Описание
ELSA-2025-21816: delve and golang security update (MODERATE)
delve [1.25.2-1.0.1]
- Disable DWARF compression which has issues (Alex Burmashev)
[1.25.2-1]
- Update Delve to 1.25.2
[1.24.1-3]
- Update CI support
golang [1.25.3-1]
- Update to Go 1.25.3
[1.25.1-1]
- Update to Go1.25.1 -Resolves: RHEL-116849
[1.25.0-5]
- Disable race for risv64
[1.25.0-4]
- Revert DWARF5 defaults
[1.25.0-3]
- Update CI support
[1.25.0-2]
- rpminspect.yaml: Add preprofile binary as it contains debugging symbols
[1.25.0-1]
- Update to Go 1.25.0
Обновленные пакеты
Oracle Linux 10
Oracle Linux aarch64
delve
1.25.2-1.0.1.el10_1
go-toolset
1.25.3-1.el10_1
golang
1.25.3-1.el10_1
golang-bin
1.25.3-1.el10_1
golang-docs
1.25.3-1.el10_1
golang-misc
1.25.3-1.el10_1
golang-race
1.25.3-1.el10_1
golang-src
1.25.3-1.el10_1
golang-tests
1.25.3-1.el10_1
Oracle Linux x86_64
delve
1.25.2-1.0.1.el10_1
go-toolset
1.25.3-1.el10_1
golang
1.25.3-1.el10_1
golang-bin
1.25.3-1.el10_1
golang-docs
1.25.3-1.el10_1
golang-misc
1.25.3-1.el10_1
golang-race
1.25.3-1.el10_1
golang-src
1.25.3-1.el10_1
golang-tests
1.25.3-1.el10_1
Связанные CVE
Связанные уязвимости
tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A maliciously-crafted archive containing a large number of sparse regions can cause a Reader to read an unbounded amount of data from the archive into memory. When reading from a compressed source, a small compressed input can result in large allocations.
tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A maliciously-crafted archive containing a large number of sparse regions can cause a Reader to read an unbounded amount of data from the archive into memory. When reading from a compressed source, a small compressed input can result in large allocations.
Unbounded allocation when parsing GNU sparse map in archive/tar
tar.Reader does not set a maximum size on the number of sparse region ...
