Important: golang security update

The golang packages provide the Go programming language compiler. Security Fixes: crypto/x509: Incorrect enforcement of email constraints in crypto/x509 CVE-2026-27137 net/url: Incorrect parsing of IPv6 host literals in net/url CVE-2026-25679 For more details about the security issues, including...

Important: Red Hat Security Advisory: golang security update

An update for golang is now available for Red Hat Enterprise Linux 9.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

Important: golang security update

The golang packages provide the Go programming language compiler. Security Fixes: cmd/go: cmd/go: Arbitrary file write via malicious pkg-config directive CVE-2025-61731 net/url: Incorrect parsing of IPv6 host literals in net/url CVE-2026-25679 For more details about the security issues, including...

OESA-2025-2863 golang security update

. Security Fixes: crypto/x509: Exclude subdomain constraints do not restrict wildcard SANs Exclude subdomain constraints in certificate chains do not restrict the use of wildcard SANs in leaf certificates. For example, excluding the constraint on the subdomain test.example.com does not prevent th...

delve and golang security update

An update is available for golang, delve. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The Go Programming Language. Security Fixes: golang: archive/tar:...

OESA-2025-2181 golang security update

. Security Fixes: The go command may execute unexpected commands when operating in untrusted VCS repositories. This occurs when possibly dangerous VCS configuration is present in repositories. This can happen when a repository was fetched via one VCS e.g. Git, but contains metadata for another VC...

OESA-2025-2180 golang security update

. Security Fixes: A vulnerability was found in Google Go up to 1.23.11/1.24.5 Programming Language Software. It has been declared as problematic.The manipulation of the argument PATH with an unknown input leads to a unknown weakness.As an impact it is known to affect integrity.Upgrading to versio...

golang security update

1.24.6-1 - Update to Go 1.24.6 fips-1 - Resolves: RHEL-106464...

OESA-2024-2505 golang security update

. Security Fixes: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.CVE-2024-34156...

OESA-2024-1771 golang security update

The Go Programming Language. Security Fixes: The archive/zip package's handling of certain types of invalid zip files differs from the behavior of most zip implementations. This misalignment could be exploited to create an zip file with contents that vary depending on the implementation reading t...

SUSE-SU-2023:2845-1 Security update for go1.19

This update for go1.19 fixes the following issues: go was updated to version 1.19.11 bsc1200441: - CVE-2023-29406: Fixed insufficient sanitization of Host header in net/http bsc1213229...

SUSE-SU-2023:0733-1 Security update for go1.19

This update for go1.19 fixes the following issues: - CVE-2022-41722: Fixed path traversal in filepath.Clean on Windows bsc1208269. - CVE-2022-41723: Fixed quadratic complexity in HPACK decoding bsc1208270. - CVE-2022-41724: Fixed panic with arge handshake records in crypto/tls bsc1208271. -...

SUSE-SU-2021:2186-1 Security update for go1.16

This update for go1.16 fixes the following issues: Update to 1.16.5. Includes these security fixes - CVE-2021-33195: net: Lookup functions may return invalid host names bsc1187443. - CVE-2021-33196: archive/zip: malformed archive may cause panic or memory exhaustion bsc1186622. - CVE-2021-33197:...

SUSE-SU-2020:2776-1 Security update for go1.15

go1.15 released 2020-08-11 Go 1.15 is a major release of Go. go1.15.x minor releases will be provided through August 2021. https://github.com/golang/go/wiki/Go-Release-Cycle Most changes are in the implementation of the toolchain, runtime, and libraries. As always, the release maintains the Go 1...

OPENSUSE-SU-2020:1405-1 Security update for go1.14

This update for go1.14 fixes the following issues: - go1.14 was updated to version 1.14.7 - CVE-2020-16845: dUvarint and ReadVarint can read an unlimited number of bytes from invalid inputs bsc1174977. - go1.14.6 released 2020-07-16 includes fixes to the go command, the compiler, the linker, vet,...