OESA-2026-2247 golang security update

. Security Fixes: SWIG file names containing 'cgo' and well-crafted payloads could lead to code smuggling and arbitrary code execution at build time due to trust layer bypass.CVE-2026-27140 Arithmetic over induction variables in loops were not correctly checked for underflow or overflow. As a...

OESA-2026-1698 golang security update

The Go Programming Language. Security Fixes: The net/url package does not set a limit on the number of query parameters in a query. While the maximum size of query parameters in URLs is generally limited by the maximum request header size, the net/http.Request.ParseForm method can parse large...

TencentOS Server 3: go-toolset:rhel8 (TSSA-2026:0170)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2026:0170 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

RHEL 9 : golang (RHSA-2026:3472)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:3472 advisory. The golang packages provide the Go programming language compiler. Security Fixes: golang: archive/zip: Excessive CPU consumption when buildi...

SUSE-SU-2026:0789-1 Security update for go1.24-openssl

This update for go1.24-openssl fixes the following issues: Update to version 1.24.13 jscSLE-18320, bsc1236217. Security issues fixed: - CVE-2025-61732: cmd/cgo: discrepancy between Go and C/C++ comment parsing allows for C code smuggling bsc1257692. - CVE-2025-68119: cmd/go: unexpected code...

Important: Red Hat Security Advisory: go-toolset:rhel8 security update

An update for the go-toolset:rhel8 module is now available for Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions and Red Hat Enterprise Linux 8.8 Telecommunications Update Service. Red Hat Product Security has rated this update as having a security impact of Important. A Common...

RHEL 8 : go-toolset:rhel8 (RHSA-2026:3489)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:3489 advisory. Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. Security Fixes: golang: archive/zi...

RLSA-2026:2709 Important: golang security update

The golang packages provide the Go programming language compiler. Security Fixes: golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip CVE-2025-61728 golang: net/url: Memory exhaustion in query parameter parsing in net/url CVE-2025-61726 cmd/cgo: Potential cod...

go-toolset:rhel8 security update

An update is available for module.delve, golang, delve, module.golang. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Go Toolset provides the Go programming...

ALSA-2026:2706 Important: golang security update

The golang packages provide the Go programming language compiler. Security Fixes: golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip CVE-2025-61728 golang: net/url: Memory exhaustion in query parameter parsing in net/url CVE-2025-61726 cmd/cgo: Potential cod...

RHEL 8 : go-toolset:rhel8 (RHSA-2026:2708)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:2708 advisory. Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. Security Fixes: golang: archive/zi...

ALSA-2026:2709 Important: golang security update

The golang packages provide the Go programming language compiler. Security Fixes: golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip CVE-2025-61728 golang: net/url: Memory exhaustion in query parameter parsing in net/url CVE-2025-61726 cmd/cgo: Potential cod...

Important: go-toolset:rhel8 security update

Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. Security Fixes: golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip CVE-2025-61728 golang: net/url: Memory exhaustion in query parameter parsing in net/u...

EUVD-2024-22164

Malicious code in bioql PyPI...

Arbitrary Code Execution

github.com/golang/go is vulnerable to Arbitrary Code Execution. The vulnerability is caused by building a GO module which contains Cgo code due to usage of the -ltolibrary flag in a cgo LDFLAGS directive. Note that this vulnerability is only exploitable on Darwin systems...

Fedora 37 : golang (2023-1819dc9854)

The remote Fedora 37 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-1819dc9854 advisory. This update includes a security fix to the crypto/tls package, as well as bug fixes to the assembler and the compiler. ---- This update includes a...

AZL-27122 CVE-2023-29402 affecting package msft-golang for versions less than 1.19.10-1

The go command may generate unexpected code at build time when using cgo. This may result in unexpected behavior when running a go program which uses cgo. This may occur when running an untrusted module which contains directories with newline characters in their names. Modules which are retrieved...

go -- multiple vulnerabilities

The Go project reports: crypto/tls: restrict RSA keys in certificates to = 8192 bits Extremely large RSA keys in certificate chains can cause a client/server to expend significant CPU time verifying signatures. Limit this by restricting the size of RSA keys transmitted during handshakes to = 8192...