Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

rocky логотип

RLSA-2025:22668

Опубликовано: 04 дек. 2025
Источник: rocky
Оценка: Moderate

Описание

Moderate: go-toolset:rhel8 security update

Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang.

Security Fix(es):

  • os/exec: Unexpected paths returned from LookPath in os/exec (CVE-2025-47906)

  • golang: archive/tar: Unbounded allocation when parsing GNU sparse map (CVE-2025-58183)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Затронутые продукты

  • Rocky Linux 8

Связанные CVE

CVE-2025-47906
CVE-2025-58183

Ссылки на источники

Исправления

Связанные уязвимости

oracle-oval логотип

ELSA-2025-22668

oracle-oval
4 месяца назад

ELSA-2025-22668: go-toolset:ol8 security update (MODERATE)

ubuntu логотип

CVE-2025-47906

CVSS3: 6.5
ubuntu
6 месяцев назад

If the PATH environment variable contains paths which are executables (rather than just directories), passing certain strings to LookPath ("", ".", and ".."), can result in the binaries listed in the PATH being unexpectedly returned.

redhat логотип

CVE-2025-47906

CVSS3: 6.5
redhat
6 месяцев назад

If the PATH environment variable contains paths which are executables (rather than just directories), passing certain strings to LookPath ("", ".", and ".."), can result in the binaries listed in the PATH being unexpectedly returned.

nvd логотип

CVE-2025-47906

CVSS3: 6.5
nvd
6 месяцев назад

If the PATH environment variable contains paths which are executables (rather than just directories), passing certain strings to LookPath ("", ".", and ".."), can result in the binaries listed in the PATH being unexpectedly returned.

msrc логотип

CVE-2025-47906

CVSS3: 8.8
msrc
7 месяцев назад

Unexpected paths returned from LookPath in os/exec