ELSA-2025-21815

Опубликовано: 25 нояб. 2025

Источник: oracle-oval

Платформа: Oracle Linux 9

Описание

ELSA-2025-21815: delve and golang security update (MODERATE)

delve [1.25.2-1.0.1]

Disable DWARF compression which has issues (Alex Burmashev)

[1.25.2-1]

Update to Delve 1.25.2
Resolves: RHEL-111801

golang [1.25.3-1]

Update to Go 1.25.3
Resolves: RHEL-121220

[1.25.1-1]

Update to Go 1.25.1
Resolves: RHEL-116850

[1.25.0-2]

Revert DWARF5 defaults
Add elf5 to rpminspect.yaml
Related: RHEL-109557

[1.25.0-1]

Update to Go 1.25.0
Set GOAMD64 to v2 to align with new architecture baselines
Modify the modify_go.env.patch to reflect GOAMD64 baseline version change to v2
Resolves: RHEL-109557

Обновленные пакеты

Oracle Linux 9

Oracle Linux aarch64

delve

1.25.2-1.0.1.el9_7

go-toolset

1.25.3-1.el9_7

golang

1.25.3-1.el9_7

golang-bin

1.25.3-1.el9_7

golang-docs

1.25.3-1.el9_7

golang-misc

1.25.3-1.el9_7

golang-race

1.25.3-1.el9_7

golang-src

1.25.3-1.el9_7

golang-tests

1.25.3-1.el9_7

Oracle Linux x86_64

delve

1.25.2-1.0.1.el9_7

go-toolset

1.25.3-1.el9_7

golang

1.25.3-1.el9_7

golang-bin

1.25.3-1.el9_7

golang-docs

1.25.3-1.el9_7

golang-misc

1.25.3-1.el9_7

golang-race

1.25.3-1.el9_7

golang-src

1.25.3-1.el9_7

golang-tests

1.25.3-1.el9_7

Связанные CVE

CVE-2025-58183

Ссылки на источники

Связанные уязвимости

CVE-2025-58183

CVSS3: 4.3

ubuntu

около 1 месяца назад

tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A maliciously-crafted archive containing a large number of sparse regions can cause a Reader to read an unbounded amount of data from the archive into memory. When reading from a compressed source, a small compressed input can result in large allocations.