CVE-2025-58189
published 2025-10-29CVE-2025-58189: When Conn.Handshake fails during ALPN negotiation the error contains attacker controlled information (the ALPN protocols sent by the client) which is not…
PriorityP426medium5.3CVSS 3.1
AVNACLPRNUINSUCLINAN
EPSS
0.44%
35.4th percentile
When Conn.Handshake fails during ALPN negotiation the error contains attacker controlled information (the ALPN protocols sent by the client) which is not escaped.
Affected
20 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | golang-1.15 | < golang-1.24 1.24.8-1 (forky) | golang-1.24 1.24.8-1 (forky) |
| debian | golang-1.19 | < golang-1.24 1.24.8-1 (forky) | golang-1.24 1.24.8-1 (forky) |
| debian | golang-1.24 | < golang-1.24 1.24.8-1 (forky) | golang-1.24 1.24.8-1 (forky) |
| debian | golang-1.25 | < golang-1.24 1.24.8-1 (forky) | golang-1.24 1.24.8-1 (forky) |
| go_standard_library | crypto_tls | < 1.24.8 | 1.24.8 |
| go_standard_library | crypto_tls | >= 1.25.0 < 1.25.2 | 1.25.2 |
| golang | go | < 1.24.8 | 1.24.8 |
| golang | go | >= 1.25.0 < 1.25.2 | 1.25.2 |
| msrc | azl3_gcc_13.2.0-7_on_azure_linux_3.0 | — | — |
| msrc | azl3_golang_1.23.12-1_on_azure_linux_3.0 | — | — |
| msrc | azl3_golang_1.25.3-1_on_azure_linux_3.0 | — | — |
| msrc | azl3_python-tensorboard_2.16.2-6_on_azure_linux_3.0 | — | — |
| msrc | azl3_tensorflow_2.16.1-9_on_azure_linux_3.0 | — | — |
| msrc | cbl2_gcc_11.2.0-8_on_cbl_mariner_2.0 | — | — |
| msrc | cbl2_golang_1.18.8-10_on_cbl_mariner_2.0 | — | — |
| msrc | cbl2_golang_1.22.7-5_on_cbl_mariner_2.0 | — | — |
| msrc | cbl2_msft-golang_1.24.8-1_on_cbl_mariner_2.0 | — | — |
| msrc | cbl2_msft-golang_1.24.9-1_on_cbl_mariner_2.0 | — | — |
| msrc | cbl2_python-tensorboard_2.11.0-3_on_cbl_mariner_2.0 | — | — |
| msrc | cbl2_tensorflow_2.11.1-2_on_cbl_mariner_2.0 | — | — |
CVSS provenance
nvdv3.15.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
osv5.3MEDIUM
vendor_msrc7.5HIGH
vendor_debian5.3MEDIUM
vendor_redhat5.3MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
crypto/tls: go crypto/tls ALPN negotiation error contains attacker controlled information
vendor_redhat·2025-10-29·CVSS 5.3
CVE-2025-58189 [MEDIUM] CWE-117 crypto/tls: go crypto/tls ALPN negotiation error contains attacker controlled information
crypto/tls: go crypto/tls ALPN negotiation error contains attacker controlled information
When Conn.Handshake fails during ALPN negotiation the error contains attacker controlled information (the ALPN protocols sent by the client) which is not escaped.
The crypto/tls conn.Handshake method returns an error on the server-side when ALPN negotation fails which can contain arbitrary attacker controlled information provided by the client-side of the connection which is not escaped. This affects programs which log these errors without any additional form of sanitization, and may allow injection of attacker controlled information into logs.
Mitigation: Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprisin
Microsoft
ALPN negotiation error contains attacker controlled information in crypto/tls
vendor_msrc·2025-10-14·CVSS 7.5
CVE-2025-58189 [MEDIUM] ALPN negotiation error contains attacker controlled information in crypto/tls
ALPN negotiation error contains attacker controlled information in crypto/tls
FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?
One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See this blog post for more information. If impact to additional products is identified, we will update the CVE to reflect this.
Mariner: Mariner
Go: Go
Customer Action Required: Yes
Debian
CVE-2025-58189: golang-1.15 - When Conn.Handshake fails during ALPN negotiation the error contains attacker co...
vendor_debian·2025·CVSS 5.3
CVE-2025-58189 [MEDIUM] CVE-2025-58189: golang-1.15 - When Conn.Handshake fails during ALPN negotiation the error contains attacker co...
When Conn.Handshake fails during ALPN negotiation the error contains attacker controlled information (the ALPN protocols sent by the client) which is not escaped.
Scope: local
bullseye: open
GHSA
GHSA-cxq7-xw9v-rcv3: When Conn
ghsa_unreviewed·2025-10-30
CVE-2025-58189 [MEDIUM] CWE-532 GHSA-cxq7-xw9v-rcv3: When Conn
When Conn.Handshake fails during ALPN negotiation the error contains attacker controlled information (the ALPN protocols sent by the client) which is not escaped.
OSV
CVE-2025-58189: When Conn
osv·2025-10-29·CVSS 5.3
CVE-2025-58189 [MEDIUM] CVE-2025-58189: When Conn
When Conn.Handshake fails during ALPN negotiation the error contains attacker controlled information (the ALPN protocols sent by the client) which is not escaped.
OSV
ALPN negotiation error contains attacker controlled information in crypto/tls
osv·2025-10-29
CVE-2025-58189 ALPN negotiation error contains attacker controlled information in crypto/tls
ALPN negotiation error contains attacker controlled information in crypto/tls
When Conn.Handshake fails during ALPN negotiation the error contains attacker controlled information (the ALPN protocols sent by the client) which is not escaped.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2025-58189 caddy: go crypto/tls ALPN negotiation error contains attacker controlled information [epel-10]
bugzilla·2026-06-12·CVSS 5.3
CVE-2025-58189 [MEDIUM] CVE-2025-58189 caddy: go crypto/tls ALPN negotiation error contains attacker controlled information [epel-10]
CVE-2025-58189 caddy: go crypto/tls ALPN negotiation error contains attacker controlled information [epel-10]
+++ This bug was initially created as a clone of Bug #2407525 +++
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Bugzilla
CVE-2025-58189 caddy: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-43]
bugzilla·2026-06-12·CVSS 5.3
CVE-2025-58189 [MEDIUM] CVE-2025-58189 caddy: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-43]
CVE-2025-58189 caddy: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-43]
+++ This bug was initially created as a clone of Bug #2407525 +++
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Bugzilla
CVE-2025-58189 golang-x-tools: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
bugzilla·2025-10-30·CVSS 5.3
CVE-2025-58189 [MEDIUM] CVE-2025-58189 golang-x-tools: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
CVE-2025-58189 golang-x-tools: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is
Bugzilla
CVE-2025-58189 golang-x-exp: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
bugzilla·2025-10-30·CVSS 5.3
CVE-2025-58189 [MEDIUM] CVE-2025-58189 golang-x-exp: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
CVE-2025-58189 golang-x-exp: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fe
Bugzilla
CVE-2025-58189 netdata: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
bugzilla·2025-10-30·CVSS 5.3
CVE-2025-58189 [MEDIUM] CVE-2025-58189 netdata: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
CVE-2025-58189 netdata: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora'
Bugzilla
CVE-2025-58189 golang-github-hashicorp-msgpack: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
bugzilla·2025-10-30·CVSS 5.3
CVE-2025-58189 [MEDIUM] CVE-2025-58189 golang-github-hashicorp-msgpack: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
CVE-2025-58189 golang-github-hashicorp-msgpack: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2
Bugzilla
CVE-2025-58189 golang-github-aws-lambda: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
bugzilla·2025-10-30·CVSS 5.3
CVE-2025-58189 [MEDIUM] CVE-2025-58189 golang-github-aws-lambda: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
CVE-2025-58189 golang-github-aws-lambda: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-
Bugzilla
CVE-2025-58189 golang-google-appengine: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
bugzilla·2025-10-30·CVSS 5.3
CVE-2025-58189 [MEDIUM] CVE-2025-58189 golang-google-appengine: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
CVE-2025-58189 golang-google-appengine: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-1
Bugzilla
CVE-2025-58189 glow: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-43]
bugzilla·2025-10-30·CVSS 5.3
CVE-2025-58189 [MEDIUM] CVE-2025-58189 glow: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-43]
CVE-2025-58189 glow: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-43]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
FEDORA-2026-6d67b00ef1 (glow-2.1.2-1.fc43) has been submitted as an update to Fedora 43.
https://bodhi.fedoraproject.org/updates/FEDORA-2026-6d67b00ef1
Bugzilla
CVE-2025-58189 suseconnect-ng: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
bugzilla·2025-10-30·CVSS 5.3
CVE-2025-58189 [MEDIUM] CVE-2025-58189 suseconnect-ng: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
CVE-2025-58189 suseconnect-ng: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is
Bugzilla
CVE-2025-58189 caddy: go crypto/tls ALPN negotiation error contains attacker controlled information [epel-9]
bugzilla·2025-10-30·CVSS 5.3
CVE-2025-58189 [MEDIUM] CVE-2025-58189 caddy: go crypto/tls ALPN negotiation error contains attacker controlled information [epel-9]
CVE-2025-58189 caddy: go crypto/tls ALPN negotiation error contains attacker controlled information [epel-9]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Bugzilla
CVE-2025-58189 golang-github-hexdigest-gowrap: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
bugzilla·2025-10-30·CVSS 5.3
CVE-2025-58189 [MEDIUM] CVE-2025-58189 golang-github-hexdigest-gowrap: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
CVE-2025-58189 golang-github-hexdigest-gowrap: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 20
Bugzilla
CVE-2025-58189 golang-github-google-pprof: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
bugzilla·2025-10-30·CVSS 5.3
CVE-2025-58189 [MEDIUM] CVE-2025-58189 golang-github-google-pprof: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
CVE-2025-58189 golang-github-google-pprof: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-0
Bugzilla
CVE-2025-58189 smtprelay: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
bugzilla·2025-10-30·CVSS 5.3
CVE-2025-58189 [MEDIUM] CVE-2025-58189 smtprelay: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
CVE-2025-58189 smtprelay: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedor
Bugzilla
CVE-2025-58189 gobuster: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
bugzilla·2025-10-30·CVSS 5.3
CVE-2025-58189 [MEDIUM] CVE-2025-58189 gobuster: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
CVE-2025-58189 gobuster: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora
Bugzilla
CVE-2025-58189 golang-github-pelletier-toml: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
bugzilla·2025-10-30·CVSS 5.3
CVE-2025-58189 [MEDIUM] CVE-2025-58189 golang-github-pelletier-toml: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
CVE-2025-58189 golang-github-pelletier-toml: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026
Bugzilla
CVE-2025-58189 anubis: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
bugzilla·2025-10-30·CVSS 5.3
CVE-2025-58189 [MEDIUM] CVE-2025-58189 anubis: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
CVE-2025-58189 anubis: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's
Bugzilla
CVE-2025-58189 butane: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
bugzilla·2025-10-30·CVSS 5.3
CVE-2025-58189 [MEDIUM] CVE-2025-58189 butane: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
CVE-2025-58189 butane: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's
Bugzilla
CVE-2025-58189 podman: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-43]
bugzilla·2025-10-30·CVSS 5.3
CVE-2025-58189 [MEDIUM] CVE-2025-58189 podman: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-43]
CVE-2025-58189 podman: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-43]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Bugzilla
CVE-2025-58189 caddy: go crypto/tls ALPN negotiation error contains attacker controlled information [epel-8]
bugzilla·2025-10-30·CVSS 5.3
CVE-2025-58189 [MEDIUM] CVE-2025-58189 caddy: go crypto/tls ALPN negotiation error contains attacker controlled information [epel-8]
CVE-2025-58189 caddy: go crypto/tls ALPN negotiation error contains attacker controlled information [epel-8]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Bugzilla
CVE-2025-58189 golang-github-projectdiscovery-chaos-client: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
bugzilla·2025-10-30·CVSS 5.3
CVE-2025-58189 [MEDIUM] CVE-2025-58189 golang-github-projectdiscovery-chaos-client: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
CVE-2025-58189 golang-github-projectdiscovery-chaos-client: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora L
Bugzilla
CVE-2025-58189 golang-etcd-bbolt: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
bugzilla·2025-10-30·CVSS 5.3
CVE-2025-58189 [MEDIUM] CVE-2025-58189 golang-etcd-bbolt: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
CVE-2025-58189 golang-etcd-bbolt: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It
Bugzilla
CVE-2025-58189 golang-github-path-network-mmproxy: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
bugzilla·2025-10-30·CVSS 5.3
CVE-2025-58189 [MEDIUM] CVE-2025-58189 golang-github-path-network-mmproxy: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
CVE-2025-58189 golang-github-path-network-mmproxy: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 o
Bugzilla
CVE-2025-58189 helm: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
bugzilla·2025-10-30·CVSS 5.3
CVE-2025-58189 [MEDIUM] CVE-2025-58189 helm: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
CVE-2025-58189 helm: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's p
Bugzilla
CVE-2025-58189 transifex-client: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
bugzilla·2025-10-30·CVSS 5.3
CVE-2025-58189 [MEDIUM] CVE-2025-58189 transifex-client: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
CVE-2025-58189 transifex-client: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It i
Bugzilla
CVE-2025-58189 docker-distribution: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
bugzilla·2025-10-30·CVSS 5.3
CVE-2025-58189 [MEDIUM] CVE-2025-58189 docker-distribution: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
CVE-2025-58189 docker-distribution: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
golang v1.25.8 or newer in Fedora
Bugzilla
CVE-2025-58189 golang-github-rootless-containers-rootlesskit: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
bugzilla·2025-10-30·CVSS 5.3
CVE-2025-58189 [MEDIUM] CVE-2025-58189 golang-github-rootless-containers-rootlesskit: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
CVE-2025-58189 golang-github-rootless-containers-rootlesskit: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora
Bugzilla
CVE-2025-58189 golang-sigs-k8s-aws-iam-authenticator: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
bugzilla·2025-10-30·CVSS 5.3
CVE-2025-58189 [MEDIUM] CVE-2025-58189 golang-sigs-k8s-aws-iam-authenticator: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
CVE-2025-58189 golang-sigs-k8s-aws-iam-authenticator: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 4
Bugzilla
CVE-2025-58189 golang-github-task: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
bugzilla·2025-10-30·CVSS 5.3
CVE-2025-58189 [MEDIUM] CVE-2025-58189 golang-github-task: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
CVE-2025-58189 golang-github-task: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It
Bugzilla
CVE-2025-58189 golang-github-chromedp: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
bugzilla·2025-10-30·CVSS 5.3
CVE-2025-58189 [MEDIUM] CVE-2025-58189 golang-github-chromedp: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
CVE-2025-58189 golang-github-chromedp: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13
Bugzilla
CVE-2025-58189 cri-o: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
bugzilla·2025-10-30·CVSS 5.3
CVE-2025-58189 [MEDIUM] CVE-2025-58189 cri-o: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
CVE-2025-58189 cri-o: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's
Bugzilla
CVE-2025-58189 golang-github-pact-foundation: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
bugzilla·2025-10-30·CVSS 5.3
CVE-2025-58189 [MEDIUM] CVE-2025-58189 golang-github-pact-foundation: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
CVE-2025-58189 golang-github-pact-foundation: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 202
Bugzilla
CVE-2025-58189 golang-github-haproxytech-dataplaneapi: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
bugzilla·2025-10-30·CVSS 5.3
CVE-2025-58189 [MEDIUM] CVE-2025-58189 golang-github-haproxytech-dataplaneapi: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
CVE-2025-58189 golang-github-haproxytech-dataplaneapi: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux
Bugzilla
CVE-2025-58189 golang-github-distribution-3: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
bugzilla·2025-10-30·CVSS 5.3
CVE-2025-58189 [MEDIUM] CVE-2025-58189 golang-github-distribution-3: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
CVE-2025-58189 golang-github-distribution-3: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026
Bugzilla
CVE-2025-58189 golang-ariga-atlas: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
bugzilla·2025-10-30·CVSS 5.3
CVE-2025-58189 [MEDIUM] CVE-2025-58189 golang-ariga-atlas: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
CVE-2025-58189 golang-ariga-atlas: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It
Bugzilla
CVE-2025-58189 image-builder: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
bugzilla·2025-10-30·CVSS 5.3
CVE-2025-58189 [MEDIUM] CVE-2025-58189 image-builder: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
CVE-2025-58189 image-builder: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is F
Bugzilla
CVE-2025-58189 htmltest: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
bugzilla·2025-10-30·CVSS 5.3
CVE-2025-58189 [MEDIUM] CVE-2025-58189 htmltest: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
CVE-2025-58189 htmltest: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora
Bugzilla
CVE-2025-58189 golang-github-containerd-fuse-overlayfs-snapshotter: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
bugzilla·2025-10-30·CVSS 5.3
CVE-2025-58189 [MEDIUM] CVE-2025-58189 golang-github-containerd-fuse-overlayfs-snapshotter: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
CVE-2025-58189 golang-github-containerd-fuse-overlayfs-snapshotter: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for
Bugzilla
CVE-2025-58189 cri-o1.30: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
bugzilla·2025-10-30·CVSS 5.3
CVE-2025-58189 [MEDIUM] CVE-2025-58189 cri-o1.30: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
CVE-2025-58189 cri-o1.30: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedor
Bugzilla
CVE-2025-58189 cri-tools1.29: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
bugzilla·2025-10-30·CVSS 5.3
CVE-2025-58189 [MEDIUM] CVE-2025-58189 cri-tools1.29: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
CVE-2025-58189 cri-tools1.29: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is F
Bugzilla
CVE-2025-58189 golang-github-temoto-robotstxt: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
bugzilla·2025-10-30·CVSS 5.3
CVE-2025-58189 [MEDIUM] CVE-2025-58189 golang-github-temoto-robotstxt: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
CVE-2025-58189 golang-github-temoto-robotstxt: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 20
Bugzilla
CVE-2025-58189 golang-github-eclipse-paho-mqtt: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
bugzilla·2025-10-30·CVSS 5.3
CVE-2025-58189 [MEDIUM] CVE-2025-58189 golang-github-eclipse-paho-mqtt: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
CVE-2025-58189 golang-github-eclipse-paho-mqtt: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2
Bugzilla
CVE-2025-58189 golang-github-cloudflare-redoctober: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
bugzilla·2025-10-30·CVSS 5.3
CVE-2025-58189 [MEDIUM] CVE-2025-58189 golang-github-cloudflare-redoctober: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
CVE-2025-58189 golang-github-cloudflare-redoctober: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42
Bugzilla
CVE-2025-58189 golang-x-mobile: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
bugzilla·2025-10-30·CVSS 5.3
CVE-2025-58189 [MEDIUM] CVE-2025-58189 golang-x-mobile: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
CVE-2025-58189 golang-x-mobile: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is
Bugzilla
CVE-2025-58189 forgejo: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
bugzilla·2025-10-30·CVSS 5.3
CVE-2025-58189 [MEDIUM] CVE-2025-58189 forgejo: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
CVE-2025-58189 forgejo: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora'
Bugzilla
CVE-2025-58189 mlpack: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
bugzilla·2025-10-30·CVSS 5.3
CVE-2025-58189 [MEDIUM] CVE-2025-58189 mlpack: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
CVE-2025-58189 mlpack: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
I have literally no idea what the actual bug being reported here or what the intended action is. mlpack does have Go bindings but they have nothing to do with TLS.
---
This
Bugzilla
CVE-2025-58189 golang-github-uber-athenadriver: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
bugzilla·2025-10-30·CVSS 5.3
CVE-2025-58189 [MEDIUM] CVE-2025-58189 golang-github-uber-athenadriver: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
CVE-2025-58189 golang-github-uber-athenadriver: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2
Bugzilla
CVE-2025-58189 reg: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
bugzilla·2025-10-30·CVSS 5.3
CVE-2025-58189 [MEDIUM] CVE-2025-58189 reg: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
CVE-2025-58189 reg: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's po
Bugzilla
CVE-2025-58189 golang-github-pgaskin-koboutils: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
bugzilla·2025-10-30·CVSS 5.3
CVE-2025-58189 [MEDIUM] CVE-2025-58189 golang-github-pgaskin-koboutils: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
CVE-2025-58189 golang-github-pgaskin-koboutils: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2
Bugzilla
CVE-2025-58189 golang-github-erkexzcx-valetudopng: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
bugzilla·2025-10-30·CVSS 5.3
CVE-2025-58189 [MEDIUM] CVE-2025-58189 golang-github-erkexzcx-valetudopng: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
CVE-2025-58189 golang-github-erkexzcx-valetudopng: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 o
Bugzilla
CVE-2025-58189 golang-github-vmware-govmomi: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
bugzilla·2025-10-30·CVSS 5.3
CVE-2025-58189 [MEDIUM] CVE-2025-58189 golang-github-vmware-govmomi: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
CVE-2025-58189 golang-github-vmware-govmomi: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026
Bugzilla
CVE-2025-58189 gphotosdl: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
bugzilla·2025-10-30·CVSS 5.3
CVE-2025-58189 [MEDIUM] CVE-2025-58189 gphotosdl: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
CVE-2025-58189 gphotosdl: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedor
Bugzilla
CVE-2025-58189 golang-mongodb-mongo-driver: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
bugzilla·2025-10-30·CVSS 5.3
CVE-2025-58189 [MEDIUM] CVE-2025-58189 golang-mongodb-mongo-driver: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
CVE-2025-58189 golang-mongodb-mongo-driver: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-
Bugzilla
CVE-2025-58189 golang-k8s-sample-controller: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
bugzilla·2025-10-30·CVSS 5.3
CVE-2025-58189 [MEDIUM] CVE-2025-58189 golang-k8s-sample-controller: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
CVE-2025-58189 golang-k8s-sample-controller: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026
Bugzilla
CVE-2025-58189 startdde: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
bugzilla·2025-10-30·CVSS 5.3
CVE-2025-58189 [MEDIUM] CVE-2025-58189 startdde: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
CVE-2025-58189 startdde: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora
Bugzilla
CVE-2025-58189 geoipupdate: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
bugzilla·2025-10-30·CVSS 5.3
CVE-2025-58189 [MEDIUM] CVE-2025-58189 geoipupdate: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
CVE-2025-58189 geoipupdate: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fed
Bugzilla
CVE-2025-58189 golang-x-text: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
bugzilla·2025-10-30·CVSS 5.3
CVE-2025-58189 [MEDIUM] CVE-2025-58189 golang-x-text: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
CVE-2025-58189 golang-x-text: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is F
Bugzilla
CVE-2025-58189 cri-tools1.34: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
bugzilla·2025-10-30·CVSS 5.3
CVE-2025-58189 [MEDIUM] CVE-2025-58189 cri-tools1.34: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
CVE-2025-58189 cri-tools1.34: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is F
Bugzilla
CVE-2025-58189 golang-github-francoispqt-gojay: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
bugzilla·2025-10-30·CVSS 5.3
CVE-2025-58189 [MEDIUM] CVE-2025-58189 golang-github-francoispqt-gojay: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
CVE-2025-58189 golang-github-francoispqt-gojay: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2
Bugzilla
CVE-2025-58189 golang-k8s-code-generator: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
bugzilla·2025-10-30·CVSS 5.3
CVE-2025-58189 [MEDIUM] CVE-2025-58189 golang-k8s-code-generator: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
CVE-2025-58189 golang-k8s-code-generator: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05
Bugzilla
CVE-2025-58189 golang-github-gobwas-ws: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
bugzilla·2025-10-30·CVSS 5.3
CVE-2025-58189 [MEDIUM] CVE-2025-58189 golang-github-gobwas-ws: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
CVE-2025-58189 golang-github-gobwas-ws: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-1
Bugzilla
CVE-2025-58189 golang-github-google-martian: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
bugzilla·2025-10-30·CVSS 5.3
CVE-2025-58189 [MEDIUM] CVE-2025-58189 golang-github-google-martian: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
CVE-2025-58189 golang-github-google-martian: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026
Bugzilla
CVE-2025-58189 golang-k8s-kube-aggregator: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
bugzilla·2025-10-30·CVSS 5.3
CVE-2025-58189 [MEDIUM] CVE-2025-58189 golang-k8s-kube-aggregator: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
CVE-2025-58189 golang-k8s-kube-aggregator: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-0
Bugzilla
CVE-2025-58189 trivy: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-43]
bugzilla·2025-10-30·CVSS 5.3
CVE-2025-58189 [MEDIUM] CVE-2025-58189 trivy: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-43]
CVE-2025-58189 trivy: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-43]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
FEDORA-2026-868e266938 (trivy-0.69.3-1.fc43) has been submitted as an update to Fedora 43.
https://bodhi.fedoraproject.org/updates/FEDORA-2026-868e266938
---
FEDORA-2026-868
Bugzilla
CVE-2025-58189 kubernetes1.29: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
bugzilla·2025-10-30·CVSS 5.3
CVE-2025-58189 [MEDIUM] CVE-2025-58189 kubernetes1.29: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
CVE-2025-58189 kubernetes1.29: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is
Bugzilla
CVE-2025-58189 cri-tools1.30: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
bugzilla·2025-10-30·CVSS 5.3
CVE-2025-58189 [MEDIUM] CVE-2025-58189 cri-tools1.30: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
CVE-2025-58189 cri-tools1.30: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is F
Bugzilla
CVE-2025-58189 chisel: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
bugzilla·2025-10-30·CVSS 5.3
CVE-2025-58189 [MEDIUM] CVE-2025-58189 chisel: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
CVE-2025-58189 chisel: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's
Bugzilla
CVE-2025-58189 golang-github-instrumenta-kubeval: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
bugzilla·2025-10-30·CVSS 5.3
CVE-2025-58189 [MEDIUM] CVE-2025-58189 golang-github-instrumenta-kubeval: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
CVE-2025-58189 golang-github-instrumenta-kubeval: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on
Bugzilla
CVE-2025-58189 glow: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
bugzilla·2025-10-30·CVSS 5.3
CVE-2025-58189 [MEDIUM] CVE-2025-58189 glow: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
CVE-2025-58189 glow: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
FEDORA-2026-9d0e7df23a (glow-2.1.2-1.fc42) has been submitted as an update to Fedora 42.
https://bodhi.fedoraproject.org/updates/FEDORA-2026-9d0e7df23a
Bugzilla
CVE-2025-58189 golang-github-envoyproxy-protoc-gen-validate: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
bugzilla·2025-10-30·CVSS 5.3
CVE-2025-58189 [MEDIUM] CVE-2025-58189 golang-github-envoyproxy-protoc-gen-validate: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
CVE-2025-58189 golang-github-envoyproxy-protoc-gen-validate: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora
Bugzilla
CVE-2025-58189 golang-github-rakyll-statik: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
bugzilla·2025-10-30·CVSS 5.3
CVE-2025-58189 [MEDIUM] CVE-2025-58189 golang-github-rakyll-statik: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
CVE-2025-58189 golang-github-rakyll-statik: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-
Bugzilla
CVE-2025-58189 matterbridge: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
bugzilla·2025-10-30·CVSS 5.3
CVE-2025-58189 [MEDIUM] CVE-2025-58189 matterbridge: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
CVE-2025-58189 matterbridge: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fe
Bugzilla
CVE-2025-58189 golang-github-tenox7-wrp: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
bugzilla·2025-10-30·CVSS 5.3
CVE-2025-58189 [MEDIUM] CVE-2025-58189 golang-github-tenox7-wrp: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
CVE-2025-58189 golang-github-tenox7-wrp: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-
Bugzilla
CVE-2025-58189 golang-github-grpc-ecosystem-gateway: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
bugzilla·2025-10-30·CVSS 5.3
CVE-2025-58189 [MEDIUM] CVE-2025-58189 golang-github-grpc-ecosystem-gateway: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
CVE-2025-58189 golang-github-grpc-ecosystem-gateway: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42
Bugzilla
CVE-2025-58189 golang-github-facebookincubator-contest: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
bugzilla·2025-10-30·CVSS 5.3
CVE-2025-58189 [MEDIUM] CVE-2025-58189 golang-github-facebookincubator-contest: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
CVE-2025-58189 golang-github-facebookincubator-contest: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux
Bugzilla
CVE-2025-58189 ignition: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
bugzilla·2025-10-30·CVSS 5.3
CVE-2025-58189 [MEDIUM] CVE-2025-58189 ignition: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
CVE-2025-58189 ignition: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora
Bugzilla
CVE-2025-58189 yubihsm-connector: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
bugzilla·2025-10-30·CVSS 5.3
CVE-2025-58189 [MEDIUM] CVE-2025-58189 yubihsm-connector: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
CVE-2025-58189 yubihsm-connector: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It
Bugzilla
CVE-2025-58189 golang-github-emersion-smtp: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
bugzilla·2025-10-30·CVSS 5.3
CVE-2025-58189 [MEDIUM] CVE-2025-58189 golang-github-emersion-smtp: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
CVE-2025-58189 golang-github-emersion-smtp: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-
Bugzilla
CVE-2025-58189 golang-github-rogpeppe-internal: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
bugzilla·2025-10-30·CVSS 5.3
CVE-2025-58189 [MEDIUM] CVE-2025-58189 golang-github-rogpeppe-internal: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
CVE-2025-58189 golang-github-rogpeppe-internal: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2
Bugzilla
CVE-2025-58189 osbuild-composer: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
bugzilla·2025-10-30·CVSS 5.3
CVE-2025-58189 [MEDIUM] CVE-2025-58189 osbuild-composer: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
CVE-2025-58189 osbuild-composer: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It i
Bugzilla
CVE-2025-58189 golang-entgo-ent: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
bugzilla·2025-10-30·CVSS 5.3
CVE-2025-58189 [MEDIUM] CVE-2025-58189 golang-entgo-ent: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
CVE-2025-58189 golang-entgo-ent: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It i
Bugzilla
CVE-2025-58189 golang-github-google-dap: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
bugzilla·2025-10-30·CVSS 5.3
CVE-2025-58189 [MEDIUM] CVE-2025-58189 golang-github-google-dap: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
CVE-2025-58189 golang-github-google-dap: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-
Bugzilla
CVE-2025-58189 etcd: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
bugzilla·2025-10-30·CVSS 5.3
CVE-2025-58189 [MEDIUM] CVE-2025-58189 etcd: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
CVE-2025-58189 etcd: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's p
Bugzilla
CVE-2025-58189 deepin-daemon: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
bugzilla·2025-10-30·CVSS 5.3
CVE-2025-58189 [MEDIUM] CVE-2025-58189 deepin-daemon: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
CVE-2025-58189 deepin-daemon: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is F
Bugzilla
CVE-2025-58189 git-credential-oauth: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
bugzilla·2025-10-30·CVSS 5.3
CVE-2025-58189 [MEDIUM] CVE-2025-58189 git-credential-oauth: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
CVE-2025-58189 git-credential-oauth: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
Bugzilla
CVE-2025-58189 golang-github-markbates-pkger: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
bugzilla·2025-10-30·CVSS 5.3
CVE-2025-58189 [MEDIUM] CVE-2025-58189 golang-github-markbates-pkger: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
CVE-2025-58189 golang-github-markbates-pkger: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 202
Bugzilla
CVE-2025-58189 golang-github-jsonnet-bundler: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
bugzilla·2025-10-30·CVSS 5.3
CVE-2025-58189 [MEDIUM] CVE-2025-58189 golang-github-jsonnet-bundler: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
CVE-2025-58189 golang-github-jsonnet-bundler: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 202
Bugzilla
CVE-2025-58189 golang-github-opencontainers-runtime-tools: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
bugzilla·2025-10-30·CVSS 5.3
CVE-2025-58189 [MEDIUM] CVE-2025-58189 golang-github-opencontainers-runtime-tools: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
CVE-2025-58189 golang-github-opencontainers-runtime-tools: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Li
Bugzilla
CVE-2025-58189 golang-github-geertjohan-rice: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
bugzilla·2025-10-30·CVSS 5.3
CVE-2025-58189 [MEDIUM] CVE-2025-58189 golang-github-geertjohan-rice: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
CVE-2025-58189 golang-github-geertjohan-rice: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 202
Bugzilla
CVE-2025-58189 golang-github-spyzhov-ajson: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
bugzilla·2025-10-30·CVSS 5.3
CVE-2025-58189 [MEDIUM] CVE-2025-58189 golang-github-spyzhov-ajson: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
CVE-2025-58189 golang-github-spyzhov-ajson: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-
Bugzilla
CVE-2025-58189 golang-github-facebookincubator-dhcplb: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
bugzilla·2025-10-30·CVSS 5.3
CVE-2025-58189 [MEDIUM] CVE-2025-58189 golang-github-facebookincubator-dhcplb: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
CVE-2025-58189 golang-github-facebookincubator-dhcplb: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux
Bugzilla
CVE-2025-58189 stargz-snapshotter: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
bugzilla·2025-10-30·CVSS 5.3
CVE-2025-58189 [MEDIUM] CVE-2025-58189 stargz-snapshotter: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
CVE-2025-58189 stargz-snapshotter: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It
Bugzilla
CVE-2025-58189 gmailctl: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
bugzilla·2025-10-30·CVSS 5.3
CVE-2025-58189 [MEDIUM] CVE-2025-58189 gmailctl: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
CVE-2025-58189 gmailctl: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora
Bugzilla
CVE-2025-58189 deepin-pw-check: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
bugzilla·2025-10-30·CVSS 5.3
CVE-2025-58189 [MEDIUM] CVE-2025-58189 deepin-pw-check: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
CVE-2025-58189 deepin-pw-check: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is
Bugzilla
CVE-2025-58189 golang-github-moby-buildkit: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
bugzilla·2025-10-30·CVSS 5.3
CVE-2025-58189 [MEDIUM] CVE-2025-58189 golang-github-moby-buildkit: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
CVE-2025-58189 golang-github-moby-buildkit: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-
Bugzilla
CVE-2025-58189 kappanhang: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
bugzilla·2025-10-30·CVSS 5.3
CVE-2025-58189 [MEDIUM] CVE-2025-58189 kappanhang: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
CVE-2025-58189 kappanhang: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedo
Bugzilla
CVE-2025-58189 deepin-api: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
bugzilla·2025-10-30·CVSS 5.3
CVE-2025-58189 [MEDIUM] CVE-2025-58189 deepin-api: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
CVE-2025-58189 deepin-api: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedo
Bugzilla
CVE-2025-58189 fluent-bit: go crypto/tls ALPN negotiation error contains attacker controlled information [epel-10]
bugzilla·2025-10-30·CVSS 5.3
CVE-2025-58189 [MEDIUM] CVE-2025-58189 fluent-bit: go crypto/tls ALPN negotiation error contains attacker controlled information [epel-10]
CVE-2025-58189 fluent-bit: go crypto/tls ALPN negotiation error contains attacker controlled information [epel-10]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This package has changed maintainer in Fedora. Reassigning to the new maintainer of this component.
Bugzilla
CVE-2025-58189 golang-github-theoapp-theo-agent: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
bugzilla·2025-10-30·CVSS 5.3
CVE-2025-58189 [MEDIUM] CVE-2025-58189 golang-github-theoapp-theo-agent: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
CVE-2025-58189 golang-github-theoapp-theo-agent: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on
Bugzilla
CVE-2025-58189 golang-github-cpu-goacmedns: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
bugzilla·2025-10-30·CVSS 5.3
CVE-2025-58189 [MEDIUM] CVE-2025-58189 golang-github-cpu-goacmedns: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
CVE-2025-58189 golang-github-cpu-goacmedns: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-
Bugzilla
CVE-2025-58189 golang-github-grpc-ecosystem-gateway-2: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
bugzilla·2025-10-30·CVSS 5.3
CVE-2025-58189 [MEDIUM] CVE-2025-58189 golang-github-grpc-ecosystem-gateway-2: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
CVE-2025-58189 golang-github-grpc-ecosystem-gateway-2: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux
Bugzilla
CVE-2025-58189 golang-github-googleapis-gnostic: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
bugzilla·2025-10-30·CVSS 5.3
CVE-2025-58189 [MEDIUM] CVE-2025-58189 golang-github-googleapis-gnostic: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
CVE-2025-58189 golang-github-googleapis-gnostic: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on
Bugzilla
CVE-2025-58189 kata-containers: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
bugzilla·2025-10-30·CVSS 5.3
CVE-2025-58189 [MEDIUM] CVE-2025-58189 kata-containers: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
CVE-2025-58189 kata-containers: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is
Bugzilla
CVE-2025-58189 miller: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
bugzilla·2025-10-30·CVSS 5.3
CVE-2025-58189 [MEDIUM] CVE-2025-58189 miller: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
CVE-2025-58189 miller: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's
Bugzilla
CVE-2025-58189 yggdrasil: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
bugzilla·2025-10-30·CVSS 5.3
CVE-2025-58189 [MEDIUM] CVE-2025-58189 yggdrasil: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
CVE-2025-58189 yggdrasil: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedor
Bugzilla
CVE-2025-58189 golang-github-haproxytech-client-native: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
bugzilla·2025-10-30·CVSS 5.3
CVE-2025-58189 [MEDIUM] CVE-2025-58189 golang-github-haproxytech-client-native: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
CVE-2025-58189 golang-github-haproxytech-client-native: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux
Bugzilla
CVE-2025-58189 ollama: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
bugzilla·2025-10-30·CVSS 5.3
CVE-2025-58189 [MEDIUM] CVE-2025-58189 ollama: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
CVE-2025-58189 ollama: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's
Bugzilla
CVE-2025-58189 golang-uber-mock: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
bugzilla·2025-10-30·CVSS 5.3
CVE-2025-58189 [MEDIUM] CVE-2025-58189 golang-uber-mock: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
CVE-2025-58189 golang-uber-mock: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It i
Bugzilla
CVE-2025-58189 golang-github-kyokomi-emoji: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
bugzilla·2025-10-30·CVSS 5.3
CVE-2025-58189 [MEDIUM] CVE-2025-58189 golang-github-kyokomi-emoji: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
CVE-2025-58189 golang-github-kyokomi-emoji: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-
Bugzilla
CVE-2025-58189 go-fdo-client: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
bugzilla·2025-10-30·CVSS 5.3
CVE-2025-58189 [MEDIUM] CVE-2025-58189 go-fdo-client: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
CVE-2025-58189 go-fdo-client: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is F
Bugzilla
CVE-2025-58189 golang-github-tdewolff-minify: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
bugzilla·2025-10-30·CVSS 5.3
CVE-2025-58189 [MEDIUM] CVE-2025-58189 golang-github-tdewolff-minify: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
CVE-2025-58189 golang-github-tdewolff-minify: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 202
Bugzilla
CVE-2025-58189 golang-github-hashicorp-serf: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
bugzilla·2025-10-30·CVSS 5.3
CVE-2025-58189 [MEDIUM] CVE-2025-58189 golang-github-hashicorp-serf: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
CVE-2025-58189 golang-github-hashicorp-serf: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026
Bugzilla
CVE-2025-58189 golang-oras: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
bugzilla·2025-10-30·CVSS 5.3
CVE-2025-58189 [MEDIUM] CVE-2025-58189 golang-oras: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
CVE-2025-58189 golang-oras: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fed
Bugzilla
CVE-2025-58189 clash-meta: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
bugzilla·2025-10-30·CVSS 5.3
CVE-2025-58189 [MEDIUM] CVE-2025-58189 clash-meta: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
CVE-2025-58189 clash-meta: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedo
Bugzilla
CVE-2025-58189 httpdump: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
bugzilla·2025-10-30·CVSS 5.3
CVE-2025-58189 [MEDIUM] CVE-2025-58189 httpdump: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
CVE-2025-58189 httpdump: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora
Bugzilla
CVE-2025-58189 golang-k8s-sample-apiserver: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
bugzilla·2025-10-30·CVSS 5.3
CVE-2025-58189 [MEDIUM] CVE-2025-58189 golang-k8s-sample-apiserver: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
CVE-2025-58189 golang-k8s-sample-apiserver: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-
Bugzilla
CVE-2025-58189 git-credential-azure: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
bugzilla·2025-10-30·CVSS 5.3
CVE-2025-58189 [MEDIUM] CVE-2025-58189 git-credential-azure: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
CVE-2025-58189 git-credential-azure: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
Bugzilla
CVE-2025-58189 golang-github-cockroachdb-pebble: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
bugzilla·2025-10-30·CVSS 5.3
CVE-2025-58189 [MEDIUM] CVE-2025-58189 golang-github-cockroachdb-pebble: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
CVE-2025-58189 golang-github-cockroachdb-pebble: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on
Bugzilla
CVE-2025-58189 shellz: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
bugzilla·2025-10-30·CVSS 5.3
CVE-2025-58189 [MEDIUM] CVE-2025-58189 shellz: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
CVE-2025-58189 shellz: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's
Bugzilla
CVE-2025-58189 golang-github-rubenv-sql-migrate: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
bugzilla·2025-10-30·CVSS 5.3
CVE-2025-58189 [MEDIUM] CVE-2025-58189 golang-github-rubenv-sql-migrate: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
CVE-2025-58189 golang-github-rubenv-sql-migrate: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on
Bugzilla
CVE-2025-58189 cri-o1.29: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
bugzilla·2025-10-30·CVSS 5.3
CVE-2025-58189 [MEDIUM] CVE-2025-58189 cri-o1.29: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
CVE-2025-58189 cri-o1.29: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedor
Bugzilla
CVE-2025-58189 syncthing: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
bugzilla·2025-10-30·CVSS 5.3
CVE-2025-58189 [MEDIUM] CVE-2025-58189 syncthing: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
CVE-2025-58189 syncthing: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedor
Bugzilla
CVE-2025-58189 nebula: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
bugzilla·2025-10-30·CVSS 5.3
CVE-2025-58189 [MEDIUM] CVE-2025-58189 nebula: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
CVE-2025-58189 nebula: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's
Bugzilla
CVE-2025-58189 grafana: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
bugzilla·2025-10-30·CVSS 5.3
CVE-2025-58189 [MEDIUM] CVE-2025-58189 grafana: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
CVE-2025-58189 grafana: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora'
Bugzilla
CVE-2025-58189 trayscale: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-43]
bugzilla·2025-10-30·CVSS 5.3
CVE-2025-58189 [MEDIUM] CVE-2025-58189 trayscale: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-43]
CVE-2025-58189 trayscale: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-43]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Bugzilla
CVE-2025-58189 aerc: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
bugzilla·2025-10-30·CVSS 5.3
CVE-2025-58189 [MEDIUM] CVE-2025-58189 aerc: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
CVE-2025-58189 aerc: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's p
Bugzilla
CVE-2025-58189 golang-github-facebookincubator-go2chef: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
bugzilla·2025-10-30·CVSS 5.3
CVE-2025-58189 [MEDIUM] CVE-2025-58189 golang-github-facebookincubator-go2chef: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
CVE-2025-58189 golang-github-facebookincubator-go2chef: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux
Bugzilla
CVE-2025-58189 golang-github-acme-lego: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
bugzilla·2025-10-30·CVSS 5.3
CVE-2025-58189 [MEDIUM] CVE-2025-58189 golang-github-acme-lego: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
CVE-2025-58189 golang-github-acme-lego: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-1
Bugzilla
CVE-2025-58189 exercism: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
bugzilla·2025-10-30·CVSS 5.3
CVE-2025-58189 [MEDIUM] CVE-2025-58189 exercism: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
CVE-2025-58189 exercism: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora
Bugzilla
CVE-2025-58189 golang-k8s-kube-openapi: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
bugzilla·2025-10-30·CVSS 5.3
CVE-2025-58189 [MEDIUM] CVE-2025-58189 golang-k8s-kube-openapi: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
CVE-2025-58189 golang-k8s-kube-openapi: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-1
Bugzilla
CVE-2025-58189 golang-github-letsencrypt-pebble: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
bugzilla·2025-10-30·CVSS 5.3
CVE-2025-58189 [MEDIUM] CVE-2025-58189 golang-github-letsencrypt-pebble: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
CVE-2025-58189 golang-github-letsencrypt-pebble: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on
Bugzilla
CVE-2025-58189 golang-github-zmap-zcertificate: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
bugzilla·2025-10-30·CVSS 5.3
CVE-2025-58189 [MEDIUM] CVE-2025-58189 golang-github-zmap-zcertificate: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
CVE-2025-58189 golang-github-zmap-zcertificate: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2
Bugzilla
CVE-2025-58189 trustee-guest-components: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
bugzilla·2025-10-30·CVSS 5.3
CVE-2025-58189 [MEDIUM] CVE-2025-58189 trustee-guest-components: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
CVE-2025-58189 trustee-guest-components: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-
Bugzilla
CVE-2025-58189 golang-github-mailru-easyjson: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
bugzilla·2025-10-30·CVSS 5.3
CVE-2025-58189 [MEDIUM] CVE-2025-58189 golang-github-mailru-easyjson: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
CVE-2025-58189 golang-github-mailru-easyjson: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 202
Bugzilla
CVE-2025-58189 qt5-qtwebengine: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
bugzilla·2025-10-30·CVSS 5.3
CVE-2025-58189 [MEDIUM] CVE-2025-58189 qt5-qtwebengine: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
CVE-2025-58189 qt5-qtwebengine: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is
Bugzilla
CVE-2025-58189 toxcore: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
bugzilla·2025-10-30·CVSS 5.3
CVE-2025-58189 [MEDIUM] CVE-2025-58189 toxcore: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
CVE-2025-58189 toxcore: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora'
Bugzilla
CVE-2025-58189 golang-etcd-bbolt: go crypto/tls ALPN negotiation error contains attacker controlled information [epel-10]
bugzilla·2025-10-30·CVSS 5.3
CVE-2025-58189 [MEDIUM] CVE-2025-58189 golang-etcd-bbolt: go crypto/tls ALPN negotiation error contains attacker controlled information [epel-10]
CVE-2025-58189 golang-etcd-bbolt: go crypto/tls ALPN negotiation error contains attacker controlled information [epel-10]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This package has changed maintainer in Fedora. Reassigning to the new maintainer of this component.
Bugzilla
CVE-2025-58189 grafana-pcp: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
bugzilla·2025-10-30·CVSS 5.3
CVE-2025-58189 [MEDIUM] CVE-2025-58189 grafana-pcp: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
CVE-2025-58189 grafana-pcp: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fed
Bugzilla
CVE-2025-58189 git-lfs: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
bugzilla·2025-10-30·CVSS 5.3
CVE-2025-58189 [MEDIUM] CVE-2025-58189 git-lfs: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
CVE-2025-58189 git-lfs: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora'
Bugzilla
CVE-2025-58189 hut: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
bugzilla·2025-10-30·CVSS 5.3
CVE-2025-58189 [MEDIUM] CVE-2025-58189 hut: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
CVE-2025-58189 hut: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's po
Bugzilla
CVE-2025-58189 golang-github-pdfcpu: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
bugzilla·2025-10-30·CVSS 5.3
CVE-2025-58189 [MEDIUM] CVE-2025-58189 golang-github-pdfcpu: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
CVE-2025-58189 golang-github-pdfcpu: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
Bugzilla
CVE-2025-58189 golang-x-vuln: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
bugzilla·2025-10-30·CVSS 5.3
CVE-2025-58189 [MEDIUM] CVE-2025-58189 golang-x-vuln: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
CVE-2025-58189 golang-x-vuln: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is F
Bugzilla
CVE-2025-58189 kubernetes1.30: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
bugzilla·2025-10-30·CVSS 5.3
CVE-2025-58189 [MEDIUM] CVE-2025-58189 kubernetes1.30: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
CVE-2025-58189 kubernetes1.30: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is
Bugzilla
CVE-2025-58189 golang-mvdan-xurls: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
bugzilla·2025-10-30·CVSS 5.3
CVE-2025-58189 [MEDIUM] CVE-2025-58189 golang-mvdan-xurls: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
CVE-2025-58189 golang-mvdan-xurls: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It
Bugzilla
CVE-2025-58189 golang-github-cloudflare: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
bugzilla·2025-10-30·CVSS 5.3
CVE-2025-58189 [MEDIUM] CVE-2025-58189 golang-github-cloudflare: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
CVE-2025-58189 golang-github-cloudflare: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-
Bugzilla
CVE-2025-58189 golang-github-aliyun-cli: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
bugzilla·2025-10-30·CVSS 5.3
CVE-2025-58189 [MEDIUM] CVE-2025-58189 golang-github-aliyun-cli: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
CVE-2025-58189 golang-github-aliyun-cli: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-
Bugzilla
CVE-2025-58189 golang-github-cucumber-godog: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
bugzilla·2025-10-30·CVSS 5.3
CVE-2025-58189 [MEDIUM] CVE-2025-58189 golang-github-cucumber-godog: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
CVE-2025-58189 golang-github-cucumber-godog: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026
Bugzilla
CVE-2025-58189 golang-github-liamg-scout: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
bugzilla·2025-10-30·CVSS 5.3
CVE-2025-58189 [MEDIUM] CVE-2025-58189 golang-github-liamg-scout: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
CVE-2025-58189 golang-github-liamg-scout: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05
Bugzilla
CVE-2025-58189 golang-github-deepmap-oapi-codegen: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
bugzilla·2025-10-30·CVSS 5.3
CVE-2025-58189 [MEDIUM] CVE-2025-58189 golang-github-deepmap-oapi-codegen: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
CVE-2025-58189 golang-github-deepmap-oapi-codegen: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 o
Bugzilla
CVE-2025-58189 tinygo: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
bugzilla·2025-10-30·CVSS 5.3
CVE-2025-58189 [MEDIUM] CVE-2025-58189 tinygo: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
CVE-2025-58189 tinygo: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's
Bugzilla
CVE-2025-58189 golang-github-nats-io-jwt-2: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
bugzilla·2025-10-30·CVSS 5.3
CVE-2025-58189 [MEDIUM] CVE-2025-58189 golang-github-nats-io-jwt-2: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
CVE-2025-58189 golang-github-nats-io-jwt-2: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-
Bugzilla
CVE-2025-58189 gvisor-tap-vsock: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
bugzilla·2025-10-30·CVSS 5.3
CVE-2025-58189 [MEDIUM] CVE-2025-58189 gvisor-tap-vsock: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
CVE-2025-58189 gvisor-tap-vsock: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
Will be fixed (if impacted) by rebuilding the package with a fixed go version https://pkg.go.dev/vuln/GO-2025-4008
---
This message is a reminder that Fedora Linu
Bugzilla
CVE-2025-58189 golang-github-valyala-fasthttp: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
bugzilla·2025-10-30·CVSS 5.3
CVE-2025-58189 [MEDIUM] CVE-2025-58189 golang-github-valyala-fasthttp: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
CVE-2025-58189 golang-github-valyala-fasthttp: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 20
Bugzilla
CVE-2025-58189 golang-k8s-pod-security-admission: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
bugzilla·2025-10-30·CVSS 5.3
CVE-2025-58189 [MEDIUM] CVE-2025-58189 golang-k8s-pod-security-admission: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
CVE-2025-58189 golang-k8s-pod-security-admission: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on
Bugzilla
CVE-2025-58189 golang-github-mock: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
bugzilla·2025-10-30·CVSS 5.3
CVE-2025-58189 [MEDIUM] CVE-2025-58189 golang-github-mock: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
CVE-2025-58189 golang-github-mock: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It
Bugzilla
CVE-2025-58189 cri-o1.31: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
bugzilla·2025-10-30·CVSS 5.3
CVE-2025-58189 [MEDIUM] CVE-2025-58189 cri-o1.31: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
CVE-2025-58189 cri-o1.31: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedor
Bugzilla
CVE-2025-58189 hut: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-43]
bugzilla·2025-10-30·CVSS 5.3
CVE-2025-58189 [MEDIUM] CVE-2025-58189 hut: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-43]
CVE-2025-58189 hut: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-43]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
FEDORA-2026-ed208f5337 (hut-0.8.0-1.fc44) has been submitted as an update to Fedora 44.
https://bodhi.fedoraproject.org/updates/FEDORA-2026-ed208f5337
---
FEDORA-2026-32113d48
Bugzilla
CVE-2025-58189 dnscrypt-proxy: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
bugzilla·2025-10-30·CVSS 5.3
CVE-2025-58189 [MEDIUM] CVE-2025-58189 dnscrypt-proxy: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
CVE-2025-58189 dnscrypt-proxy: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is
Bugzilla
CVE-2025-58189 gitjacker: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
bugzilla·2025-10-30·CVSS 5.3
CVE-2025-58189 [MEDIUM] CVE-2025-58189 gitjacker: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
CVE-2025-58189 gitjacker: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedor
Bugzilla
CVE-2025-58189 cheat: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
bugzilla·2025-10-30·CVSS 5.3
CVE-2025-58189 [MEDIUM] CVE-2025-58189 cheat: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
CVE-2025-58189 cheat: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's
Bugzilla
CVE-2025-58189 golang-github-bobesa-domain-util: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
bugzilla·2025-10-30·CVSS 5.3
CVE-2025-58189 [MEDIUM] CVE-2025-58189 golang-github-bobesa-domain-util: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
CVE-2025-58189 golang-github-bobesa-domain-util: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on
Bugzilla
CVE-2025-58189 gopls: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
bugzilla·2025-10-30·CVSS 5.3
CVE-2025-58189 [MEDIUM] CVE-2025-58189 gopls: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
CVE-2025-58189 gopls: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's
Bugzilla
CVE-2025-58189 golang-github-apache-beam-2: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
bugzilla·2025-10-30·CVSS 5.3
CVE-2025-58189 [MEDIUM] CVE-2025-58189 golang-github-apache-beam-2: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
CVE-2025-58189 golang-github-apache-beam-2: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-
Bugzilla
CVE-2025-58189 direnv: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
bugzilla·2025-10-30·CVSS 5.3
CVE-2025-58189 [MEDIUM] CVE-2025-58189 direnv: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
CVE-2025-58189 direnv: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's
Bugzilla
CVE-2025-58189 golang-github-nicksnyder-i18n-2: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
bugzilla·2025-10-30·CVSS 5.3
CVE-2025-58189 [MEDIUM] CVE-2025-58189 golang-github-nicksnyder-i18n-2: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
CVE-2025-58189 golang-github-nicksnyder-i18n-2: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2
Bugzilla
CVE-2025-58189 docker-distribution: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-43]
bugzilla·2025-10-30·CVSS 5.3
CVE-2025-58189 [MEDIUM] CVE-2025-58189 docker-distribution: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-43]
CVE-2025-58189 docker-distribution: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-43]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
golang v1.25.8 or newer in Fedora
Bugzilla
CVE-2025-58189 thrift: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
bugzilla·2025-10-30·CVSS 5.3
CVE-2025-58189 [MEDIUM] CVE-2025-58189 thrift: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
CVE-2025-58189 thrift: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's
Bugzilla
CVE-2025-58189 vhs: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
bugzilla·2025-10-30·CVSS 5.3
CVE-2025-58189 [MEDIUM] CVE-2025-58189 vhs: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
CVE-2025-58189 vhs: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
FEDORA-2026-795b0d0367 (vhs-0.9.0-2.fc42) has been submitted as an update to Fedora 42.
https://bodhi.fedoraproject.org/updates/FEDORA-2026-795b0d0367
Bugzilla
CVE-2025-58189 reposurgeon: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
bugzilla·2025-10-30·CVSS 5.3
CVE-2025-58189 [MEDIUM] CVE-2025-58189 reposurgeon: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
CVE-2025-58189 reposurgeon: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fed
Bugzilla
CVE-2025-58189 asnmap: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
bugzilla·2025-10-30·CVSS 5.3
CVE-2025-58189 [MEDIUM] CVE-2025-58189 asnmap: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
CVE-2025-58189 asnmap: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's
Bugzilla
CVE-2025-58189 golang-x-debug: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
bugzilla·2025-10-30·CVSS 5.3
CVE-2025-58189 [MEDIUM] CVE-2025-58189 golang-x-debug: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
CVE-2025-58189 golang-x-debug: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is
Bugzilla
CVE-2025-58189 glow: go crypto/tls ALPN negotiation error contains attacker controlled information [epel-10]
bugzilla·2025-10-30·CVSS 5.3
CVE-2025-58189 [MEDIUM] CVE-2025-58189 glow: go crypto/tls ALPN negotiation error contains attacker controlled information [epel-10]
CVE-2025-58189 glow: go crypto/tls ALPN negotiation error contains attacker controlled information [epel-10]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This package has changed maintainer in Fedora. Reassigning to the new maintainer of this component.
---
FEDORA-EPEL-2026-4deb1b7241 (glow-2.1.2-1.el10_3) has been submitted as
Bugzilla
CVE-2025-58189 manifest-tool: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
bugzilla·2025-10-30·CVSS 5.3
CVE-2025-58189 [MEDIUM] CVE-2025-58189 manifest-tool: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
CVE-2025-58189 manifest-tool: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is F
Bugzilla
CVE-2025-58189 tailscale: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-43]
bugzilla·2025-10-30·CVSS 5.3
CVE-2025-58189 [MEDIUM] CVE-2025-58189 tailscale: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-43]
CVE-2025-58189 tailscale: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-43]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Bugzilla
CVE-2025-58189 golang-gvisor: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
bugzilla·2025-10-30·CVSS 5.3
CVE-2025-58189 [MEDIUM] CVE-2025-58189 golang-gvisor: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
CVE-2025-58189 golang-gvisor: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is F
Bugzilla
CVE-2025-58189 golang-github-git-5: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
bugzilla·2025-10-30·CVSS 5.3
CVE-2025-58189 [MEDIUM] CVE-2025-58189 golang-github-git-5: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
CVE-2025-58189 golang-github-git-5: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
I
Bugzilla
CVE-2025-58189 vhs: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-43]
bugzilla·2025-10-30·CVSS 5.3
CVE-2025-58189 [MEDIUM] CVE-2025-58189 vhs: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-43]
CVE-2025-58189 vhs: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-43]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
FEDORA-2026-7646f2a691 (vhs-0.10.0-4.fc43) has been submitted as an update to Fedora 43.
https://bodhi.fedoraproject.org/updates/FEDORA-2026-7646f2a691
Bugzilla
CVE-2025-58189 golang-github-mholt-archiver: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
bugzilla·2025-10-30·CVSS 5.3
CVE-2025-58189 [MEDIUM] CVE-2025-58189 golang-github-mholt-archiver: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
CVE-2025-58189 golang-github-mholt-archiver: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026
Bugzilla
CVE-2025-58189 kitty: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
bugzilla·2025-10-30·CVSS 5.3
CVE-2025-58189 [MEDIUM] CVE-2025-58189 kitty: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
CVE-2025-58189 kitty: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's
Bugzilla
CVE-2025-58189 golang-github-theupdateframework-notary: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
bugzilla·2025-10-30·CVSS 5.3
CVE-2025-58189 [MEDIUM] CVE-2025-58189 golang-github-theupdateframework-notary: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
CVE-2025-58189 golang-github-theupdateframework-notary: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux
Bugzilla
CVE-2025-58189 golang-sr-emersion-gqlclient: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
bugzilla·2025-10-30·CVSS 5.3
CVE-2025-58189 [MEDIUM] CVE-2025-58189 golang-sr-emersion-gqlclient: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
CVE-2025-58189 golang-sr-emersion-gqlclient: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026
Bugzilla
CVE-2025-58189 apache-cloudstack-cloudmonkey: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
bugzilla·2025-10-30·CVSS 5.3
CVE-2025-58189 [MEDIUM] CVE-2025-58189 apache-cloudstack-cloudmonkey: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
CVE-2025-58189 apache-cloudstack-cloudmonkey: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 202
Bugzilla
CVE-2025-58189 dnsx: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
bugzilla·2025-10-30·CVSS 5.3
CVE-2025-58189 [MEDIUM] CVE-2025-58189 dnsx: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
CVE-2025-58189 dnsx: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's p
Bugzilla
CVE-2025-58189 nats-server: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
bugzilla·2025-10-30·CVSS 5.3
CVE-2025-58189 [MEDIUM] CVE-2025-58189 nats-server: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
CVE-2025-58189 nats-server: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fed
Bugzilla
CVE-2025-58189 opentofu: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
bugzilla·2025-10-30·CVSS 5.3
CVE-2025-58189 [MEDIUM] CVE-2025-58189 opentofu: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
CVE-2025-58189 opentofu: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora
Bugzilla
CVE-2025-58189 golang-x-mod: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
bugzilla·2025-10-30·CVSS 5.3
CVE-2025-58189 [MEDIUM] CVE-2025-58189 golang-x-mod: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
CVE-2025-58189 golang-x-mod: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fe
Bugzilla
CVE-2025-58189 golang-github-edoardottt-lit-bb-hack-tools: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
bugzilla·2025-10-30·CVSS 5.3
CVE-2025-58189 [MEDIUM] CVE-2025-58189 golang-github-edoardottt-lit-bb-hack-tools: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
CVE-2025-58189 golang-github-edoardottt-lit-bb-hack-tools: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Li
Bugzilla
CVE-2025-58189 vultr: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
bugzilla·2025-10-30·CVSS 5.3
CVE-2025-58189 [MEDIUM] CVE-2025-58189 vultr: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
CVE-2025-58189 vultr: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's
Bugzilla
CVE-2025-58189 golang-github-intel-goresctrl: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
bugzilla·2025-10-30·CVSS 5.3
CVE-2025-58189 [MEDIUM] CVE-2025-58189 golang-github-intel-goresctrl: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
CVE-2025-58189 golang-github-intel-goresctrl: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 202
Bugzilla
CVE-2025-58189 golang-x-exp: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-43]
bugzilla·2025-10-30·CVSS 5.3
CVE-2025-58189 [MEDIUM] CVE-2025-58189 golang-x-exp: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-43]
CVE-2025-58189 golang-x-exp: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-43]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
Doesn't affect the package.
Bugzilla
CVE-2025-58189 OliveTin: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
bugzilla·2025-10-30·CVSS 5.3
CVE-2025-58189 [MEDIUM] CVE-2025-58189 OliveTin: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
CVE-2025-58189 OliveTin: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora
Bugzilla
CVE-2025-58189 golang-github-niklasfasching-org: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
bugzilla·2025-10-30·CVSS 5.3
CVE-2025-58189 [MEDIUM] CVE-2025-58189 golang-github-niklasfasching-org: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
CVE-2025-58189 golang-github-niklasfasching-org: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on
Bugzilla
CVE-2025-58189 grpc: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
bugzilla·2025-10-30·CVSS 5.3
CVE-2025-58189 [MEDIUM] CVE-2025-58189 grpc: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
CVE-2025-58189 grpc: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's p
Bugzilla
CVE-2025-58189 whisper-cpp: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
bugzilla·2025-10-30·CVSS 5.3
CVE-2025-58189 [MEDIUM] CVE-2025-58189 whisper-cpp: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
CVE-2025-58189 whisper-cpp: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fed
Bugzilla
CVE-2025-58189 golang-github-facebook-time: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
bugzilla·2025-10-30·CVSS 5.3
CVE-2025-58189 [MEDIUM] CVE-2025-58189 golang-github-facebook-time: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
CVE-2025-58189 golang-github-facebook-time: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-
Bugzilla
CVE-2025-58189 golang-github-schollz-cli-2: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
bugzilla·2025-10-30·CVSS 5.3
CVE-2025-58189 [MEDIUM] CVE-2025-58189 golang-github-schollz-cli-2: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
CVE-2025-58189 golang-github-schollz-cli-2: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-
Bugzilla
CVE-2025-58189 cadvisor: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
bugzilla·2025-10-30·CVSS 5.3
CVE-2025-58189 [MEDIUM] CVE-2025-58189 cadvisor: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
CVE-2025-58189 cadvisor: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora
Bugzilla
CVE-2025-58189 lw-cli: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
bugzilla·2025-10-30·CVSS 5.3
CVE-2025-58189 [MEDIUM] CVE-2025-58189 lw-cli: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
CVE-2025-58189 lw-cli: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's
Bugzilla
CVE-2025-58189 fluent-bit: go crypto/tls ALPN negotiation error contains attacker controlled information [epel-9]
bugzilla·2025-10-30·CVSS 5.3
CVE-2025-58189 [MEDIUM] CVE-2025-58189 fluent-bit: go crypto/tls ALPN negotiation error contains attacker controlled information [epel-9]
CVE-2025-58189 fluent-bit: go crypto/tls ALPN negotiation error contains attacker controlled information [epel-9]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This package has changed maintainer in Fedora. Reassigning to the new maintainer of this component.
Bugzilla
CVE-2025-58189 fluent-bit: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
bugzilla·2025-10-30·CVSS 5.3
CVE-2025-58189 [MEDIUM] CVE-2025-58189 fluent-bit: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
CVE-2025-58189 fluent-bit: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedo
Bugzilla
CVE-2025-58189 golang-github-schollz-croc: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
bugzilla·2025-10-30·CVSS 5.3
CVE-2025-58189 [MEDIUM] CVE-2025-58189 golang-github-schollz-croc: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
CVE-2025-58189 golang-github-schollz-croc: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-0
Bugzilla
CVE-2025-58189 cri-tools1.32: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
bugzilla·2025-10-30·CVSS 5.3
CVE-2025-58189 [MEDIUM] CVE-2025-58189 cri-tools1.32: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
CVE-2025-58189 cri-tools1.32: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is F
Bugzilla
CVE-2025-58189 golang-github-colinmarc-hdfs-2: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
bugzilla·2025-10-30·CVSS 5.3
CVE-2025-58189 [MEDIUM] CVE-2025-58189 golang-github-colinmarc-hdfs-2: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
CVE-2025-58189 golang-github-colinmarc-hdfs-2: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 20
Bugzilla
CVE-2025-58189 cri-tools1.31: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
bugzilla·2025-10-30·CVSS 5.3
CVE-2025-58189 [MEDIUM] CVE-2025-58189 cri-tools1.31: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
CVE-2025-58189 cri-tools1.31: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is F
Bugzilla
CVE-2025-58189 yq: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
bugzilla·2025-10-30·CVSS 5.3
CVE-2025-58189 [MEDIUM] CVE-2025-58189 yq: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
CVE-2025-58189 yq: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's pol
Bugzilla
CVE-2025-58189 golang-github-nats-io-streaming-server: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
bugzilla·2025-10-30·CVSS 5.3
CVE-2025-58189 [MEDIUM] CVE-2025-58189 golang-github-nats-io-streaming-server: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
CVE-2025-58189 golang-github-nats-io-streaming-server: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux
Bugzilla
CVE-2025-58189 syncthing: go crypto/tls ALPN negotiation error contains attacker controlled information [epel-8]
bugzilla·2025-10-30·CVSS 5.3
CVE-2025-58189 [MEDIUM] CVE-2025-58189 syncthing: go crypto/tls ALPN negotiation error contains attacker controlled information [epel-8]
CVE-2025-58189 syncthing: go crypto/tls ALPN negotiation error contains attacker controlled information [epel-8]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
The Go compiler version in RHEL 8 is too old to have a fix for this issue, so nothing can be done here for syncthing.
Bugzilla
CVE-2025-58189 golang-github-prometheus-prom2json: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
bugzilla·2025-10-30·CVSS 5.3
CVE-2025-58189 [MEDIUM] CVE-2025-58189 golang-github-prometheus-prom2json: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
CVE-2025-58189 golang-github-prometheus-prom2json: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 o
Bugzilla
CVE-2025-58189 golang-github-gocolly-colly-2: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
bugzilla·2025-10-30·CVSS 5.3
CVE-2025-58189 [MEDIUM] CVE-2025-58189 golang-github-gocolly-colly-2: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
CVE-2025-58189 golang-github-gocolly-colly-2: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 202
Bugzilla
CVE-2025-58189 golang-github-hashicorp-hc-install: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
bugzilla·2025-10-30·CVSS 5.3
CVE-2025-58189 [MEDIUM] CVE-2025-58189 golang-github-hashicorp-hc-install: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
CVE-2025-58189 golang-github-hashicorp-hc-install: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 o
Bugzilla
CVE-2025-58189 golang-x-perf: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
bugzilla·2025-10-30·CVSS 5.3
CVE-2025-58189 [MEDIUM] CVE-2025-58189 golang-x-perf: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
CVE-2025-58189 golang-x-perf: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is F
Bugzilla
CVE-2025-58189 golang-github-moby-swarmkit-2: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
bugzilla·2025-10-30·CVSS 5.3
CVE-2025-58189 [MEDIUM] CVE-2025-58189 golang-github-moby-swarmkit-2: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
CVE-2025-58189 golang-github-moby-swarmkit-2: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 202
Bugzilla
CVE-2025-58189 cri-tools: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
bugzilla·2025-10-30·CVSS 5.3
CVE-2025-58189 [MEDIUM] CVE-2025-58189 cri-tools: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
CVE-2025-58189 cri-tools: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedor
Bugzilla
CVE-2025-58189 snapd: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
bugzilla·2025-10-30·CVSS 5.3
CVE-2025-58189 [MEDIUM] CVE-2025-58189 snapd: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
CVE-2025-58189 snapd: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's
Bugzilla
CVE-2025-58189 gron: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
bugzilla·2025-10-30·CVSS 5.3
CVE-2025-58189 [MEDIUM] CVE-2025-58189 gron: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
CVE-2025-58189 gron: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's p
Bugzilla
CVE-2025-58189 golang-k8s-apiextensions-apiserver: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
bugzilla·2025-10-30·CVSS 5.3
CVE-2025-58189 [MEDIUM] CVE-2025-58189 golang-k8s-apiextensions-apiserver: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
CVE-2025-58189 golang-k8s-apiextensions-apiserver: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 o
Bugzilla
CVE-2025-58189 golang-github-redteampentesting-monsoon: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
bugzilla·2025-10-30·CVSS 5.3
CVE-2025-58189 [MEDIUM] CVE-2025-58189 golang-github-redteampentesting-monsoon: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
CVE-2025-58189 golang-github-redteampentesting-monsoon: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux
Bugzilla
CVE-2025-58189 golang-github-shopify-sarama: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
bugzilla·2025-10-30·CVSS 5.3
CVE-2025-58189 [MEDIUM] CVE-2025-58189 golang-github-shopify-sarama: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
CVE-2025-58189 golang-github-shopify-sarama: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026
Bugzilla
CVE-2025-58189 crypto/tls: go crypto/tls ALPN negotiation error contains attacker controlled information
bugzilla·2025-10-29·CVSS 5.3
CVE-2025-58189 [MEDIUM] CVE-2025-58189 crypto/tls: go crypto/tls ALPN negotiation error contains attacker controlled information
CVE-2025-58189 crypto/tls: go crypto/tls ALPN negotiation error contains attacker controlled information
When Conn.Handshake fails during ALPN negotiation the error contains attacker controlled information (the ALPN protocols sent by the client) which is not escaped.
Discussion:
This package is NOT affected by CVE-2025-58189.
SUMMARY:
CVE-2025-58189 affects Go's crypto/tls package. The Fedora bpfman package is
built entirely from Rust code and does not contain or link against Go's
crypto/tls package.
The bpfman.spec file clearly shows this is a Rust package:
1. Generated by rust2rpm (Fedora's Rust packaging tool)
2. BuildRequires: cargo-rpm-macros (not golang build tools)
3. Build uses Cargo (Rust's build system):
- %cargo_prep, %cargo_build, %cargo_test
- Sources include Rust vend
Wiz
CVE-2026-25793 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.5
CVE-2026-25793 [HIGH] CVE-2026-25793 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-25793 :
Nebula vulnerability analysis and mitigation
Nebula is a scalable overlay networking tool. In versions from 1.7.0 to 1.10.2, when using P256 certificates (which is not the default configuration), it is possible to evade a blocklist entry created against the fingerprint of a certificate by using ECDSA Signature Malleability to use a copy of the certificate with a different fingerprint. This issue has been patched in version 1.10.3.
Source : NVD
## 7.6
Score
Published February 6, 2026
Severity HIGH
CNA Score 7.6
Affected Technologies
Nebula
Wolfi
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 0.5
Exploitation Probability (EPSS) N/A
Affected packages and libraries
2025-10-29
Published