Описание
ELSA-2026-5942: golang security update (IMPORTANT)
[1.25.8-2]
- Update to Go 1.25.8 (fips-1)
- Resolves: RHEL-157451
Обновленные пакеты
Oracle Linux 9
Oracle Linux aarch64
go-toolset
1.25.8-1.el9_7
golang
1.25.8-1.el9_7
golang-bin
1.25.8-1.el9_7
golang-docs
1.25.8-1.el9_7
golang-misc
1.25.8-1.el9_7
golang-race
1.25.8-1.el9_7
golang-src
1.25.8-1.el9_7
golang-tests
1.25.8-1.el9_7
Oracle Linux x86_64
go-toolset
1.25.8-1.el9_7
golang
1.25.8-1.el9_7
golang-bin
1.25.8-1.el9_7
golang-docs
1.25.8-1.el9_7
golang-misc
1.25.8-1.el9_7
golang-race
1.25.8-1.el9_7
golang-src
1.25.8-1.el9_7
golang-tests
1.25.8-1.el9_7
Связанные CVE
Связанные уязвимости
Building a malicious file with cmd/go can cause can cause a write to an attacker-controlled file with partial control of the file content. The "#cgo pkg-config:" directive in a Go source file provides command-line arguments to provide to the Go pkg-config command. An attacker can provide a "--log-file" argument to this directive, causing pkg-config to write to an attacker-controlled location.
Building a malicious file with cmd/go can cause can cause a write to an attacker-controlled file with partial control of the file content. The "#cgo pkg-config:" directive in a Go source file provides command-line arguments to provide to the Go pkg-config command. An attacker can provide a "--log-file" argument to this directive, causing pkg-config to write to an attacker-controlled location.
Building a malicious file with cmd/go can cause can cause a write to an attacker-controlled file with partial control of the file content. The "#cgo pkg-config:" directive in a Go source file provides command-line arguments to provide to the Go pkg-config command. An attacker can provide a "--log-file" argument to this directive, causing pkg-config to write to an attacker-controlled location.
Building a malicious file with cmd/go can cause can cause a write to a ...