Security update for go1

This update for go1 fixes the following issues: Update to version 1.24.13 jscSLE-18320, bsc1236217. Security issues fixed: CVE-2025-61732: cmd/cgo: discrepancy between Go and C/C++ comment parsing allows for C code smuggling bsc1257692. CVE-2025-68119: cmd/go: unexpected code execution when...

AlmaLinux 9 : golang (ALSA-2026:2709)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:2709 advisory. golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip CVE-2025-61728 golang: net/url: Memory exhaustion in query...

HTTP Request Smuggling

Overview std/cmd/cgo is a Go standard library package std/cmd/cgo Affected versions of this package are vulnerable to HTTP Request Smuggling. Go Vulnerability Report: A discrepancy between how Go and C/C++ comments were parsed allowed for code smuggling into the resulting cgo binary. Remediation...

EUVD-2023-32975

Malicious code in bioql PyPI...

BIT-GOLANG-2025-22867

On Darwin, building a Go module which contains CGO can trigger arbitrary code execution when using the Apple version of ld, due to usage of the @executablepath, @loaderpath, or @rpath special values in a "cgo LDFLAGS" directive. This issue only affected go1.24rc2...

AZL-27140 CVE-2023-29404 affecting package golang for versions less than 1.20.7-1

The go command may execute arbitrary code at build time when using cgo. This may occur when running "go get" on a malicious module, or when running any other command which builds untrusted code. This is can by triggered by linker flags, specified via a "cgo LDFLAGS" directive. The arguments for a...

AZL-37353 CVE-2023-29402 affecting package golang for versions less than 1.21.6-1

The go command may generate unexpected code at build time when using cgo. This may result in unexpected behavior when running a go program which uses cgo. This may occur when running an untrusted module which contains directories with newline characters in their names. Modules which are retrieved...

AZL-47225 CVE-2023-29402 affecting package golang for versions less than 1.22.7-2

The go command may generate unexpected code at build time when using cgo. This may result in unexpected behavior when running a go program which uses cgo. This may occur when running an untrusted module which contains directories with newline characters in their names. Modules which are retrieved...

AZL-37329 CVE-2023-29402 affecting package golang for versions less than 1.21.6-1

The go command may generate unexpected code at build time when using cgo. This may result in unexpected behavior when running a go program which uses cgo. This may occur when running an untrusted module which contains directories with newline characters in their names. Modules which are retrieved...