Important: go-toolset:rhel8 security update

Important: golang security update

Important: golang security update

ELSA-2026-6949: go-toolset:ol8 security update (IMPORTANT)

ELSA-2026-5942: golang security update (IMPORTANT)

ELSA-2026-5941: golang security update (IMPORTANT)

Building a malicious file with cmd/go can cause can cause a write to an attacker-controlled file with partial control of the file content. The "#cgo pkg-config:" directive in a Go source file provides command-line arguments to provide to the Go pkg-config command. An attacker can provide a "--log-file" argument to this directive, causing pkg-config to write to an attacker-controlled location.

Building a malicious file with cmd/go can cause can cause a write to an attacker-controlled file with partial control of the file content. The "#cgo pkg-config:" directive in a Go source file provides command-line arguments to provide to the Go pkg-config command. An attacker can provide a "--log-file" argument to this directive, causing pkg-config to write to an attacker-controlled location.

Building a malicious file with cmd/go can cause can cause a write to an attacker-controlled file with partial control of the file content. The "#cgo pkg-config:" directive in a Go source file provides command-line arguments to provide to the Go pkg-config command. An attacker can provide a "--log-file" argument to this directive, causing pkg-config to write to an attacker-controlled location.

Building a malicious file with cmd/go can cause can cause a write to a ...

url.Parse insufficiently validated the host/authority component and accepted some invalid URLs.

url.Parse insufficiently validated the host/authority component and accepted some invalid URLs.

url.Parse insufficiently validated the host/authority component and accepted some invalid URLs.

Incorrect parsing of IPv6 host literals in net/url

url.Parse insufficiently validated the host/authority component and ac ...

Building a malicious file with cmd/go can cause can cause a write to an attacker-controlled file with partial control of the file content. The "#cgo pkg-config:" directive in a Go source file provides command-line arguments to provide to the Go pkg-config command. An attacker can provide a "--log-file" argument to this directive, causing pkg-config to write to an attacker-controlled location.

Уязвимость языка программирования Golang, связанная с недостаточным контролем ресурса в период его существования, позволяющая нарушителю вызвать отказ в обслуживании

Уязвимость etcd

Уязвимость golang

Important: osbuild-composer security update