ALSA-2026:19139

[ALSA-2026:19139] Important: go-fdo-client security update

Type:

security

Severity:

important

Release date:

2026-05-26

Description:

go-fdo-client is the device-side implementation of FIDO Device Onboard specification in Go. It provides an FDO client that interacts with FDO manufacturer and owner servers to perform device on-boarding.  

Security Fix(es):  

  * crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages (CVE-2026-32283)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References:

Updated packages listed below:

Architecture	Package	Checksum
aarch64	go-fdo-client-1.0.0-3.el10_2.aarch64.rpm	0e286fc6e327114aa9ea5eb91bae8a539366730f7ce610d384a4581d758f8569
x86_64	go-fdo-client-1.0.0-3.el10_2.x86_64.rpm	d560a2e6b331eda4286e82d45bba304b719b7970b551a7392d8361fb2773da6d
x86_64_v2	go-fdo-client-1.0.0-3.el10_2.x86_64_v2.rpm	e3f991b9f7b5801995ef4a0b563eb0ad6c7e3700c4ad2513296a552088f65cf7

Notes:

This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.