9 matches found
CLSA-2026-1772573053 butane: Fix of CVE-2025-61729
rebuilt with golang = 1.25.7-1.tuxcare.els1 to address the following security issues: - CVE-2025-61729...
golang security update
1.25.7-1 - Rebase to latest rhel-10-main 170a5b7e084...
AZL-78937 CVE-2025-61732 affecting package golang 1.25.7-1
A discrepancy between how Go and C/C++ comments were parsed allowed for code smuggling into the resulting cgo binary...
AZL-78933 CVE-2025-61730 affecting package golang 1.25.7-1
During the TLS 1.3 handshake if multiple messages are sent in records that span encryption level boundaries for instance the Client Hello and Encrypted Extensions messages, the subsequent messages may be processed before the encryption level changes. This can cause some minor information disclosu...
AZL-78911 CVE-2025-58186 affecting package golang 1.25.7-1
Despite HTTP headers having a default limit of 1MB, the number of cookies that can be parsed does not have a limit. By sending a lot of very small cookies such as "a=;", an attacker can make an HTTP server allocate a large amount of structs, causing large memory consumption...
AZL-78982 CVE-2025-22871 affecting package golang 1.25.7-1
The net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines. This can permit request smuggling if a net/http server is used in conjunction with a server that incorrectly accepts a bare LF as part of a chunk-ext...
AZL-79020 CVE-2024-24788 affecting package golang 1.25.7-1
A malformed DNS message in response to a query can cause the Lookup functions to get stuck in an infinite loop...
AZL-78984 CVE-2023-39323 affecting package golang 1.25.7-1
Line directives "//line" can be used to bypass the restrictions on "//go:cgo" directives, allowing blocked linker and compiler flags to be passed during compilation. This can result in unexpected execution of arbitrary code when running "go build". The line directive requires the absolute path of...
AZL-79082 CVE-2023-24540 affecting package golang 1.25.7-1
Not all valid JavaScript whitespace characters are considered to be whitespace. Templates containing whitespace characters outside of the character set "\t\n\f\r\u0020\u2028\u2029" in JavaScript contexts that also contain actions may not be properly sanitized during execution...