[ALSA-2026:22141] Moderate: go-fdo-client and go-fdo-server security update
Type:
security
Severity:
moderate
Release date:
2026-07-15
Description:
This package provides a server-side implementation of the FIDO Device Onboard (FDO) specification, written in Go. FDO is an open standard for the late binding of device credentials, allowing for automated and secure on-boarding of devices when they are first powered on in their final location. Security Fix(es): * crypto/tls: Unexpected session resumption in crypto/tls (CVE-2025-68121) * crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation (CVE-2026-32281) * golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root (CVE-2026-32282) * crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building (CVE-2026-32280) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Updated packages listed below:
Architecture Package Checksum
aarch64 go-fdo-client-1.0.0-4.el10_2.aarch64.rpm 7f69b0fd8867a479bfed3095ff0ee56c19047d54952369998d92bfd3ac930d98
aarch64 go-fdo-server-1.0.1-2.el10_2.aarch64.rpm ad3e9572ee7941b17efda07f030f64b6c0bf9fee0afc36c878fb7d4c7d541333
noarch go-fdo-server-owner-1.0.1-2.el10_2.noarch.rpm 2f5a8bd1401f47c152f97edd4dcc2bcfe5b02e9edea564cd3f27e4152facb328
noarch go-fdo-server-rendezvous-1.0.1-2.el10_2.noarch.rpm 843e6a44fb5ab7ca974b5dc823978d86e2f4d3d2a91a9aef3292f97beafc75f3
noarch go-fdo-server-manufacturer-1.0.1-2.el10_2.noarch.rpm b1739b5cbc00a312407f39f5c8b72d26a9a88f099f93f00e1d68db826a024bb9
x86_64 go-fdo-server-1.0.1-2.el10_2.x86_64.rpm 73b78eef599d81f91dea670f7b606c5c9618ad7e7a3c80e6f1b14d3029d947f6
x86_64 go-fdo-client-1.0.0-4.el10_2.x86_64.rpm eb85f88e2245831b5126c14026a4723b60a5946ce769982315d1febf52203fe9
x86_64_v2 go-fdo-server-1.0.1-2.el10_2.x86_64_v2.rpm 50468070a7e546383a806a7379ad2eb10fe9d6522ac77fc7fab212c0f84eb842
x86_64_v2 go-fdo-client-1.0.0-4.el10_2.x86_64_v2.rpm 9790ddd81db302dfcb7d942ae00787c57992244b750580a4319184b35a60f681
Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.