Red Hat Product Errata RHSA-2026:22141 - Security Advisory Issued: 2026-06-01 Updated: 2026-06-01 RHSA-2026:22141 - Security Advisory Overview Updated Packages Synopsis Moderate: go-fdo-client and go-fdo-server security update Type/Severity Security Advisory: Moderate Red Hat Lightspeed patch analysis Identify and remediate systems affected by this advisory. View affected systems Topic An update for multiple packages is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description This package provides a server-side implementation of the FIDO Device Onboard (FDO) specification, written in Go. FDO is an open standard for the late binding of device credentials, allowing for automated and secure on-boarding of devices when they are first powered on in their final location. Security Fix(es): crypto/tls: Unexpected session resumption in crypto/tls (CVE-2025-68121) crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation (CVE-2026-32281) golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root (CVE-2026-32282) crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building (CVE-2026-32280) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 Affected Products Red Hat Enterprise Linux for x86_64 10 x86_64 Red Hat Enterprise Linux for x86_64 - Extended Update Support 10.2 x86_64 Red Hat Enterprise Linux for ARM 64 10 aarch64 Red Hat Enterprise Linux for ARM 64 - Extended Update Support 10.2 aarch64 Red Hat Enterprise Linux for ARM 64 - 4 years of updates 10.2 aarch64 Red Hat Enterprise Linux for x86_64 - 4 years of updates 10.2 x86_64 Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 10.2 x86_64 Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 10.2 aarch64 Fixes BZ - 2437111 - CVE-2025-68121 crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption BZ - 2456333 - CVE-2026-32281 crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation BZ - 2456336 - CVE-2026-32282 golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root BZ - 2456339 - CVE-2026-32280 crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building CVEs CVE-2025-68121 CVE-2026-32280 CVE-2026-32281 CVE-2026-32282 References https://access.redhat.com/security/updates/classification/#moderate Note: More recent versions of these packages may be available. Click a package name for more details. Red Hat Enterprise Linux for x86_64 10 SRPM go-fdo-client-1.0.0-4.el10_2.src.rpm SHA-256: ec90b78a8c7c912303df6b5647329ed8f802a35e5dc46c1e3c0d4bc74a427a7b go-fdo-server-1.0.1-2.el10_2.src.rpm SHA-256: 2a953c3ce2fe9b808c5ea06fa63ef4768797acf0b9c5a5d49a62a0034adc6028 x86_64 go-fdo-client-1.0.0-4.el10_2.x86_64.rpm SHA-256: 0860018966ab84c197e48433d0a470e0fa85d0aefdc0b659b71f16b5876d14ab go-fdo-client-debuginfo-1.0.0-4.el10_2.x86_64.rpm SHA-256: 51a73e62d3bc903cada7314c7d4880eec2116e0798553c0bea45e1e6066c1f07 go-fdo-client-debugsource-1.0.0-4.el10_2.x86_64.rpm SHA-256: a375bcf5f9bbdfa25a1bfbbe52533902d0eaa9cf0cb90146ebc0e7cda974c810 go-fdo-server-1.0.1-2.el10_2.x86_64.rpm SHA-256: 758fe97a77b95c45da35848bfb169b9bc077df9cfe6d3f18acff1f88740fdfc7 go-fdo-server-debuginfo-1.0.1-2.el10_2.x86_64.rpm SHA-256: 27d6c45dd1f32ee90b6710abd2c67dbc2ac926f6dede976c550a4355f6cf71cf go-fdo-server-debugsource-1.0.1-2.el10_2.x86_64.rpm SHA-256: 5b5d104b6860a88a0eba45d785fba3a682b0fc0170a9e0c1ac1f288af50c2dde go-fdo-server-manufacturer-1.0.1-2.el10_2.noarch.rpm SHA-256: 55a48a2ec4e94b6e8dd7ae9b15de82fa8a56611b863d0ff83844d8c0a0dc4822 go-fdo-server-owner-1.0.1-2.el10_2.noarch.rpm SHA-256: fe68f5f07ab0c2388f8e5e304998d65b48581df21ae6ead2b266edf4ad7834b6 go-fdo-server-rendezvous-1.0.1-2.el10_2.noarch.rpm SHA-256: 4c943c756f8a8c73fe0779fa58c4962b4fcc60e761a77b580dd7e9f06ad1570c Red Hat Enterprise Linux for x86_64 - Extended Update Support 10.2 SRPM go-fdo-client-1.0.0-4.el10_2.src.rpm SHA-256: ec90b78a8c7c912303df6b5647329ed8f802a35e5dc46c1e3c0d4bc74a427a7b go-fdo-server-1.0.1-2.el10_2.src.rpm SHA-256: 2a953c3ce2fe9b808c5ea06fa63ef4768797acf0b9c5a5d49a62a0034adc6028 x86_64 go-fdo-client-1.0.0-4.el10_2.x86_64.rpm SHA-256: 0860018966ab84c197e48433d0a470e0fa85d0aefdc0b659b71f16b5876d14ab go-fdo-client-debuginfo-1.0.0-4.el10_2.x86_64.rpm SHA-256: 51a73e62d3bc903cada7314c7d4880eec2116e0798553c0bea45e1e6066c1f07 go-fdo-client-debugsource-1.0.0-4.el10_2.x86_64.rpm SHA-256: a375bcf5f9bbdfa25a1bfbbe52533902d0eaa9cf0cb90146ebc0e7cda974c810 go-fdo-server-1.0.1-2.el10_2.x86_64.rpm SHA-256: 758fe97a77b95c45da35848bfb169b9bc077df9cfe6d3f18acff1f88740fdfc7 go-fdo-server-debuginfo-1.0.1-2.el10_2.x86_64.rpm SHA-256: 27d6c45dd1f32ee90b6710abd2c67dbc2ac926f6dede976c550a4355f6cf71cf go-fdo-server-debugsource-1.0.1-2.el10_2.x86_64.rpm SHA-256: 5b5d104b6860a88a0eba45d785fba3a682b0fc0170a9e0c1ac1f288af50c2dde go-fdo-server-manufacturer-1.0.1-2.el10_2.noarch.rpm SHA-256: 55a48a2ec4e94b6e8dd7ae9b15de82fa8a56611b863d0ff83844d8c0a0dc4822 go-fdo-server-owner-1.0.1-2.el10_2.noarch.rpm SHA-256: fe68f5f07ab0c2388f8e5e304998d65b48581df21ae6ead2b266edf4ad7834b6 go-fdo-server-rendezvous-1.0.1-2.el10_2.noarch.rpm SHA-256: 4c943c756f8a8c73fe0779fa58c4962b4fcc60e761a77b580dd7e9f06ad1570c Red Hat Enterprise Linux for ARM 64 10 SRPM go-fdo-client-1.0.0-4.el10_2.src.rpm SHA-256: ec90b78a8c7c912303df6b5647329ed8f802a35e5dc46c1e3c0d4bc74a427a7b go-fdo-server-1.0.1-2.el10_2.src.rpm SHA-256: 2a953c3ce2fe9b808c5ea06fa63ef4768797acf0b9c5a5d49a62a0034adc6028 aarch64 go-fdo-client-1.0.0-4.el10_2.aarch64.rpm SHA-256: b46a184504f17b696b9b90fc5312906405650fcbcac483f8e967da2869a2d88c go-fdo-client-debuginfo-1.0.0-4.el10_2.aarch64.rpm SHA-256: 7d21b1ec5b97fd4257362b284b2e724f5379eae4e9000e40c5f5461b9e35d4e5 go-fdo-client-debugsource-1.0.0-4.el10_2.aarch64.rpm SHA-256: 8b4af28f21157b93dda85664196fb6249fc2d84559b956c2494cf4c89bec6272 go-fdo-server-1.0.1-2.el10_2.aarch64.rpm SHA-256: 18ffcfb781ca9ce2280eacd65e19deb7c68cf12ccc5e2ad8512e7c3114ec0c48 go-fdo-server-debuginfo-1.0.1-2.el10_2.aarch64.rpm SHA-256: e810c008ec8feae444bab1929e49742b1cf934d7c3aebe7f2676f839e51b6acd go-fdo-server-debugsource-1.0.1-2.el10_2.aarch64.rpm SHA-256: 4efa30fdafa911c048c91644fac031c57b6bce589e6856aaf4f8e7058be6c7a5 go-fdo-server-manufacturer-1.0.1-2.el10_2.noarch.rpm SHA-256: 55a48a2ec4e94b6e8dd7ae9b15de82fa8a56611b863d0ff83844d8c0a0dc4822 go-fdo-server-owner-1.0.1-2.el10_2.noarch.rpm SHA-256: fe68f5f07ab0c2388f8e5e304998d65b48581df21ae6ead2b266edf4ad7834b6 go-fdo-server-rendezvous-1.0.1-2.el10_2.noarch.rpm SHA-256: 4c943c756f8a8c73fe0779fa58c4962b4fcc60e761a77b580dd7e9f06ad1570c Red Hat Enterprise Linux for ARM 64 - Extended Update Support 10.2 SRPM go-fdo-client-1.0.0-4.el10_2.src.rpm SHA-256: ec90b78a8c7c912303df6b5647329ed8f802a35e5dc46c1e3c0d4bc74a427a7b go-fdo-server-1.0.1-2.el10_2.src.rpm SHA-256: 2a953c3ce2fe9b808c5ea06fa63ef4768797acf0b9c5a5d49a62a0034adc6028 aarch64 go-fdo-client-1.0.0-4.el10_2.aarch64.rpm SHA-256: b46a184504f17b696b9b90fc5312906405650fcbcac483f8e967da2869a2d88c go-fdo-client-debuginfo-1.0.0-4.el10_2.aarch64.rpm SHA-256: 7d21b1ec5b97fd4257362b284b2e724f5379eae4e9000e40c5f5461b9e35d4e5 go-fdo-client-debugsource-1.0.0-4.el10_2.aarch64.rpm SHA-256: 8b4af28f21157b93dda85664196fb6249fc2d84559b956c2494cf4c89bec6272 go-fdo-server-1.0.1-2.el10_2.aarch64.rpm SHA-256: 18ffcfb781ca9ce2280eacd65e19deb7c68cf12ccc5e2ad8512e7c3114ec0c48 go-fdo-server-debuginfo-1.0.1-2.el10_2.aarch64.rpm SHA-256: e810c008ec8feae444bab1929e49742b1cf934d7c3aebe7f2676f839e51b6acd go-fdo-server-debugsource-1.0.1-2.el10_2.aarch64.rpm SHA-256: 4efa30fdafa911c048c91644fac031c57b6bce589e6856aaf4f8e7058be6c7a5 go-fdo-server-manufacturer-1.0.1-2.el10_2.noarch.rpm SHA-256: 55a48a2ec4e94b6e8dd7ae9b15de82fa8a56611b863d0ff83844d8c0a0dc4822 go-fdo-server-owner-1.0.1-2.el10_2.noarch.rpm SHA-256: fe68f5f07ab0c2388f8e5e304998d65b48581df21ae6ead2b266edf4ad7834b6 go-fdo-server-rendezvous-1.0.1-2.el10_2.noarch.rpm SHA-256: 4c943c756f8a8c73fe0779fa58c4962b4fcc60e761a77b580dd7e9f06ad1570c Red Hat Enterprise Linux for ARM 64 - 4 years of updates 10.2 SRPM go-fdo-client-1.0.0-4.el10_2.src.rpm SHA-256: ec90b78a8c7c912303df6b5647329ed8f802a35e5dc46c1e3c0d4bc74a427a7b go-fdo-server-1.0.1-2.el10_2.src.rpm SHA-256: 2a953c3ce2fe9b808c5ea06fa63ef4768797acf0b9c5a5d49a62a0034adc6028 aarch64 go-fdo-client-1.0.0-4.el10_2.aarch64.rpm SHA-256: b46a184504f17b696b9b90fc5312906405650fcbcac483f8e967da2869a2d88c go-fdo-client-debuginfo-1.0.0-4.el10_2.aarch64.rpm SHA-256: 7d21b1ec5b97fd4257362b284b2e724f5379eae4e9000e40c5f5461b9e35d4e5 go-fdo-client-debugsource-1.0.0-4.el10_2.aarch64.rpm SHA-256: 8b4af28f21157b93dda85664196fb6249fc2d84559b956c2494cf4c89bec6272 go-fdo-server-1.0.1-2.el10_2.aarch64.rpm SHA-256: 18ffcfb781ca9ce2280eacd65e19deb7c68cf12ccc5e2ad8512e7c3114ec0c48 go-fdo-server-debuginfo-1.0.1-2.el10_2.aarch64.rpm SHA-256: e810c008ec8feae444bab1929e49742b1cf934d7c3aebe7f2676f839e51b6acd go-fdo-server-debugsource-1.0.1-2.el10_2.aarch64.rpm SHA-256: 4efa30fdafa911c048c91644fac031c57b6bce589e6856aaf4f8e7058be6c7a5 go-fdo-server-manufacturer-1.0.1-2.el10_2.noarch.rpm SHA-256: 55a48a2ec4e94b6e8dd7ae9b15de82fa8a56611b863d0ff83844d8c0a0dc4822 go-fdo-server-owner-1.0.1-2.el10_2.noarch.rpm SHA-256: fe68f5f07ab0c2388f8e5e304998d65b48581df21ae6ead2b266edf4ad7834b6 go-fdo-server-rendezvous-1.0.1-2.el10_2.noarch.rpm SHA-256: 4c943c756f8a8