-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-f974cb8ce5 2025-04-23 01:59:45.656499+00:00 --------------------------------------------------------------------------------
Name : golang Product : Fedora 40 Version : 1.23.8 Release : 1.fc40 URL : https://go.dev Summary : The Go Programming Language Description : The Go Programming Language.
-------------------------------------------------------------------------------- Update Information:
Includes security fixes to the net/http package, as well as bug fixes to the runtime and the go command. Full changelog. -------------------------------------------------------------------------------- ChangeLog:
* Mon Apr 14 2025 Packit hello@packit.dev - 1.23.8-1 - Update to 1.23.8 upstream release -------------------------------------------------------------------------------- References:
[ 1 ] Bug #2279816 - TRIAGE CVE-2024-24788 golang: net: malformed DNS message can cause infinite loop [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2279816 [ 2 ] Bug #2351948 - CVE-2025-22870 golang: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net [fedora-40] https://bugzilla.redhat.com/show_bug.cgi?id=2351948 [ 3 ] Bug #2358578 - CVE-2025-22871 golang: Request smuggling due to acceptance of invalid chunked data in net/http [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2358578 --------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-f974cb8ce5' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------