returned from LookPath in os/exec [fedora-42]
bugzilla·2025-09-26·CVSS 6.5
CVE-2025-47906 [MEDIUM] CVE-2025-47906 golang-github-task: Unexpected paths returned from LookPath in os/exec [fedora-42]
CVE-2025-47906 golang-github-task: Unexpected paths returned from LookPath in os/exec [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to clos
Bugzilla
CVE-2025-47906 gitjacker: Unexpected paths returned from LookPath in os/exec [fedora-42]
bugzilla·2025-09-26·CVSS 6.5
CVE-2025-47906 [MEDIUM] CVE-2025-47906 gitjacker: Unexpected paths returned from LookPath in os/exec [fedora-42]
CVE-2025-47906 gitjacker: Unexpected paths returned from LookPath in os/exec [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all bug
Bugzilla
CVE-2025-47906 kubernetes1.30: Unexpected paths returned from LookPath in os/exec [fedora-42]
bugzilla·2025-09-26·CVSS 6.5
CVE-2025-47906 [MEDIUM] CVE-2025-47906 kubernetes1.30: Unexpected paths returned from LookPath in os/exec [fedora-42]
CVE-2025-47906 kubernetes1.30: Unexpected paths returned from LookPath in os/exec [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close al
Bugzilla
CVE-2025-47906 golang-github-deepmap-oapi-codegen: Unexpected paths returned from LookPath in os/exec [fedora-42]
bugzilla·2025-09-26·CVSS 6.5
CVE-2025-47906 [MEDIUM] CVE-2025-47906 golang-github-deepmap-oapi-codegen: Unexpected paths returned from LookPath in os/exec [fedora-42]
CVE-2025-47906 golang-github-deepmap-oapi-codegen: Unexpected paths returned from LookPath in os/exec [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora'
Bugzilla
CVE-2025-47906 golang-github-pgaskin-koboutils: Unexpected paths returned from LookPath in os/exec [fedora-42]
bugzilla·2025-09-26·CVSS 6.5
CVE-2025-47906 [MEDIUM] CVE-2025-47906 golang-github-pgaskin-koboutils: Unexpected paths returned from LookPath in os/exec [fedora-42]
CVE-2025-47906 golang-github-pgaskin-koboutils: Unexpected paths returned from LookPath in os/exec [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's p
Bugzilla
CVE-2025-47906 golang-github-gobuffalo-here: Unexpected paths returned from LookPath in os/exec [fedora-42]
bugzilla·2025-09-26·CVSS 6.5
CVE-2025-47906 [MEDIUM] CVE-2025-47906 golang-github-gobuffalo-here: Unexpected paths returned from LookPath in os/exec [fedora-42]
CVE-2025-47906 golang-github-gobuffalo-here: Unexpected paths returned from LookPath in os/exec [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's poli
Bugzilla
CVE-2025-47906 golang-github-burntsushi-toml: Unexpected paths returned from LookPath in os/exec [fedora-42]
bugzilla·2025-09-26·CVSS 6.5
CVE-2025-47906 [MEDIUM] CVE-2025-47906 golang-github-burntsushi-toml: Unexpected paths returned from LookPath in os/exec [fedora-42]
CVE-2025-47906 golang-github-burntsushi-toml: Unexpected paths returned from LookPath in os/exec [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's pol
Bugzilla
CVE-2025-47906 golang-github-hashicorp-serf: Unexpected paths returned from LookPath in os/exec [fedora-42]
bugzilla·2025-09-26·CVSS 6.5
CVE-2025-47906 [MEDIUM] CVE-2025-47906 golang-github-hashicorp-serf: Unexpected paths returned from LookPath in os/exec [fedora-42]
CVE-2025-47906 golang-github-hashicorp-serf: Unexpected paths returned from LookPath in os/exec [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's poli
Bugzilla
CVE-2025-47906 golang-github-cilium-ebpf: Unexpected paths returned from LookPath in os/exec [fedora-42]
bugzilla·2025-09-26·CVSS 6.5
CVE-2025-47906 [MEDIUM] CVE-2025-47906 golang-github-cilium-ebpf: Unexpected paths returned from LookPath in os/exec [fedora-42]
CVE-2025-47906 golang-github-cilium-ebpf: Unexpected paths returned from LookPath in os/exec [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy
Bugzilla
CVE-2025-47906 gvisor-tap-vsock: Unexpected paths returned from LookPath in os/exec [fedora-42]
bugzilla·2025-09-26·CVSS 6.5
CVE-2025-47906 [MEDIUM] CVE-2025-47906 gvisor-tap-vsock: Unexpected paths returned from LookPath in os/exec [fedora-42]
CVE-2025-47906 gvisor-tap-vsock: Unexpected paths returned from LookPath in os/exec [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
https://groups.google.com/g/golang-announce/c/x5MKroML2yM
This is fixed in go 1.24.6 and 1.23.12 (and I assume 1.25.0?)
Should be enough to rebuild the gvisor-tap-vsock package if the fixed v
Bugzilla
CVE-2025-47906 asnmap: Unexpected paths returned from LookPath in os/exec [fedora-42]
bugzilla·2025-09-26·CVSS 6.5
CVE-2025-47906 [MEDIUM] CVE-2025-47906 asnmap: Unexpected paths returned from LookPath in os/exec [fedora-42]
CVE-2025-47906 asnmap: Unexpected paths returned from LookPath in os/exec [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all bug re
Bugzilla
CVE-2025-47906 cri-tools1.30: Unexpected paths returned from LookPath in os/exec [fedora-42]
bugzilla·2025-09-26·CVSS 6.5
CVE-2025-47906 [MEDIUM] CVE-2025-47906 cri-tools1.30: Unexpected paths returned from LookPath in os/exec [fedora-42]
CVE-2025-47906 cri-tools1.30: Unexpected paths returned from LookPath in os/exec [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all
Bugzilla
CVE-2025-47906 reposurgeon: Unexpected paths returned from LookPath in os/exec [fedora-42]
bugzilla·2025-09-26·CVSS 6.5
CVE-2025-47906 [MEDIUM] CVE-2025-47906 reposurgeon: Unexpected paths returned from LookPath in os/exec [fedora-42]
CVE-2025-47906 reposurgeon: Unexpected paths returned from LookPath in os/exec [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all b
Bugzilla
CVE-2025-47906 golang-github-haproxytech-client-native: Unexpected paths returned from LookPath in os/exec [fedora-42]
bugzilla·2025-09-26·CVSS 6.5
CVE-2025-47906 [MEDIUM] CVE-2025-47906 golang-github-haproxytech-client-native: Unexpected paths returned from LookPath in os/exec [fedora-42]
CVE-2025-47906 golang-github-haproxytech-client-native: Unexpected paths returned from LookPath in os/exec [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fe
Bugzilla
CVE-2025-47906 nats-server: Unexpected paths returned from LookPath in os/exec [fedora-42]
bugzilla·2025-09-26·CVSS 6.5
CVE-2025-47906 [MEDIUM] CVE-2025-47906 nats-server: Unexpected paths returned from LookPath in os/exec [fedora-42]
CVE-2025-47906 nats-server: Unexpected paths returned from LookPath in os/exec [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all b
Bugzilla
CVE-2025-47906 gocryptfs: Unexpected paths returned from LookPath in os/exec [fedora-42]
bugzilla·2025-09-26·CVSS 6.5
CVE-2025-47906 [MEDIUM] CVE-2025-47906 gocryptfs: Unexpected paths returned from LookPath in os/exec [fedora-42]
CVE-2025-47906 gocryptfs: Unexpected paths returned from LookPath in os/exec [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all bug
Bugzilla
CVE-2025-47906 dnsx: Unexpected paths returned from LookPath in os/exec [fedora-42]
bugzilla·2025-09-26·CVSS 6.5
CVE-2025-47906 [MEDIUM] CVE-2025-47906 dnsx: Unexpected paths returned from LookPath in os/exec [fedora-42]
CVE-2025-47906 dnsx: Unexpected paths returned from LookPath in os/exec [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all bug repo
Bugzilla
CVE-2025-47906 golang-x-tools: Unexpected paths returned from LookPath in os/exec [fedora-42]
bugzilla·2025-09-26·CVSS 6.5
CVE-2025-47906 [MEDIUM] CVE-2025-47906 golang-x-tools: Unexpected paths returned from LookPath in os/exec [fedora-42]
CVE-2025-47906 golang-x-tools: Unexpected paths returned from LookPath in os/exec [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close al
Bugzilla
CVE-2025-47906 golang-ariga-atlas: Unexpected paths returned from LookPath in os/exec [fedora-42]
bugzilla·2025-09-26·CVSS 6.5
CVE-2025-47906 [MEDIUM] CVE-2025-47906 golang-ariga-atlas: Unexpected paths returned from LookPath in os/exec [fedora-42]
CVE-2025-47906 golang-ariga-atlas: Unexpected paths returned from LookPath in os/exec [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to clos
Bugzilla
CVE-2025-47906 cri-o: Unexpected paths returned from LookPath in os/exec [fedora-42]
bugzilla·2025-09-26·CVSS 6.5
CVE-2025-47906 [MEDIUM] CVE-2025-47906 cri-o: Unexpected paths returned from LookPath in os/exec [fedora-42]
CVE-2025-47906 cri-o: Unexpected paths returned from LookPath in os/exec [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all bug rep
Bugzilla
CVE-2025-47906 golang-github-containerd-continuity: Unexpected paths returned from LookPath in os/exec [fedora-42]
bugzilla·2025-09-26·CVSS 6.5
CVE-2025-47906 [MEDIUM] CVE-2025-47906 golang-github-containerd-continuity: Unexpected paths returned from LookPath in os/exec [fedora-42]
CVE-2025-47906 golang-github-containerd-continuity: Unexpected paths returned from LookPath in os/exec [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora
Bugzilla
CVE-2025-47906 host-spawn: Unexpected paths returned from LookPath in os/exec [fedora-42]
bugzilla·2025-09-26·CVSS 6.5
CVE-2025-47906 [MEDIUM] CVE-2025-47906 host-spawn: Unexpected paths returned from LookPath in os/exec [fedora-42]
CVE-2025-47906 host-spawn: Unexpected paths returned from LookPath in os/exec [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all bu
Bugzilla
CVE-2025-47906 golang-github-awslabs-aws-multi-module-repository-tools: Unexpected paths returned from LookPath in os/exec [fedora-42]
bugzilla·2025-09-26·CVSS 6.5
CVE-2025-47906 [MEDIUM] CVE-2025-47906 golang-github-awslabs-aws-multi-module-repository-tools: Unexpected paths returned from LookPath in os/exec [fedora-42]
CVE-2025-47906 golang-github-awslabs-aws-multi-module-repository-tools: Unexpected paths returned from LookPath in os/exec [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026
Bugzilla
CVE-2025-47906 cri-o1.29: Unexpected paths returned from LookPath in os/exec [fedora-42]
bugzilla·2025-09-26·CVSS 6.5
CVE-2025-47906 [MEDIUM] CVE-2025-47906 cri-o1.29: Unexpected paths returned from LookPath in os/exec [fedora-42]
CVE-2025-47906 cri-o1.29: Unexpected paths returned from LookPath in os/exec [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all bug
Bugzilla
CVE-2025-47906 forgejo: Unexpected paths returned from LookPath in os/exec [fedora-42]
bugzilla·2025-09-26·CVSS 6.5
CVE-2025-47906 [MEDIUM] CVE-2025-47906 forgejo: Unexpected paths returned from LookPath in os/exec [fedora-42]
CVE-2025-47906 forgejo: Unexpected paths returned from LookPath in os/exec [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all bug r
Bugzilla
CVE-2025-47906 docker-compose-switch: Unexpected paths returned from LookPath in os/exec [fedora-42]
bugzilla·2025-09-26·CVSS 6.5
CVE-2025-47906 [MEDIUM] CVE-2025-47906 docker-compose-switch: Unexpected paths returned from LookPath in os/exec [fedora-42]
CVE-2025-47906 docker-compose-switch: Unexpected paths returned from LookPath in os/exec [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to c
Bugzilla
CVE-2025-47906 golang-x-lint: Unexpected paths returned from LookPath in os/exec [fedora-42]
bugzilla·2025-09-26·CVSS 6.5
CVE-2025-47906 [MEDIUM] CVE-2025-47906 golang-x-lint: Unexpected paths returned from LookPath in os/exec [fedora-42]
CVE-2025-47906 golang-x-lint: Unexpected paths returned from LookPath in os/exec [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all
Bugzilla
CVE-2025-47906 golang-github-yuin-gopher-lua: Unexpected paths returned from LookPath in os/exec [fedora-42]
bugzilla·2025-09-26·CVSS 6.5
CVE-2025-47906 [MEDIUM] CVE-2025-47906 golang-github-yuin-gopher-lua: Unexpected paths returned from LookPath in os/exec [fedora-42]
CVE-2025-47906 golang-github-yuin-gopher-lua: Unexpected paths returned from LookPath in os/exec [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's pol
Bugzilla
CVE-2025-47906 golang-github-tdewolff-minify: Unexpected paths returned from LookPath in os/exec [fedora-42]
bugzilla·2025-09-26·CVSS 6.5
CVE-2025-47906 [MEDIUM] CVE-2025-47906 golang-github-tdewolff-minify: Unexpected paths returned from LookPath in os/exec [fedora-42]
CVE-2025-47906 golang-github-tdewolff-minify: Unexpected paths returned from LookPath in os/exec [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's pol
Bugzilla
CVE-2025-47906 golang-github-ulikunitz-xz: Unexpected paths returned from LookPath in os/exec [fedora-42]
bugzilla·2025-09-26·CVSS 6.5
CVE-2025-47906 [MEDIUM] CVE-2025-47906 golang-github-ulikunitz-xz: Unexpected paths returned from LookPath in os/exec [fedora-42]
CVE-2025-47906 golang-github-ulikunitz-xz: Unexpected paths returned from LookPath in os/exec [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy
Bugzilla
CVE-2025-47906 golang-oras: Unexpected paths returned from LookPath in os/exec [fedora-42]
bugzilla·2025-09-26·CVSS 6.5
CVE-2025-47906 [MEDIUM] CVE-2025-47906 golang-oras: Unexpected paths returned from LookPath in os/exec [fedora-42]
CVE-2025-47906 golang-oras: Unexpected paths returned from LookPath in os/exec [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all b
Bugzilla
CVE-2025-47906 grafana: Unexpected paths returned from LookPath in os/exec [fedora-42]
bugzilla·2025-09-26·CVSS 6.5
CVE-2025-47906 [MEDIUM] CVE-2025-47906 grafana: Unexpected paths returned from LookPath in os/exec [fedora-42]
CVE-2025-47906 grafana: Unexpected paths returned from LookPath in os/exec [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all bug r
Bugzilla
CVE-2025-47906 clipman: Unexpected paths returned from LookPath in os/exec [fedora-42]
bugzilla·2025-09-26·CVSS 6.5
CVE-2025-47906 [MEDIUM] CVE-2025-47906 clipman: Unexpected paths returned from LookPath in os/exec [fedora-42]
CVE-2025-47906 clipman: Unexpected paths returned from LookPath in os/exec [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all bug r
Bugzilla
CVE-2025-47906 shellz: Unexpected paths returned from LookPath in os/exec [fedora-42]
bugzilla·2025-09-26·CVSS 6.5
CVE-2025-47906 [MEDIUM] CVE-2025-47906 shellz: Unexpected paths returned from LookPath in os/exec [fedora-42]
CVE-2025-47906 shellz: Unexpected paths returned from LookPath in os/exec [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all bug re
Bugzilla
CVE-2025-47906 helm: Unexpected paths returned from LookPath in os/exec [fedora-42]
bugzilla·2025-09-26·CVSS 6.5
CVE-2025-47906 [MEDIUM] CVE-2025-47906 helm: Unexpected paths returned from LookPath in os/exec [fedora-42]
CVE-2025-47906 helm: Unexpected paths returned from LookPath in os/exec [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all bug repo
Bugzilla
CVE-2025-47906 qpid-proton: Unexpected paths returned from LookPath in os/exec [fedora-42]
bugzilla·2025-09-26·CVSS 6.5
CVE-2025-47906 [MEDIUM] CVE-2025-47906 qpid-proton: Unexpected paths returned from LookPath in os/exec [fedora-42]
CVE-2025-47906 qpid-proton: Unexpected paths returned from LookPath in os/exec [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all b
Bugzilla
CVE-2025-47906 golang-github-acme-lego: Unexpected paths returned from LookPath in os/exec [fedora-42]
bugzilla·2025-09-26·CVSS 6.5
CVE-2025-47906 [MEDIUM] CVE-2025-47906 golang-github-acme-lego: Unexpected paths returned from LookPath in os/exec [fedora-42]
CVE-2025-47906 golang-github-acme-lego: Unexpected paths returned from LookPath in os/exec [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to
Bugzilla
CVE-2025-47906 golang-github-rootless-containers-rootlesskit: Unexpected paths returned from LookPath in os/exec [fedora-42]
bugzilla·2025-09-26·CVSS 6.5
CVE-2025-47906 [MEDIUM] CVE-2025-47906 golang-github-rootless-containers-rootlesskit: Unexpected paths returned from LookPath in os/exec [fedora-42]
CVE-2025-47906 golang-github-rootless-containers-rootlesskit: Unexpected paths returned from LookPath in os/exec [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It
Bugzilla
CVE-2025-47906 golang-x-exp: Unexpected paths returned from LookPath in os/exec [fedora-42]
bugzilla·2025-09-26·CVSS 6.5
CVE-2025-47906 [MEDIUM] CVE-2025-47906 golang-x-exp: Unexpected paths returned from LookPath in os/exec [fedora-42]
CVE-2025-47906 golang-x-exp: Unexpected paths returned from LookPath in os/exec [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all
Bugzilla
CVE-2025-47906 golang-sr-nelsam-hel: Unexpected paths returned from LookPath in os/exec [fedora-42]
bugzilla·2025-09-26·CVSS 6.5
CVE-2025-47906 [MEDIUM] CVE-2025-47906 golang-sr-nelsam-hel: Unexpected paths returned from LookPath in os/exec [fedora-42]
CVE-2025-47906 golang-sr-nelsam-hel: Unexpected paths returned from LookPath in os/exec [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to cl
Bugzilla
CVE-2025-47906 stargz-snapshotter: Unexpected paths returned from LookPath in os/exec [fedora-42]
bugzilla·2025-09-26·CVSS 6.5
CVE-2025-47906 [MEDIUM] CVE-2025-47906 stargz-snapshotter: Unexpected paths returned from LookPath in os/exec [fedora-42]
CVE-2025-47906 stargz-snapshotter: Unexpected paths returned from LookPath in os/exec [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to clos
Bugzilla
CVE-2025-47906 golang-github-geertjohan-rice: Unexpected paths returned from LookPath in os/exec [fedora-42]
bugzilla·2025-09-26·CVSS 6.5
CVE-2025-47906 [MEDIUM] CVE-2025-47906 golang-github-geertjohan-rice: Unexpected paths returned from LookPath in os/exec [fedora-42]
CVE-2025-47906 golang-github-geertjohan-rice: Unexpected paths returned from LookPath in os/exec [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's pol
Bugzilla
CVE-2025-47906 OliveTin: Unexpected paths returned from LookPath in os/exec [fedora-42]
bugzilla·2025-09-26·CVSS 6.5
CVE-2025-47906 [MEDIUM] CVE-2025-47906 OliveTin: Unexpected paths returned from LookPath in os/exec [fedora-42]
CVE-2025-47906 OliveTin: Unexpected paths returned from LookPath in os/exec [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all bug
Bugzilla
CVE-2025-47906 gopls: Unexpected paths returned from LookPath in os/exec [fedora-42]
bugzilla·2025-09-26·CVSS 6.5
CVE-2025-47906 [MEDIUM] CVE-2025-47906 gopls: Unexpected paths returned from LookPath in os/exec [fedora-42]
CVE-2025-47906 gopls: Unexpected paths returned from LookPath in os/exec [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all bug rep
Bugzilla
CVE-2025-47906 golang-github-facebookincubator-go2chef: Unexpected paths returned from LookPath in os/exec [fedora-42]
bugzilla·2025-09-26·CVSS 6.5
CVE-2025-47906 [MEDIUM] CVE-2025-47906 golang-github-facebookincubator-go2chef: Unexpected paths returned from LookPath in os/exec [fedora-42]
CVE-2025-47906 golang-github-facebookincubator-go2chef: Unexpected paths returned from LookPath in os/exec [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fe
Bugzilla
CVE-2025-47906 grafana-pcp: Unexpected paths returned from LookPath in os/exec [fedora-42]
bugzilla·2025-09-26·CVSS 6.5
CVE-2025-47906 [MEDIUM] CVE-2025-47906 grafana-pcp: Unexpected paths returned from LookPath in os/exec [fedora-42]
CVE-2025-47906 grafana-pcp: Unexpected paths returned from LookPath in os/exec [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all b
Bugzilla
CVE-2025-47906 golang-github-git-5: Unexpected paths returned from LookPath in os/exec [fedora-42]
bugzilla·2025-09-26·CVSS 6.5
CVE-2025-47906 [MEDIUM] CVE-2025-47906 golang-github-git-5: Unexpected paths returned from LookPath in os/exec [fedora-42]
CVE-2025-47906 golang-github-git-5: Unexpected paths returned from LookPath in os/exec [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to clo
Bugzilla
CVE-2025-47906 golang-github-tenox7-wrp: Unexpected paths returned from LookPath in os/exec [fedora-42]
bugzilla·2025-09-26·CVSS 6.5
CVE-2025-47906 [MEDIUM] CVE-2025-47906 golang-github-tenox7-wrp: Unexpected paths returned from LookPath in os/exec [fedora-42]
CVE-2025-47906 golang-github-tenox7-wrp: Unexpected paths returned from LookPath in os/exec [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy t
Bugzilla
CVE-2025-47906 vultr: Unexpected paths returned from LookPath in os/exec [fedora-42]
bugzilla·2025-09-26·CVSS 6.5
CVE-2025-47906 [MEDIUM] CVE-2025-47906 vultr: Unexpected paths returned from LookPath in os/exec [fedora-42]
CVE-2025-47906 vultr: Unexpected paths returned from LookPath in os/exec [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all bug rep
Bugzilla
CVE-2025-47906 golang-github-redteampentesting-monsoon: Unexpected paths returned from LookPath in os/exec [fedora-42]
bugzilla·2025-09-26·CVSS 6.5
CVE-2025-47906 [MEDIUM] CVE-2025-47906 golang-github-redteampentesting-monsoon: Unexpected paths returned from LookPath in os/exec [fedora-42]
CVE-2025-47906 golang-github-redteampentesting-monsoon: Unexpected paths returned from LookPath in os/exec [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fe
Bugzilla
CVE-2025-47906 golang-x-text: Unexpected paths returned from LookPath in os/exec [fedora-42]
bugzilla·2025-09-26·CVSS 6.5
CVE-2025-47906 [MEDIUM] CVE-2025-47906 golang-x-text: Unexpected paths returned from LookPath in os/exec [fedora-42]
CVE-2025-47906 golang-x-text: Unexpected paths returned from LookPath in os/exec [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all
Bugzilla
CVE-2025-47906 etcd: Unexpected paths returned from LookPath in os/exec [fedora-42]
bugzilla·2025-09-26·CVSS 6.5
CVE-2025-47906 [MEDIUM] CVE-2025-47906 etcd: Unexpected paths returned from LookPath in os/exec [fedora-42]
CVE-2025-47906 etcd: Unexpected paths returned from LookPath in os/exec [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all bug repo
Bugzilla
CVE-2025-47906 cri-tools1.29: Unexpected paths returned from LookPath in os/exec [fedora-42]
bugzilla·2025-09-26·CVSS 6.5
CVE-2025-47906 [MEDIUM] CVE-2025-47906 cri-tools1.29: Unexpected paths returned from LookPath in os/exec [fedora-42]
CVE-2025-47906 cri-tools1.29: Unexpected paths returned from LookPath in os/exec [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all
Bugzilla
CVE-2025-47906 golang-github-containerd-cgroups-3: Unexpected paths returned from LookPath in os/exec [fedora-42]
bugzilla·2025-09-26·CVSS 6.5
CVE-2025-47906 [MEDIUM] CVE-2025-47906 golang-github-containerd-cgroups-3: Unexpected paths returned from LookPath in os/exec [fedora-42]
CVE-2025-47906 golang-github-containerd-cgroups-3: Unexpected paths returned from LookPath in os/exec [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora'
Bugzilla
CVE-2025-47906 golang-github-cloudflare-redoctober: Unexpected paths returned from LookPath in os/exec [fedora-42]
bugzilla·2025-09-26·CVSS 6.5
CVE-2025-47906 [MEDIUM] CVE-2025-47906 golang-github-cloudflare-redoctober: Unexpected paths returned from LookPath in os/exec [fedora-42]
CVE-2025-47906 golang-github-cloudflare-redoctober: Unexpected paths returned from LookPath in os/exec [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora
Bugzilla
CVE-2025-47906 golang-google-protobuf: Unexpected paths returned from LookPath in os/exec [fedora-42]
bugzilla·2025-09-26·CVSS 6.5
CVE-2025-47906 [MEDIUM] CVE-2025-47906 golang-google-protobuf: Unexpected paths returned from LookPath in os/exec [fedora-42]
CVE-2025-47906 golang-google-protobuf: Unexpected paths returned from LookPath in os/exec [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to
Bugzilla
CVE-2025-47906 yubihsm-connector: Unexpected paths returned from LookPath in os/exec [fedora-42]
bugzilla·2025-09-26·CVSS 6.5
CVE-2025-47906 [MEDIUM] CVE-2025-47906 yubihsm-connector: Unexpected paths returned from LookPath in os/exec [fedora-42]
CVE-2025-47906 yubihsm-connector: Unexpected paths returned from LookPath in os/exec [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close
Bugzilla
CVE-2025-47906 golang-github-hexdigest-gowrap: Unexpected paths returned from LookPath in os/exec [fedora-42]
bugzilla·2025-09-26·CVSS 6.5
CVE-2025-47906 [MEDIUM] CVE-2025-47906 golang-github-hexdigest-gowrap: Unexpected paths returned from LookPath in os/exec [fedora-42]
CVE-2025-47906 golang-github-hexdigest-gowrap: Unexpected paths returned from LookPath in os/exec [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's po
Bugzilla
CVE-2025-47906 golang-github-nilslice-protolock: Unexpected paths returned from LookPath in os/exec [fedora-42]
bugzilla·2025-09-26·CVSS 6.5
CVE-2025-47906 [MEDIUM] CVE-2025-47906 golang-github-nilslice-protolock: Unexpected paths returned from LookPath in os/exec [fedora-42]
CVE-2025-47906 golang-github-nilslice-protolock: Unexpected paths returned from LookPath in os/exec [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's
Bugzilla
CVE-2025-47906 golang-github-distribution-3: Unexpected paths returned from LookPath in os/exec [fedora-42]
bugzilla·2025-09-26·CVSS 6.5
CVE-2025-47906 [MEDIUM] CVE-2025-47906 golang-github-distribution-3: Unexpected paths returned from LookPath in os/exec [fedora-42]
CVE-2025-47906 golang-github-distribution-3: Unexpected paths returned from LookPath in os/exec [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's poli
Bugzilla
CVE-2025-47906 golang-github-mock: Unexpected paths returned from LookPath in os/exec [fedora-42]
bugzilla·2025-09-26·CVSS 6.5
CVE-2025-47906 [MEDIUM] CVE-2025-47906 golang-github-mock: Unexpected paths returned from LookPath in os/exec [fedora-42]
CVE-2025-47906 golang-github-mock: Unexpected paths returned from LookPath in os/exec [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to clos
Bugzilla
CVE-2025-47906 golang-github-chai2010-gettext: Unexpected paths returned from LookPath in os/exec [fedora-42]
bugzilla·2025-09-26·CVSS 6.5
CVE-2025-47906 [MEDIUM] CVE-2025-47906 golang-github-chai2010-gettext: Unexpected paths returned from LookPath in os/exec [fedora-42]
CVE-2025-47906 golang-github-chai2010-gettext: Unexpected paths returned from LookPath in os/exec [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's po
Bugzilla
CVE-2025-47906 et: Unexpected paths returned from LookPath in os/exec [fedora-42]
bugzilla·2025-09-26·CVSS 6.5
CVE-2025-47906 [MEDIUM] CVE-2025-47906 et: Unexpected paths returned from LookPath in os/exec [fedora-42]
CVE-2025-47906 et: Unexpected paths returned from LookPath in os/exec [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all bug report
Bugzilla
CVE-2025-47906 golang-github-nats-io-streaming-server: Unexpected paths returned from LookPath in os/exec [fedora-42]
bugzilla·2025-09-26·CVSS 6.5
CVE-2025-47906 [MEDIUM] CVE-2025-47906 golang-github-nats-io-streaming-server: Unexpected paths returned from LookPath in os/exec [fedora-42]
CVE-2025-47906 golang-github-nats-io-streaming-server: Unexpected paths returned from LookPath in os/exec [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fed
Bugzilla
CVE-2025-47906 miller: Unexpected paths returned from LookPath in os/exec [fedora-42]
bugzilla·2025-09-26·CVSS 6.5
CVE-2025-47906 [MEDIUM] CVE-2025-47906 miller: Unexpected paths returned from LookPath in os/exec [fedora-42]
CVE-2025-47906 miller: Unexpected paths returned from LookPath in os/exec [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all bug re
Bugzilla
CVE-2025-47906 tinygo: Unexpected paths returned from LookPath in os/exec [fedora-42]
bugzilla·2025-09-26·CVSS 6.5
CVE-2025-47906 [MEDIUM] CVE-2025-47906 tinygo: Unexpected paths returned from LookPath in os/exec [fedora-42]
CVE-2025-47906 tinygo: Unexpected paths returned from LookPath in os/exec [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all bug re
Bugzilla
CVE-2025-47906 golang-github-nvidia-container-toolkit: Unexpected paths returned from LookPath in os/exec [fedora-42]
bugzilla·2025-09-26·CVSS 6.5
CVE-2025-47906 [MEDIUM] CVE-2025-47906 golang-github-nvidia-container-toolkit: Unexpected paths returned from LookPath in os/exec [fedora-42]
CVE-2025-47906 golang-github-nvidia-container-toolkit: Unexpected paths returned from LookPath in os/exec [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fed
Bugzilla
CVE-2025-47906 golang-k8s-kube-aggregator: Unexpected paths returned from LookPath in os/exec [fedora-42]
bugzilla·2025-09-26·CVSS 6.5
CVE-2025-47906 [MEDIUM] CVE-2025-47906 golang-k8s-kube-aggregator: Unexpected paths returned from LookPath in os/exec [fedora-42]
CVE-2025-47906 golang-k8s-kube-aggregator: Unexpected paths returned from LookPath in os/exec [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy
Bugzilla
CVE-2025-47906 golang-github-theoapp-theo-agent: Unexpected paths returned from LookPath in os/exec [fedora-42]
bugzilla·2025-09-26·CVSS 6.5
CVE-2025-47906 [MEDIUM] CVE-2025-47906 golang-github-theoapp-theo-agent: Unexpected paths returned from LookPath in os/exec [fedora-42]
CVE-2025-47906 golang-github-theoapp-theo-agent: Unexpected paths returned from LookPath in os/exec [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's
Bugzilla
CVE-2025-47906 golang-x-mobile: Unexpected paths returned from LookPath in os/exec [fedora-42]
bugzilla·2025-09-26·CVSS 6.5
CVE-2025-47906 [MEDIUM] CVE-2025-47906 golang-x-mobile: Unexpected paths returned from LookPath in os/exec [fedora-42]
CVE-2025-47906 golang-x-mobile: Unexpected paths returned from LookPath in os/exec [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close a
Bugzilla
CVE-2025-47906 golang-github-moby-swarmkit-2: Unexpected paths returned from LookPath in os/exec [fedora-42]
bugzilla·2025-09-26·CVSS 6.5
CVE-2025-47906 [MEDIUM] CVE-2025-47906 golang-github-moby-swarmkit-2: Unexpected paths returned from LookPath in os/exec [fedora-42]
CVE-2025-47906 golang-github-moby-swarmkit-2: Unexpected paths returned from LookPath in os/exec [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's pol
Bugzilla
CVE-2025-47906 startdde: Unexpected paths returned from LookPath in os/exec [fedora-42]
bugzilla·2025-09-26·CVSS 6.5
CVE-2025-47906 [MEDIUM] CVE-2025-47906 startdde: Unexpected paths returned from LookPath in os/exec [fedora-42]
CVE-2025-47906 startdde: Unexpected paths returned from LookPath in os/exec [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all bug
Bugzilla
CVE-2025-47906 golang-x-perf: Unexpected paths returned from LookPath in os/exec [fedora-42]
bugzilla·2025-09-26·CVSS 6.5
CVE-2025-47906 [MEDIUM] CVE-2025-47906 golang-x-perf: Unexpected paths returned from LookPath in os/exec [fedora-42]
CVE-2025-47906 golang-x-perf: Unexpected paths returned from LookPath in os/exec [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all
Bugzilla
CVE-2025-47906 direnv: Unexpected paths returned from LookPath in os/exec [fedora-42]
bugzilla·2025-09-26·CVSS 6.5
CVE-2025-47906 [MEDIUM] CVE-2025-47906 direnv: Unexpected paths returned from LookPath in os/exec [fedora-42]
CVE-2025-47906 direnv: Unexpected paths returned from LookPath in os/exec [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all bug re
Bugzilla
CVE-2025-47906 golang-mvdan-gofumpt: Unexpected paths returned from LookPath in os/exec [fedora-42]
bugzilla·2025-09-26·CVSS 6.5
CVE-2025-47906 [MEDIUM] CVE-2025-47906 golang-mvdan-gofumpt: Unexpected paths returned from LookPath in os/exec [fedora-42]
CVE-2025-47906 golang-mvdan-gofumpt: Unexpected paths returned from LookPath in os/exec [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to cl
Bugzilla
CVE-2025-47906 golang-github-projectdiscovery-chaos-client: Unexpected paths returned from LookPath in os/exec [fedora-42]
bugzilla·2025-09-26·CVSS 6.5
CVE-2025-47906 [MEDIUM] CVE-2025-47906 golang-github-projectdiscovery-chaos-client: Unexpected paths returned from LookPath in os/exec [fedora-42]
CVE-2025-47906 golang-github-projectdiscovery-chaos-client: Unexpected paths returned from LookPath in os/exec [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It i
Bugzilla
CVE-2025-47906 golang-github-tinylib-msgp: Unexpected paths returned from LookPath in os/exec [fedora-42]
bugzilla·2025-09-26·CVSS 6.5
CVE-2025-47906 [MEDIUM] CVE-2025-47906 golang-github-tinylib-msgp: Unexpected paths returned from LookPath in os/exec [fedora-42]
CVE-2025-47906 golang-github-tinylib-msgp: Unexpected paths returned from LookPath in os/exec [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy
Bugzilla
CVE-2025-47906 ignition: Unexpected paths returned from LookPath in os/exec [fedora-42]
bugzilla·2025-09-26·CVSS 6.5
CVE-2025-47906 [MEDIUM] CVE-2025-47906 ignition: Unexpected paths returned from LookPath in os/exec [fedora-42]
CVE-2025-47906 ignition: Unexpected paths returned from LookPath in os/exec [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all bug
Bugzilla
CVE-2025-47906 golang-x-mod: Unexpected paths returned from LookPath in os/exec [fedora-42]
bugzilla·2025-09-26·CVSS 6.5
CVE-2025-47906 [MEDIUM] CVE-2025-47906 golang-x-mod: Unexpected paths returned from LookPath in os/exec [fedora-42]
CVE-2025-47906 golang-x-mod: Unexpected paths returned from LookPath in os/exec [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all
Bugzilla
CVE-2025-47906 nwg-dock-hyprland: Unexpected paths returned from LookPath in os/exec [fedora-42]
bugzilla·2025-09-26·CVSS 6.5
CVE-2025-47906 [MEDIUM] CVE-2025-47906 nwg-dock-hyprland: Unexpected paths returned from LookPath in os/exec [fedora-42]
CVE-2025-47906 nwg-dock-hyprland: Unexpected paths returned from LookPath in os/exec [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close
Bugzilla
CVE-2025-47906 golang-github-chromedp: Unexpected paths returned from LookPath in os/exec [fedora-42]
bugzilla·2025-09-26·CVSS 6.5
CVE-2025-47906 [MEDIUM] CVE-2025-47906 golang-github-chromedp: Unexpected paths returned from LookPath in os/exec [fedora-42]
CVE-2025-47906 golang-github-chromedp: Unexpected paths returned from LookPath in os/exec [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to
Bugzilla
CVE-2025-47906 osbuild-composer: Unexpected paths returned from LookPath in os/exec [fedora-42]
bugzilla·2025-09-26·CVSS 6.5
CVE-2025-47906 [MEDIUM] CVE-2025-47906 osbuild-composer: Unexpected paths returned from LookPath in os/exec [fedora-42]
CVE-2025-47906 osbuild-composer: Unexpected paths returned from LookPath in os/exec [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close
Bugzilla
CVE-2025-47906 golang-github-valyala-fasthttp: Unexpected paths returned from LookPath in os/exec [fedora-42]
bugzilla·2025-09-26·CVSS 6.5
CVE-2025-47906 [MEDIUM] CVE-2025-47906 golang-github-valyala-fasthttp: Unexpected paths returned from LookPath in os/exec [fedora-42]
CVE-2025-47906 golang-github-valyala-fasthttp: Unexpected paths returned from LookPath in os/exec [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's po
Bugzilla
CVE-2025-47906 cadvisor: Unexpected paths returned from LookPath in os/exec [fedora-42]
bugzilla·2025-09-26·CVSS 6.5
CVE-2025-47906 [MEDIUM] CVE-2025-47906 cadvisor: Unexpected paths returned from LookPath in os/exec [fedora-42]
CVE-2025-47906 cadvisor: Unexpected paths returned from LookPath in os/exec [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all bug
Bugzilla
CVE-2025-47906 gum: Unexpected paths returned from LookPath in os/exec [fedora-42]
bugzilla·2025-09-26·CVSS 6.5
CVE-2025-47906 [MEDIUM] CVE-2025-47906 gum: Unexpected paths returned from LookPath in os/exec [fedora-42]
CVE-2025-47906 gum: Unexpected paths returned from LookPath in os/exec [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
FEDORA-2026-bebf3b0544 (gum-0.16.1-2.fc42) has been submitted as an update to Fedora 42.
https://bodhi.fedoraproject.org/updates/FEDORA-2026-bebf3b0544
Bugzilla
CVE-2025-47906 golang-github-aliyun-cli: Unexpected paths returned from LookPath in os/exec [fedora-42]
bugzilla·2025-09-26·CVSS 6.5
CVE-2025-47906 [MEDIUM] CVE-2025-47906 golang-github-aliyun-cli: Unexpected paths returned from LookPath in os/exec [fedora-42]
CVE-2025-47906 golang-github-aliyun-cli: Unexpected paths returned from LookPath in os/exec [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy t
Bugzilla
CVE-2025-47906 golang-github-gogo-googleapis: Unexpected paths returned from LookPath in os/exec [fedora-42]
bugzilla·2025-09-26·CVSS 6.5
CVE-2025-47906 [MEDIUM] CVE-2025-47906 golang-github-gogo-googleapis: Unexpected paths returned from LookPath in os/exec [fedora-42]
CVE-2025-47906 golang-github-gogo-googleapis: Unexpected paths returned from LookPath in os/exec [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's pol
Bugzilla
CVE-2025-47906 golang-github-jsonnet-bundler: Unexpected paths returned from LookPath in os/exec [fedora-42]
bugzilla·2025-09-26·CVSS 6.5
CVE-2025-47906 [MEDIUM] CVE-2025-47906 golang-github-jsonnet-bundler: Unexpected paths returned from LookPath in os/exec [fedora-42]
CVE-2025-47906 golang-github-jsonnet-bundler: Unexpected paths returned from LookPath in os/exec [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's pol
Bugzilla
CVE-2025-47906 golang-github-gojuno-minimock: Unexpected paths returned from LookPath in os/exec [fedora-42]
bugzilla·2025-09-26·CVSS 6.5
CVE-2025-47906 [MEDIUM] CVE-2025-47906 golang-github-gojuno-minimock: Unexpected paths returned from LookPath in os/exec [fedora-42]
CVE-2025-47906 golang-github-gojuno-minimock: Unexpected paths returned from LookPath in os/exec [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's pol
Bugzilla
CVE-2025-47906 anubis: Unexpected paths returned from LookPath in os/exec [fedora-42]
bugzilla·2025-09-26·CVSS 6.5
CVE-2025-47906 [MEDIUM] CVE-2025-47906 anubis: Unexpected paths returned from LookPath in os/exec [fedora-42]
CVE-2025-47906 anubis: Unexpected paths returned from LookPath in os/exec [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all bug re
Bugzilla
CVE-2025-47906 golang-mvdan-sh-3: Unexpected paths returned from LookPath in os/exec [fedora-42]
bugzilla·2025-09-26·CVSS 6.5
CVE-2025-47906 [MEDIUM] CVE-2025-47906 golang-mvdan-sh-3: Unexpected paths returned from LookPath in os/exec [fedora-42]
CVE-2025-47906 golang-mvdan-sh-3: Unexpected paths returned from LookPath in os/exec [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close
Bugzilla
CVE-2025-47906 golang-github-pact-foundation: Unexpected paths returned from LookPath in os/exec [fedora-42]
bugzilla·2025-09-26·CVSS 6.5
CVE-2025-47906 [MEDIUM] CVE-2025-47906 golang-github-pact-foundation: Unexpected paths returned from LookPath in os/exec [fedora-42]
CVE-2025-47906 golang-github-pact-foundation: Unexpected paths returned from LookPath in os/exec [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's pol
Bugzilla
CVE-2025-47906 deepin-daemon: Unexpected paths returned from LookPath in os/exec [fedora-42]
bugzilla·2025-09-26·CVSS 6.5
CVE-2025-47906 [MEDIUM] CVE-2025-47906 deepin-daemon: Unexpected paths returned from LookPath in os/exec [fedora-42]
CVE-2025-47906 deepin-daemon: Unexpected paths returned from LookPath in os/exec [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all
Bugzilla
CVE-2025-47906 golang-github-cockroachdb-pebble: Unexpected paths returned from LookPath in os/exec [fedora-42]
bugzilla·2025-09-26·CVSS 6.5
CVE-2025-47906 [MEDIUM] CVE-2025-47906 golang-github-cockroachdb-pebble: Unexpected paths returned from LookPath in os/exec [fedora-42]
CVE-2025-47906 golang-github-cockroachdb-pebble: Unexpected paths returned from LookPath in os/exec [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's
Bugzilla
CVE-2025-47906 gmailctl: Unexpected paths returned from LookPath in os/exec [fedora-42]
bugzilla·2025-09-26·CVSS 6.5
CVE-2025-47906 [MEDIUM] CVE-2025-47906 gmailctl: Unexpected paths returned from LookPath in os/exec [fedora-42]
CVE-2025-47906 gmailctl: Unexpected paths returned from LookPath in os/exec [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all bug
Bugzilla
CVE-2025-47906 golang-github-schollz-croc: Unexpected paths returned from LookPath in os/exec [fedora-42]
bugzilla·2025-09-26·CVSS 6.5
CVE-2025-47906 [MEDIUM] CVE-2025-47906 golang-github-schollz-croc: Unexpected paths returned from LookPath in os/exec [fedora-42]
CVE-2025-47906 golang-github-schollz-croc: Unexpected paths returned from LookPath in os/exec [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy
Bugzilla
CVE-2025-47906 hut: Unexpected paths returned from LookPath in os/exec [fedora-42]
bugzilla·2025-09-26·CVSS 6.5
CVE-2025-47906 [MEDIUM] CVE-2025-47906 hut: Unexpected paths returned from LookPath in os/exec [fedora-42]
CVE-2025-47906 hut: Unexpected paths returned from LookPath in os/exec [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all bug repor
Bugzilla
CVE-2025-47906 golang-k8s-apiextensions-apiserver: Unexpected paths returned from LookPath in os/exec [fedora-42]
bugzilla·2025-09-26·CVSS 6.5
CVE-2025-47906 [MEDIUM] CVE-2025-47906 golang-k8s-apiextensions-apiserver: Unexpected paths returned from LookPath in os/exec [fedora-42]
CVE-2025-47906 golang-k8s-apiextensions-apiserver: Unexpected paths returned from LookPath in os/exec [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora'
Bugzilla
CVE-2025-47906 golang-github-vmware-govmomi: Unexpected paths returned from LookPath in os/exec [fedora-42]
bugzilla·2025-09-26·CVSS 6.5
CVE-2025-47906 [MEDIUM] CVE-2025-47906 golang-github-vmware-govmomi: Unexpected paths returned from LookPath in os/exec [fedora-42]
CVE-2025-47906 golang-github-vmware-govmomi: Unexpected paths returned from LookPath in os/exec [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's poli
Bugzilla
CVE-2025-47906 manifest-tool: Unexpected paths returned from LookPath in os/exec [fedora-42]
bugzilla·2025-09-26·CVSS 6.5
CVE-2025-47906 [MEDIUM] CVE-2025-47906 manifest-tool: Unexpected paths returned from LookPath in os/exec [fedora-42]
CVE-2025-47906 manifest-tool: Unexpected paths returned from LookPath in os/exec [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all
Bugzilla
CVE-2025-47906 yggdrasil: Unexpected paths returned from LookPath in os/exec [fedora-42]
bugzilla·2025-09-26·CVSS 6.5
CVE-2025-47906 [MEDIUM] CVE-2025-47906 yggdrasil: Unexpected paths returned from LookPath in os/exec [fedora-42]
CVE-2025-47906 yggdrasil: Unexpected paths returned from LookPath in os/exec [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all bug
Bugzilla
CVE-2025-47906 image-builder: Unexpected paths returned from LookPath in os/exec [fedora-42]
bugzilla·2025-09-26·CVSS 6.5
CVE-2025-47906 [MEDIUM] CVE-2025-47906 image-builder: Unexpected paths returned from LookPath in os/exec [fedora-42]
CVE-2025-47906 image-builder: Unexpected paths returned from LookPath in os/exec [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all
Bugzilla
CVE-2025-47906 kiln: Unexpected paths returned from LookPath in os/exec [fedora-42]
bugzilla·2025-09-26·CVSS 6.5
CVE-2025-47906 [MEDIUM] CVE-2025-47906 kiln: Unexpected paths returned from LookPath in os/exec [fedora-42]
CVE-2025-47906 kiln: Unexpected paths returned from LookPath in os/exec [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all bug repo
Bugzilla
CVE-2025-47906 lw-cli: Unexpected paths returned from LookPath in os/exec [fedora-42]
bugzilla·2025-09-26·CVSS 6.5
CVE-2025-47906 [MEDIUM] CVE-2025-47906 lw-cli: Unexpected paths returned from LookPath in os/exec [fedora-42]
CVE-2025-47906 lw-cli: Unexpected paths returned from LookPath in os/exec [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all bug re
Bugzilla
CVE-2025-47906 golang-github-hashicorp-hclog: Unexpected paths returned from LookPath in os/exec [fedora-42]
bugzilla·2025-09-26·CVSS 6.5
CVE-2025-47906 [MEDIUM] CVE-2025-47906 golang-github-hashicorp-hclog: Unexpected paths returned from LookPath in os/exec [fedora-42]
CVE-2025-47906 golang-github-hashicorp-hclog: Unexpected paths returned from LookPath in os/exec [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's pol
Bugzilla
CVE-2025-47906 golang-k8s-pod-security-admission: Unexpected paths returned from LookPath in os/exec [fedora-42]
bugzilla·2025-09-26·CVSS 6.5
CVE-2025-47906 [MEDIUM] CVE-2025-47906 golang-k8s-pod-security-admission: Unexpected paths returned from LookPath in os/exec [fedora-42]
CVE-2025-47906 golang-k8s-pod-security-admission: Unexpected paths returned from LookPath in os/exec [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's
Bugzilla
CVE-2025-47906 nwg-dock: Unexpected paths returned from LookPath in os/exec [fedora-42]
bugzilla·2025-09-26·CVSS 6.5
CVE-2025-47906 [MEDIUM] CVE-2025-47906 nwg-dock: Unexpected paths returned from LookPath in os/exec [fedora-42]
CVE-2025-47906 nwg-dock: Unexpected paths returned from LookPath in os/exec [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all bug
Bugzilla
CVE-2025-47906 golang-github-containernetworking-cni: Unexpected paths returned from LookPath in os/exec [fedora-42]
bugzilla·2025-09-26·CVSS 6.5
CVE-2025-47906 [MEDIUM] CVE-2025-47906 golang-github-containernetworking-cni: Unexpected paths returned from LookPath in os/exec [fedora-42]
CVE-2025-47906 golang-github-containernetworking-cni: Unexpected paths returned from LookPath in os/exec [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedo
Bugzilla
CVE-2025-47906 golang-github-hashicorp-sockaddr: Unexpected paths returned from LookPath in os/exec [fedora-42]
bugzilla·2025-09-26·CVSS 6.5
CVE-2025-47906 [MEDIUM] CVE-2025-47906 golang-github-hashicorp-sockaddr: Unexpected paths returned from LookPath in os/exec [fedora-42]
CVE-2025-47906 golang-github-hashicorp-sockaddr: Unexpected paths returned from LookPath in os/exec [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's
Bugzilla
CVE-2025-47906 elvish: Unexpected paths returned from LookPath in os/exec [fedora-42]
bugzilla·2025-09-26·CVSS 6.5
CVE-2025-47906 [MEDIUM] CVE-2025-47906 elvish: Unexpected paths returned from LookPath in os/exec [fedora-42]
CVE-2025-47906 elvish: Unexpected paths returned from LookPath in os/exec [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all bug re
Bugzilla
CVE-2025-47906 transifex-client: Unexpected paths returned from LookPath in os/exec [fedora-42]
bugzilla·2025-09-26·CVSS 6.5
CVE-2025-47906 [MEDIUM] CVE-2025-47906 transifex-client: Unexpected paths returned from LookPath in os/exec [fedora-42]
CVE-2025-47906 transifex-client: Unexpected paths returned from LookPath in os/exec [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close
Bugzilla
CVE-2025-47906 golang-github-theupdateframework-notary: Unexpected paths returned from LookPath in os/exec [fedora-42]
bugzilla·2025-09-26·CVSS 6.5
CVE-2025-47906 [MEDIUM] CVE-2025-47906 golang-github-theupdateframework-notary: Unexpected paths returned from LookPath in os/exec [fedora-42]
CVE-2025-47906 golang-github-theupdateframework-notary: Unexpected paths returned from LookPath in os/exec [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fe
Bugzilla
CVE-2025-47906 nwg-bar: Unexpected paths returned from LookPath in os/exec [fedora-42]
bugzilla·2025-09-26·CVSS 6.5
CVE-2025-47906 [MEDIUM] CVE-2025-47906 nwg-bar: Unexpected paths returned from LookPath in os/exec [fedora-42]
CVE-2025-47906 nwg-bar: Unexpected paths returned from LookPath in os/exec [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all bug r
Bugzilla
CVE-2025-47906 golang-k8s-code-generator: Unexpected paths returned from LookPath in os/exec [fedora-42]
bugzilla·2025-09-26·CVSS 6.5
CVE-2025-47906 [MEDIUM] CVE-2025-47906 golang-k8s-code-generator: Unexpected paths returned from LookPath in os/exec [fedora-42]
CVE-2025-47906 golang-k8s-code-generator: Unexpected paths returned from LookPath in os/exec [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy
Bugzilla
CVE-2025-47906 golang-github-facebookincubator-contest: Unexpected paths returned from LookPath in os/exec [fedora-42]
bugzilla·2025-09-26·CVSS 6.5
CVE-2025-47906 [MEDIUM] CVE-2025-47906 golang-github-facebookincubator-contest: Unexpected paths returned from LookPath in os/exec [fedora-42]
CVE-2025-47906 golang-github-facebookincubator-contest: Unexpected paths returned from LookPath in os/exec [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fe
Bugzilla
CVE-2025-47906 reg: Unexpected paths returned from LookPath in os/exec [fedora-42]
bugzilla·2025-09-26·CVSS 6.5
CVE-2025-47906 [MEDIUM] CVE-2025-47906 reg: Unexpected paths returned from LookPath in os/exec [fedora-42]
CVE-2025-47906 reg: Unexpected paths returned from LookPath in os/exec [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all bug repor
Bugzilla
CVE-2025-47906 cheat: Unexpected paths returned from LookPath in os/exec [fedora-42]
bugzilla·2025-09-26·CVSS 6.5
CVE-2025-47906 [MEDIUM] CVE-2025-47906 cheat: Unexpected paths returned from LookPath in os/exec [fedora-42]
CVE-2025-47906 cheat: Unexpected paths returned from LookPath in os/exec [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all bug rep
Bugzilla
CVE-2025-47906 golang-github-haproxytech-dataplaneapi: Unexpected paths returned from LookPath in os/exec [fedora-42]
bugzilla·2025-09-26·CVSS 6.5
CVE-2025-47906 [MEDIUM] CVE-2025-47906 golang-github-haproxytech-dataplaneapi: Unexpected paths returned from LookPath in os/exec [fedora-42]
CVE-2025-47906 golang-github-haproxytech-dataplaneapi: Unexpected paths returned from LookPath in os/exec [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fed
Bugzilla
CVE-2025-47906 golang-github-dave-jennifer: Unexpected paths returned from LookPath in os/exec [fedora-42]
bugzilla·2025-09-26·CVSS 6.5
CVE-2025-47906 [MEDIUM] CVE-2025-47906 golang-github-dave-jennifer: Unexpected paths returned from LookPath in os/exec [fedora-42]
CVE-2025-47906 golang-github-dave-jennifer: Unexpected paths returned from LookPath in os/exec [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's polic
Bugzilla
CVE-2025-47906 fluent-bit: Unexpected paths returned from LookPath in os/exec [fedora-42]
bugzilla·2025-09-26·CVSS 6.5
CVE-2025-47906 [MEDIUM] CVE-2025-47906 fluent-bit: Unexpected paths returned from LookPath in os/exec [fedora-42]
CVE-2025-47906 fluent-bit: Unexpected paths returned from LookPath in os/exec [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all bu
Bugzilla
CVE-2025-47906 smtprelay: Unexpected paths returned from LookPath in os/exec [fedora-42]
bugzilla·2025-09-26·CVSS 6.5
CVE-2025-47906 [MEDIUM] CVE-2025-47906 smtprelay: Unexpected paths returned from LookPath in os/exec [fedora-42]
CVE-2025-47906 smtprelay: Unexpected paths returned from LookPath in os/exec [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all bug
Bugzilla
CVE-2025-47906 godoctor: Unexpected paths returned from LookPath in os/exec [fedora-42]
bugzilla·2025-09-26·CVSS 6.5
CVE-2025-47906 [MEDIUM] CVE-2025-47906 godoctor: Unexpected paths returned from LookPath in os/exec [fedora-42]
CVE-2025-47906 godoctor: Unexpected paths returned from LookPath in os/exec [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all bug
Bugzilla
CVE-2025-47906 golang-github-kjk-lzmadec: Unexpected paths returned from LookPath in os/exec [fedora-42]
bugzilla·2025-09-26·CVSS 6.5
CVE-2025-47906 [MEDIUM] CVE-2025-47906 golang-github-kjk-lzmadec: Unexpected paths returned from LookPath in os/exec [fedora-42]
CVE-2025-47906 golang-github-kjk-lzmadec: Unexpected paths returned from LookPath in os/exec [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy
Bugzilla
CVE-2025-47906 golang-github-markbates-pkger: Unexpected paths returned from LookPath in os/exec [fedora-42]
bugzilla·2025-09-26·CVSS 6.5
CVE-2025-47906 [MEDIUM] CVE-2025-47906 golang-github-markbates-pkger: Unexpected paths returned from LookPath in os/exec [fedora-42]
CVE-2025-47906 golang-github-markbates-pkger: Unexpected paths returned from LookPath in os/exec [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's pol
Bugzilla
CVE-2025-47906 meshbird: Unexpected paths returned from LookPath in os/exec [fedora-42]
bugzilla·2025-09-26·CVSS 6.5
CVE-2025-47906 [MEDIUM] CVE-2025-47906 meshbird: Unexpected paths returned from LookPath in os/exec [fedora-42]
CVE-2025-47906 meshbird: Unexpected paths returned from LookPath in os/exec [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all bug
Bugzilla
CVE-2025-47906 golang-sigs-k8s-aws-iam-authenticator: Unexpected paths returned from LookPath in os/exec [fedora-42]
bugzilla·2025-09-26·CVSS 6.5
CVE-2025-47906 [MEDIUM] CVE-2025-47906 golang-sigs-k8s-aws-iam-authenticator: Unexpected paths returned from LookPath in os/exec [fedora-42]
CVE-2025-47906 golang-sigs-k8s-aws-iam-authenticator: Unexpected paths returned from LookPath in os/exec [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedo
Bugzilla
CVE-2025-47906 kata-containers: Unexpected paths returned from LookPath in os/exec [fedora-42]
bugzilla·2025-09-26·CVSS 6.5
CVE-2025-47906 [MEDIUM] CVE-2025-47906 kata-containers: Unexpected paths returned from LookPath in os/exec [fedora-42]
CVE-2025-47906 kata-containers: Unexpected paths returned from LookPath in os/exec [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close a
Bugzilla
CVE-2025-47906 qt5-qtwebengine: Unexpected paths returned from LookPath in os/exec [fedora-42]
bugzilla·2025-09-26·CVSS 6.5
CVE-2025-47906 [MEDIUM] CVE-2025-47906 qt5-qtwebengine: Unexpected paths returned from LookPath in os/exec [fedora-42]
CVE-2025-47906 qt5-qtwebengine: Unexpected paths returned from LookPath in os/exec [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close a
Bugzilla
CVE-2025-47906 kubernetes1.29: Unexpected paths returned from LookPath in os/exec [fedora-42]
bugzilla·2025-09-26·CVSS 6.5
CVE-2025-47906 [MEDIUM] CVE-2025-47906 kubernetes1.29: Unexpected paths returned from LookPath in os/exec [fedora-42]
CVE-2025-47906 kubernetes1.29: Unexpected paths returned from LookPath in os/exec [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close al
Bugzilla
CVE-2025-47906 cri-o1.30: Unexpected paths returned from LookPath in os/exec [fedora-42]
bugzilla·2025-09-26·CVSS 6.5
CVE-2025-47906 [MEDIUM] CVE-2025-47906 cri-o1.30: Unexpected paths returned from LookPath in os/exec [fedora-42]
CVE-2025-47906 cri-o1.30: Unexpected paths returned from LookPath in os/exec [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all bug
Bugzilla
CVE-2025-47906 golang-github-hashicorp-msgpack: Unexpected paths returned from LookPath in os/exec [fedora-42]
bugzilla·2025-09-26·CVSS 6.5
CVE-2025-47906 [MEDIUM] CVE-2025-47906 golang-github-hashicorp-msgpack: Unexpected paths returned from LookPath in os/exec [fedora-42]
CVE-2025-47906 golang-github-hashicorp-msgpack: Unexpected paths returned from LookPath in os/exec [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's p
Bugzilla
CVE-2025-47906 golang-github-posener-complete-2: Unexpected paths returned from LookPath in os/exec [fedora-42]
bugzilla·2025-09-26·CVSS 6.5
CVE-2025-47906 [MEDIUM] CVE-2025-47906 golang-github-posener-complete-2: Unexpected paths returned from LookPath in os/exec [fedora-42]
CVE-2025-47906 golang-github-posener-complete-2: Unexpected paths returned from LookPath in os/exec [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's
Bugzilla
CVE-2025-47906 nebula: Unexpected paths returned from LookPath in os/exec [fedora-42]
bugzilla·2025-09-26·CVSS 6.5
CVE-2025-47906 [MEDIUM] CVE-2025-47906 nebula: Unexpected paths returned from LookPath in os/exec [fedora-42]
CVE-2025-47906 nebula: Unexpected paths returned from LookPath in os/exec [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all bug re
Bugzilla
CVE-2025-47906 golang-gvisor: Unexpected paths returned from LookPath in os/exec [fedora-42]
bugzilla·2025-09-26·CVSS 6.5
CVE-2025-47906 [MEDIUM] CVE-2025-47906 golang-gvisor: Unexpected paths returned from LookPath in os/exec [fedora-42]
CVE-2025-47906 golang-gvisor: Unexpected paths returned from LookPath in os/exec [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all
Bugzilla
CVE-2025-47906 gphotosdl: Unexpected paths returned from LookPath in os/exec [fedora-42]
bugzilla·2025-09-26·CVSS 6.5
CVE-2025-47906 [MEDIUM] CVE-2025-47906 gphotosdl: Unexpected paths returned from LookPath in os/exec [fedora-42]
CVE-2025-47906 gphotosdl: Unexpected paths returned from LookPath in os/exec [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all bug
Bugzilla
CVE-2025-47906 deepin-pw-check: Unexpected paths returned from LookPath in os/exec [fedora-42]
bugzilla·2025-09-26·CVSS 6.5
CVE-2025-47906 [MEDIUM] CVE-2025-47906 deepin-pw-check: Unexpected paths returned from LookPath in os/exec [fedora-42]
CVE-2025-47906 deepin-pw-check: Unexpected paths returned from LookPath in os/exec [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close a
Bugzilla
CVE-2025-47906 golang-github-googleapis-gnostic: Unexpected paths returned from LookPath in os/exec [fedora-42]
bugzilla·2025-09-26·CVSS 6.5
CVE-2025-47906 [MEDIUM] CVE-2025-47906 golang-github-googleapis-gnostic: Unexpected paths returned from LookPath in os/exec [fedora-42]
CVE-2025-47906 golang-github-googleapis-gnostic: Unexpected paths returned from LookPath in os/exec [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's
Bugzilla
CVE-2025-47906 cri-tools1.32: Unexpected paths returned from LookPath in os/exec [fedora-42]
bugzilla·2025-09-26·CVSS 6.5
CVE-2025-47906 [MEDIUM] CVE-2025-47906 cri-tools1.32: Unexpected paths returned from LookPath in os/exec [fedora-42]
CVE-2025-47906 cri-tools1.32: Unexpected paths returned from LookPath in os/exec [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all
Bugzilla
CVE-2025-47906 matterbridge: Unexpected paths returned from LookPath in os/exec [fedora-42]
bugzilla·2025-09-26·CVSS 6.5
CVE-2025-47906 [MEDIUM] CVE-2025-47906 matterbridge: Unexpected paths returned from LookPath in os/exec [fedora-42]
CVE-2025-47906 matterbridge: Unexpected paths returned from LookPath in os/exec [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all
Bugzilla
CVE-2025-47906 golang-github-burntsushi-toml: Unexpected paths returned from LookPath in os/exec [epel-9]
bugzilla·2025-09-25·CVSS 6.5
CVE-2025-47906 [MEDIUM] CVE-2025-47906 golang-github-burntsushi-toml: Unexpected paths returned from LookPath in os/exec [epel-9]
CVE-2025-47906 golang-github-burntsushi-toml: Unexpected paths returned from LookPath in os/exec [epel-9]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This package has changed maintainer in Fedora. Reassigning to the new maintainer of this component.
---
This package has changed maintainer in Fedora. Reassigning to the new maint
Bugzilla
CVE-2025-47906 caddy: Unexpected paths returned from LookPath in os/exec [epel-9]
bugzilla·2025-09-25·CVSS 6.5
CVE-2025-47906 [MEDIUM] CVE-2025-47906 caddy: Unexpected paths returned from LookPath in os/exec [epel-9]
CVE-2025-47906 caddy: Unexpected paths returned from LookPath in os/exec [epel-9]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Bugzilla
CVE-2025-47906 caddy: Unexpected paths returned from LookPath in os/exec [epel-8]
bugzilla·2025-09-25·CVSS 6.5
CVE-2025-47906 [MEDIUM] CVE-2025-47906 caddy: Unexpected paths returned from LookPath in os/exec [epel-8]
CVE-2025-47906 caddy: Unexpected paths returned from LookPath in os/exec [epel-8]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Bugzilla
CVE-2025-47906 fluent-bit: Unexpected paths returned from LookPath in os/exec [epel-10]
bugzilla·2025-09-25·CVSS 6.5
CVE-2025-47906 [MEDIUM] CVE-2025-47906 fluent-bit: Unexpected paths returned from LookPath in os/exec [epel-10]
CVE-2025-47906 fluent-bit: Unexpected paths returned from LookPath in os/exec [epel-10]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This package has changed maintainer in Fedora. Reassigning to the new maintainer of this component.
Bugzilla
CVE-2025-47906 golang-github-burntsushi-toml: Unexpected paths returned from LookPath in os/exec [epel-10]
bugzilla·2025-09-25·CVSS 6.5
CVE-2025-47906 [MEDIUM] CVE-2025-47906 golang-github-burntsushi-toml: Unexpected paths returned from LookPath in os/exec [epel-10]
CVE-2025-47906 golang-github-burntsushi-toml: Unexpected paths returned from LookPath in os/exec [epel-10]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This package has changed maintainer in Fedora. Reassigning to the new maintainer of this component.
---
This package has changed maintainer in Fedora. Reassigning to the new main
Bugzilla
CVE-2025-47906 syncthing: Unexpected paths returned from LookPath in os/exec [epel-8]
bugzilla·2025-09-25·CVSS 6.5
CVE-2025-47906 [MEDIUM] CVE-2025-47906 syncthing: Unexpected paths returned from LookPath in os/exec [epel-8]
CVE-2025-47906 syncthing: Unexpected paths returned from LookPath in os/exec [epel-8]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
The version of the Go compiler in RHEL 8 seems to be too old to have the fix for this issue, so there is nothing that can be done for syncthing.
Bugzilla
CVE-2025-47906 gum: Unexpected paths returned from LookPath in os/exec [epel-10]
bugzilla·2025-09-25·CVSS 6.5
CVE-2025-47906 [MEDIUM] CVE-2025-47906 gum: Unexpected paths returned from LookPath in os/exec [epel-10]
CVE-2025-47906 gum: Unexpected paths returned from LookPath in os/exec [epel-10]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This package has changed maintainer in Fedora. Reassigning to the new maintainer of this component.
---
FEDORA-EPEL-2026-5f723f26cd (gum-0.17.0-3.el10_3) has been submitted as an update to Fedora EPEL 10.
Bugzilla
CVE-2025-47906 fluent-bit: Unexpected paths returned from LookPath in os/exec [epel-9]
bugzilla·2025-09-25·CVSS 6.5
CVE-2025-47906 [MEDIUM] CVE-2025-47906 fluent-bit: Unexpected paths returned from LookPath in os/exec [epel-9]
CVE-2025-47906 fluent-bit: Unexpected paths returned from LookPath in os/exec [epel-9]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This package has changed maintainer in Fedora. Reassigning to the new maintainer of this component.
Bugzilla
CVE-2025-47906 glow: Unexpected paths returned from LookPath in os/exec [epel-10]
bugzilla·2025-09-25·CVSS 6.5
CVE-2025-47906 [MEDIUM] CVE-2025-47906 glow: Unexpected paths returned from LookPath in os/exec [epel-10]
CVE-2025-47906 glow: Unexpected paths returned from LookPath in os/exec [epel-10]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This package has changed maintainer in Fedora. Reassigning to the new maintainer of this component.
---
FEDORA-EPEL-2026-4deb1b7241 (glow-2.1.2-1.el10_3) has been submitted as an update to Fedora EPEL 10
Bugzilla
CVE-2025-47906 golang-x-exp: Unexpected paths returned from LookPath in os/exec [epel-9]
bugzilla·2025-09-25·CVSS 6.5
CVE-2025-47906 [MEDIUM] CVE-2025-47906 golang-x-exp: Unexpected paths returned from LookPath in os/exec [epel-9]
CVE-2025-47906 golang-x-exp: Unexpected paths returned from LookPath in os/exec [epel-9]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
Doesn't affect the package.
Bugzilla
CVE-2025-47906 os/exec: Unexpected paths returned from LookPath in os/exec
bugzilla·2025-09-18·CVSS 6.5
CVE-2025-47906 [MEDIUM] CVE-2025-47906 os/exec: Unexpected paths returned from LookPath in os/exec
CVE-2025-47906 os/exec: Unexpected paths returned from LookPath in os/exec
If the PATH environment variable contains paths which are executables (rather than just directories), passing certain strings to LookPath ("", ".", and ".."), can result in the binaries listed in the PATH being unexpectedly returned.
Discussion:
This is fixed in Go versions 1.25.0:
https://github.com/golang/go/commit/ebee011a54f9310099d02a7e7731330539db16cf
... and 1.24.6:
https://github.com/golang/go/commit/0f5133b742bf61cda6c98b4cd1d313a330f13f32
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 9.4 Extended Update Support
Via RHSA-2025:21856 https://access.redhat.com/errata/RHSA-2025:21856
---
This issue has been addressed in the following products:
Red Hat Enterpris
2025-09-18
Published