RLSA-2025:7466

Опубликовано: 03 окт. 2025

Источник: rocky

Оценка: Moderate

Описание

Moderate: delve and golang security update

Delve is a debugger for the Go programming language. The goal of the project is to provide a simple, full featured debugging tool for Go. Delve should be easy to invoke and easy to use. Chances are if you're using a debugger, things aren't going your way. With that in mind, Delve should stay out of your way as much as possible.

Security Fix(es):

golang: crypto/x509: crypto/x509: usage of IPv6 zone IDs can bypass URI name constraints (CVE-2024-45341)
golang: net/http: net/http: sensitive headers incorrectly sent after cross-domain redirect (CVE-2024-45336)
crypto/internal/nistec: golang: Timing sidechannel for P-256 on ppc64le in crypto/internal/nistec (CVE-2025-22866)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Затронутые продукты

Rocky Linux 10

Наименование	Архитектура	Релиз	RPM
delve	x86_64	1.el10_0	delve-1.24.1-1.el10_0.x86_64.rpm
golang	x86_64	1.el10_0	golang-1.23.7-1.el10_0.x86_64.rpm
golang-bin	x86_64	1.el10_0	golang-bin-1.23.7-1.el10_0.x86_64.rpm
golang-docs	noarch	1.el10_0	golang-docs-1.23.7-1.el10_0.noarch.rpm
golang-docs	noarch	1.el10_0	golang-docs-1.23.7-1.el10_0.noarch.rpm
golang-docs	noarch	1.el10_0	golang-docs-1.23.7-1.el10_0.noarch.rpm
golang-docs	noarch	1.el10_0	golang-docs-1.23.7-1.el10_0.noarch.rpm
golang-misc	noarch	1.el10_0	golang-misc-1.23.7-1.el10_0.noarch.rpm
golang-misc	noarch	1.el10_0	golang-misc-1.23.7-1.el10_0.noarch.rpm
golang-misc	noarch	1.el10_0	golang-misc-1.23.7-1.el10_0.noarch.rpm