Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -4 articles for you...
89
security advisoryfedoraimportantFedora 43: gopass 1.16.0 Critical Security Patch 2025-abc123ef456
Update to 1.16.0. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-817b0dc707 2025-11-22 01:28:46.754169+00:00 -------------------------------------------------------------------------------- Name : gopass Product : Fedora 43 Version : 1.16.0 Release : 1.fc43 URL : https://github.com/gopasspw/gopass Summary : The slightly more awesome standard unix password manager for teams Description : The slightly more awesome standard unix password manager for teams. -------------------------------------------------------------------------------- Update Information: Update to 1.16.0 -------------------------------------------------------------------------------- ChangeLog: * Thu Nov 13 2025 Fabio Alessandro Locati - 1.16.0-1 - Update to 1.16.0 * Fri Oct 10 2025 Alejandro Sez - 1.15.18-2 - rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #2385032 - gopass: FTBFS in Fedora rawhide/f43 https://bugzilla.redhat.com/show_bug.cgi?id=2385032 [ 2 ] Bug #2407760 - CVE-2025-58189 gopass: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2407760 [ 3 ] Bug #2408029 - CVE-2025-58189 gopass: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2408029 [ 4 ] Bug #2408287 - CVE-2025-58189 gopass: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2408287 [ 5 ] Bug #2409210 - CVE-2025-61723 gopass: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2409210 [ 6 ] Bug #2409497 - CVE-2025-61723 gopass: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2409497 [ 7 ] Bug #2409760 - CVE-2025-61723 gopass: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2409760 [ 8 ] Bug #2410174 - CVE-2025-58185 gopass: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2410174 [ 9 ] Bug #2410448 - CVE-2025-58185 gopass: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2410448 [ 10 ] Bug #2410710 - CVE-2025-58185 gopass: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2410710 [ 11 ] Bug #2411088 - CVE-2025-58188 gopass: Panic when validating certificates with DSA public keys in crypto/x509 [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2411088 [ 12 ] Bug #2411347 - CVE-2025-58188 gopass: Panic when validating certificates with DSA public keys in crypto/x509 [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2411347 [ 13 ] Bug #2411606 - CVE-2025-58188 gopass: Panic when validating certificates with DSA public keys in crypto/x509 [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2411606 [ 14 ] Bug #2412555 - CVE-2025-58183 gopass: Unbounded allocation when parsing GNU sparse map [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2412555 [ 15 ] Bug #2412706 - CVE-2025-58183 gopass: Unbounded allocation when parsing GNU sparse map [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2412706 [ 16 ] Bug #2412788 - CVE-2025-58183 gopass: Unbounded allocation when parsing GNU sparse map [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2412788 [ 17 ] Bug #2414901 - gopass-1.16.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2414901 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-817b0dc707' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- . Update to gopass 1.16.0 on Fedora 43 addresses important security issues including memory exhaustion.. Fedora gopass update security vulnerabilities certificate. . Severity: Important. LinuxSecurity.com Team
Nov 22, 2025
•Important
Fedora
202
security advisorymoderatesoftware updateopenSUSE Tumbleweed: 2025:15013-1 moderate: gopass update
An update that solves one vulnerability can now be installed.. # gopass-1.15.16-1.1 on GA media Announcement ID: openSUSE-SU-2025:15013-1 Rating: moderate Cross-References: * CVE-2024-45337 CVSS scores: * CVE-2024-45337 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Tumbleweed An update that solves one vulnerability can now be installed. ## Description: These are all security issues fixed in the gopass-1.15.16-1.1 package on the GA media of openSUSE Tumbleweed. ## Package List: * openSUSE Tumbleweed: * gopass 1.15.16-1.1 * gopass-bash-completion 1.15.16-1.1 * gopass-fish-completion 1.15.16-1.1 * gopass-impersonate-pass 1.15.16-1.1 * gopass-zsh-completion 1.15.16-1.1 ## References: * https://www.suse.com/security/cve/CVE-2024-45337.html . The latest update for gopass in openSUSE Tumbleweed addresses a moderate security vulnerability, improving safeguards against prospective risks.. gopass update, openSUSE security, moderate threat, software vulnerabilities, secure software management. . Severity: Important. LinuxSecurity.com Team
Apr 23, 2025
•Important
OpenSUSE
89
security advisoryfedoraupdateFedora 35 Critical: Gopass Security Update for Golang CVEs Mitigation
Rebuild for CVE-2022-{24675,28327,29526} in golang and other go ecosystem CVEs --- This contains the result from the mass rebuild in F35 for all packages that require `golang` and provide binaries to mitigate the following CVEs: `golang` itself: - CVE-2022-24675 golang: encoding/pem: fix stack overflow in Decode - CVE-2022-28327 golang: crypto/elliptic: panic caused by oversized scalar -. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2022-3969b64d4b 2022-07-17 00:57:11.020145 --------------------------------------------------------------------------------Name : gopass Product : Fedora 35 Version : 1.13.1 Release : 3.fc35 URL : https://github.com/gopasspw/gopass Summary : The slightly more awesome standard unix password manager for teams Description : The slightly more awesome standard unix password manager for teams. --------------------------------------------------------------------------------Update Information: Rebuild for CVE-2022-{24675,28327,29526} in golang and other go ecosystem CVEs --- This contains the result from the mass rebuild in F35 for all packages that require `golang` and provide binaries to mitigate the following CVEs: `golang` itself: - CVE-2022-24675 golang: encoding/pem: fix stack overflow in Decode -CVE-2022-28327 golang: crypto/elliptic: panic caused by oversized scalar -CVE-2022-29526 golang: syscall: faccessat checks wrong group (There are some Go CVEs that are a little bit older that will also be mitigated by the rebuild for packages that haven't been updated recently) CVEs in other golang libraries that affect a subset of Go packages: - CVE-2022-21698 golang-github-prometheus-client: prometheus/client_golang: Denial of service using InstrumentHandlerCounter - CVE-2022-1996 go-restful: Authorization Bypass Through User-Controlled Key ---- Initial import for golang-github-a8m-envsubst Resolves: rhbz#2074406 ---- Initial package Resolves:rhbz#2074438 ----Update to v3.14.0 (close rhbz#2105612) ---- Fix merge ---- Update to 1.22.1 - Close: rhbz#2077577 --------------------------------------------------------------------------------ChangeLog: * Sat Jul 9 2022 Maxwell G 1.13.1-3 - Rebuild for CVE-2022-{24675,28327,29526} in golang --------------------------------------------------------------------------------References: [ 1 ] Bug #2074406 - Review Request: golang-github-a8m-envsubst - Environment variables substitution for Go https://bugzilla.redhat.com/show_bug.cgi?id=2074406 [ 2 ] Bug #2074438 - Review Request: golang-github-goccy-yaml - YAML support for the Go language https://bugzilla.redhat.com/show_bug.cgi?id=2074438 [ 3 ] Bug #2077577 - powerline-go-1.22.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=2077577 [ 4 ] Bug #2105612 - golang-github-task-3.14.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2105612 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2022-3969b64d4b' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
Jul 16, 2022
•Critical
Fedora
89
security advisorymoderateFedoraFedora 36 Advisory FEDORA-2022-08ae2dd481 Moderate: gopass Crash Fix
Rebuild for CVE-2022-27191 ---- Fix FTBFS Close: rhbz#2045471. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2022-08ae2dd481 2022-05-07 04:08:14.315797 --------------------------------------------------------------------------------Name : gopass Product : Fedora 36 Version : 1.13.1 Release : 2.fc36 URL : https://github.com/gopasspw/gopass Summary : The slightly more awesome standard unix password manager for teams Description : The slightly more awesome standard unix password manager for teams. --------------------------------------------------------------------------------Update Information: Rebuild for CVE-2022-27191 ---- Fix FTBFS Close: rhbz#2045471 --------------------------------------------------------------------------------ChangeLog: * Sat Apr 16 2022 Fabio Alessandro Locati 1.13.1-2 - Rebuilt for CVE-2022-27191 * Tue Mar 29 2022 Fabio Alessandro Locati 1.13.1-1 - First commit. Review #2053969 --------------------------------------------------------------------------------References: [ 1 ] Bug #2045471 - golang-github-appc-goaci: FTBFS in Fedora rawhide/f36 https://bugzilla.redhat.com/show_bug.cgi?id=2045471 [ 2 ] Bug #2074262 - CVE-2022-27191 golang-x-crypto: golang: crash in a golang.org/x/crypto/ssh server [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2074262 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2022-08ae2dd481' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be foundat https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
May 07, 2022
Fedora
89
security advisoryFedorasecurity fixFedora 35: Critical gopass Crash Fix Released on 2022-3a63897745
Rebuild for CVE-2022-27191. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2022-3a63897745 2022-04-28 05:50:06.248389 --------------------------------------------------------------------------------Name : gopass Product : Fedora 35 Version : 1.13.1 Release : 2.fc35 URL : https://github.com/gopasspw/gopass Summary : The slightly more awesome standard unix password manager for teams Description : The slightly more awesome standard unix password manager for teams. --------------------------------------------------------------------------------Update Information: Rebuild for CVE-2022-27191 --------------------------------------------------------------------------------ChangeLog: * Sat Apr 16 2022 Fabio Alessandro Locati 1.13.1-2 - Rebuilt for CVE-2022-27191 --------------------------------------------------------------------------------References: [ 1 ] Bug #2074262 - CVE-2022-27191 golang-x-crypto: golang: crash in a golang.org/x/crypto/ssh server [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2074262 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2022-3a63897745' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
Apr 28, 2022
•Critical
Fedora
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!