285 matches found
ALSA-2025:10672 Moderate: go-toolset:rhel8 security update
Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. Security Fixes: net/http: Sensitive headers not cleared on cross-origin redirect in net/http CVE-2025-4673 For more details about the security issues, including the impact, a CVSS score,...
ROS-20250703-02
A vulnerability in the Go programming language is related to improper syntax correctness checking of input. Exploitation of the vulnerability allows an attacker acting remotely to cause a denial of service...
ALSA-2025:9317 Moderate: delve security update
Delve is a debugger for the Go programming language. The goal of the project is to provide a simple, full featured debugging tool for Go. Delve should be easy to invoke and easy to use. Chances are if you're using a debugger, things aren't going your way. With that in mind, Delve should stay out ...
ROS-20250619-04
Vulnerability of http2 package of Go programming language is related to uncontrolled server resources consumption as a result of resetting Server.MaxConcurrentStreams parameter during request stream processing. as a result of resetting the Server.MaxConcurrentStreams parameter when processing a...
Moderate: Red Hat Security Advisory: go-toolset:rhel8 security update
An update for the go-toolset:rhel8 module is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detail...
net/http: Request smuggling due to acceptance of invalid chunked data in net/http
A flaw was found in the net/http golang package. The net/http package incorrectly accepts messages that end with a line feed LF instead of the proper line ending. When used with another server that also misinterprets this, it can lead to request smuggling—where an attacker tricks the system to se...
CVE-2022-41920
Lancet is a general utility library for the go programming language. Affected versions are subject to a ZipSlip issue when using the fileutil package to unzip files. This issue has been addressed and a fix will be included in versions 2.1.10 and 1.3.4. Users are advised to upgrade. There are no...
RLSA-2024:4237 Moderate: go-toolset security update
Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. Security Fixes: golang: archive/zip: Incorrect handling of certain ZIP files CVE-2024-24789 golang: net/netip: Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses CVE-2024-2479...
go-toolset:rhel8 bug fix and enhancement update
An update is available for module.delve, go-toolset, golang, delve, module.go-toolset, module.golang. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Go Toolset...
SentinelOne Uncovers Chinese Espionage Campaign Targeting Its Infrastructure and Clients
Cybersecurity company SentinelOne has revealed that a China-nexus threat cluster dubbed PurpleHaze conducted reconnaissance attempts against its infrastructure and some of its high-value customers. "We first became aware of this threat cluster during a 2024 intrusion conducted against an...
[SECURITY] Fedora 40 Update: golang-1.23.8-1.fc40
The Go Programming Language...
ROS-20250417-08
A vulnerability in the net/http package of the Go programming language is related to a flaw in HTTP request handling. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code...
[SECURITY] Fedora 41 Update: golang-1.23.8-1.fc41
The Go Programming Language...
Security Bulletin: A vulnerability in Go affects IBM Robotic Process Automation for Cloud Pak which could lead to an authorization bypass (CVE-2024-45337).
Summary A vulnerability in Go affects IBM Robotic Process Automation for Cloud Pak which could lead to an authorization bypass CVE-2024-45337. Go is used by IBM Robotic Process Automation for Cloud Pak as part of its deployment. This bulletin identifies the fix required to resolve the...
Advisory ROSA-SA-2025-2830
Software: golang 1.19.13 OS: ROSA Virtualization 3.0 packageevrstring: golang-1.19.13-2.rv30 CVE-ID: CVE-2023-29402 BDU-ID: 2023-03201 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the Cgo module of the Go programming language is related to incorrect code generation control when handling directory...
RHEL 9 : delve and golang (RHSA-2025:3773)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:3773 advisory. The Go Programming Language. Security Fixes: encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structur...
Moderate: go-toolset:rhel8 security update
Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. Security Fixes: golang: crypto/x509: crypto/x509: usage of IPv6 zone IDs can bypass URI name constraints CVE-2024-45341 golang: net/http: net/http: sensitive headers incorrectly sent after...
ROS-20250403-04
A vulnerability in the Go programming language is related to improper syntax correctness checking of input. Exploitation of the vulnerability allows an attacker acting remotely to cause a denial of service...
ROS-20250403-13
Vulnerability of net/http, x/net/proxy and x/net/http/httpproxy packages of Go programming language is related to incorrect mapping of hosts to proxy server templates. Exploitation of the vulnerability could allow an intruder to affect confidentiality and availability of protected information...
golang bug fix update
An update is available for golang. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The golang packages provide the Go programming language compiler. Bug Fixes:...