- Issued:
- 2025-08-18
- Updated:
- 2025-08-18
RHSA-2025:13940 - Security Advisory
Synopsis
Important: go-toolset:rhel8 security update
Type/Severity
Security Advisory: Important
Red Hat Lightspeed patch analysis
Identify and remediate systems affected by this advisory.
Topic
An update for the go-toolset:rhel8 module is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang.
Security Fix(es):
- cmd/go: Go VCS Command Execution Vulnerability (CVE-2025-4674)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Solution
For details on how to apply this update, which includes the changes described in this advisory, refer to:
Affected Products
- Red Hat Enterprise Linux for x86_64 8 x86_64
- Red Hat Enterprise Linux for IBM z Systems 8 s390x
- Red Hat Enterprise Linux for Power, little endian 8 ppc64le
- Red Hat Enterprise Linux for ARM 64 8 aarch64
Fixes
- BZ - 2384329 - CVE-2025-4674 cmd/go: Go VCS Command Execution Vulnerability
CVEs
Note:
More recent versions of these packages may be available.
Click a package name for more details.
Red Hat Enterprise Linux for x86_64 8
| SRPM | |
|---|---|
| delve-1.24.1-1.module+el8.10.0+22945+b2c96a17.src.rpm | SHA-256: f2cc1f7ce0ff833db04bb5b97d495bebb38525cf034f0ac7d5abbffd3468bd04 |
| go-toolset-1.24.6-1.module+el8.10.0+23407+428597c7.src.rpm | SHA-256: 836f2edfc87255292f8ac881a831f57c04e99874f1317cddb76e4922fd21a3ce |
| golang-1.24.6-1.module+el8.10.0+23407+428597c7.src.rpm | SHA-256: ab50d56c18801172ea68b8fc430ec369f4e511b41cd229f00cea3893c469ba0e |
| x86_64 | |
| golang-docs-1.24.6-1.module+el8.10.0+23407+428597c7.noarch.rpm | SHA-256: 1284b11f2b8f7bedc8aeebf950eb2acd20d3671bbedd1a19329afd886e35ce5a |
| golang-misc-1.24.6-1.module+el8.10.0+23407+428597c7.noarch.rpm | SHA-256: f64281d7378e2d576119704c3524d83b68655d1cc7a58ca7d32deae532948bb4 |
| golang-src-1.24.6-1.module+el8.10.0+23407+428597c7.noarch.rpm | SHA-256: 5a6b5c4cc43309fe020027a7edbef2edd05a77a5b99e6623a6bd1fc91d1f60b7 |
| golang-tests-1.24.6-1.module+el8.10.0+23407+428597c7.noarch.rpm | SHA-256: 24fdf41f500f8fec59297b3424137d51644b60aa56abb8e32161191a46125c42 |
| golang-docs-1.24.6-1.module+el8.10.0+23407+428597c7.noarch.rpm | SHA-256: 1284b11f2b8f7bedc8aeebf950eb2acd20d3671bbedd1a19329afd886e35ce5a |
| golang-misc-1.24.6-1.module+el8.10.0+23407+428597c7.noarch.rpm | SHA-256: f64281d7378e2d576119704c3524d83b68655d1cc7a58ca7d32deae532948bb4 |
| golang-src-1.24.6-1.module+el8.10.0+23407+428597c7.noarch.rpm | SHA-256: 5a6b5c4cc43309fe020027a7edbef2edd05a77a5b99e6623a6bd1fc91d1f60b7 |
| golang-tests-1.24.6-1.module+el8.10.0+23407+428597c7.noarch.rpm | SHA-256: 24fdf41f500f8fec59297b3424137d51644b60aa56abb8e32161191a46125c42 |
| delve-1.24.1-1.module+el8.10.0+22945+b2c96a17.x86_64.rpm | SHA-256: 5882a0cfa7eb18396621d8783f062a506ae6977d9a5a29e9c05ae7e5fd93dc8a |
| delve-debuginfo-1.24.1-1.module+el8.10.0+22945+b2c96a17.x86_64.rpm | SHA-256: 0eebebbed117c0b0e191bb086b8785f0ff982d89717733d2a711bcf66a0f7176 |
| delve-debugsource-1.24.1-1.module+el8.10.0+22945+b2c96a17.x86_64.rpm | SHA-256: fc3f176322bdd65942d986bb5da347e89c7392164ea225ef522905e9452d37a2 |
| go-toolset-1.24.6-1.module+el8.10.0+23407+428597c7.x86_64.rpm | SHA-256: de54fc19a917c4b10b7d9a9a80ccf0926c21c65ce7b41787c11daa65b3b1acaa |
| golang-1.24.6-1.module+el8.10.0+23407+428597c7.x86_64.rpm | SHA-256: 696c373028cf7ff33744d9865c5b9b6da0cf5dba61bbe9d46bc25b50692f0a90 |
| golang-bin-1.24.6-1.module+el8.10.0+23407+428597c7.x86_64.rpm | SHA-256: fe1769ca161c10fe62688240b7c42477b4eb11531320ad77074f334e47b998b1 |
| golang-docs-1.24.6-1.module+el8.10.0+23407+428597c7.noarch.rpm | SHA-256: 1284b11f2b8f7bedc8aeebf950eb2acd20d3671bbedd1a19329afd886e35ce5a |
| golang-misc-1.24.6-1.module+el8.10.0+23407+428597c7.noarch.rpm | SHA-256: f64281d7378e2d576119704c3524d83b68655d1cc7a58ca7d32deae532948bb4 |
| golang-src-1.24.6-1.module+el8.10.0+23407+428597c7.noarch.rpm | SHA-256: 5a6b5c4cc43309fe020027a7edbef2edd05a77a5b99e6623a6bd1fc91d1f60b7 |
| golang-tests-1.24.6-1.module+el8.10.0+23407+428597c7.noarch.rpm | SHA-256: 24fdf41f500f8fec59297b3424137d51644b60aa56abb8e32161191a46125c42 |
| golang-docs-1.24.6-1.module+el8.10.0+23407+428597c7.noarch.rpm | SHA-256: 1284b11f2b8f7bedc8aeebf950eb2acd20d3671bbedd1a19329afd886e35ce5a |
| golang-misc-1.24.6-1.module+el8.10.0+23407+428597c7.noarch.rpm | SHA-256: f64281d7378e2d576119704c3524d83b68655d1cc7a58ca7d32deae532948bb4 |
| golang-src-1.24.6-1.module+el8.10.0+23407+428597c7.noarch.rpm | SHA-256: 5a6b5c4cc43309fe020027a7edbef2edd05a77a5b99e6623a6bd1fc91d1f60b7 |
| golang-tests-1.24.6-1.module+el8.10.0+23407+428597c7.noarch.rpm | SHA-256: 24fdf41f500f8fec59297b3424137d51644b60aa56abb8e32161191a46125c42 |
Red Hat Enterprise Linux for IBM z Systems 8
| SRPM | |
|---|---|
| go-toolset-1.24.6-1.module+el8.10.0+23407+428597c7.src.rpm | SHA-256: 836f2edfc87255292f8ac881a831f57c04e99874f1317cddb76e4922fd21a3ce |
| golang-1.24.6-1.module+el8.10.0+23407+428597c7.src.rpm | SHA-256: ab50d56c18801172ea68b8fc430ec369f4e511b41cd229f00cea3893c469ba0e |
| s390x | |
| golang-docs-1.24.6-1.module+el8.10.0+23407+428597c7.noarch.rpm | SHA-256: 1284b11f2b8f7bedc8aeebf950eb2acd20d3671bbedd1a19329afd886e35ce5a |
| golang-misc-1.24.6-1.module+el8.10.0+23407+428597c7.noarch.rpm | SHA-256: f64281d7378e2d576119704c3524d83b68655d1cc7a58ca7d32deae532948bb4 |
| golang-src-1.24.6-1.module+el8.10.0+23407+428597c7.noarch.rpm | SHA-256: 5a6b5c4cc43309fe020027a7edbef2edd05a77a5b99e6623a6bd1fc91d1f60b7 |
| golang-tests-1.24.6-1.module+el8.10.0+23407+428597c7.noarch.rpm | SHA-256: 24fdf41f500f8fec59297b3424137d51644b60aa56abb8e32161191a46125c42 |
| go-toolset-1.24.6-1.module+el8.10.0+23407+428597c7.s390x.rpm | SHA-256: f72881e50dedb1e1b685905ecc9f496865f009b4c902fcc32b0fc15c1d0a2d81 |
| golang-1.24.6-1.module+el8.10.0+23407+428597c7.s390x.rpm | SHA-256: 30f8f9ab28fdc790dc6c5ad00cf5317eed65aaf52ee4442c56837084f23fc1c2 |
| golang-bin-1.24.6-1.module+el8.10.0+23407+428597c7.s390x.rpm | SHA-256: 782c3398f09b8e7d7d8d0cbcb37e063e0da8ae655ba4f32f798f30c18e6d2ac6 |
| golang-docs-1.24.6-1.module+el8.10.0+23407+428597c7.noarch.rpm | SHA-256: 1284b11f2b8f7bedc8aeebf950eb2acd20d3671bbedd1a19329afd886e35ce5a |
| golang-misc-1.24.6-1.module+el8.10.0+23407+428597c7.noarch.rpm | SHA-256: f64281d7378e2d576119704c3524d83b68655d1cc7a58ca7d32deae532948bb4 |
| golang-src-1.24.6-1.module+el8.10.0+23407+428597c7.noarch.rpm | SHA-256: 5a6b5c4cc43309fe020027a7edbef2edd05a77a5b99e6623a6bd1fc91d1f60b7 |
| golang-tests-1.24.6-1.module+el8.10.0+23407+428597c7.noarch.rpm | SHA-256: 24fdf41f500f8fec59297b3424137d51644b60aa56abb8e32161191a46125c42 |
| golang-docs-1.24.6-1.module+el8.10.0+23407+428597c7.noarch.rpm | SHA-256: 1284b11f2b8f7bedc8aeebf950eb2acd20d3671bbedd1a19329afd886e35ce5a |
| golang-misc-1.24.6-1.module+el8.10.0+23407+428597c7.noarch.rpm | SHA-256: f64281d7378e2d576119704c3524d83b68655d1cc7a58ca7d32deae532948bb4 |
| golang-src-1.24.6-1.module+el8.10.0+23407+428597c7.noarch.rpm | SHA-256: 5a6b5c4cc43309fe020027a7edbef2edd05a77a5b99e6623a6bd1fc91d1f60b7 |
| golang-tests-1.24.6-1.module+el8.10.0+23407+428597c7.noarch.rpm | SHA-256: 24fdf41f500f8fec59297b3424137d51644b60aa56abb8e32161191a46125c42 |
| golang-docs-1.24.6-1.module+el8.10.0+23407+428597c7.noarch.rpm | SHA-256: 1284b11f2b8f7bedc8aeebf950eb2acd20d3671bbedd1a19329afd886e35ce5a |
| golang-misc-1.24.6-1.module+el8.10.0+23407+428597c7.noarch.rpm | SHA-256: f64281d7378e2d576119704c3524d83b68655d1cc7a58ca7d32deae532948bb4 |
| golang-src-1.24.6-1.module+el8.10.0+23407+428597c7.noarch.rpm | SHA-256: 5a6b5c4cc43309fe020027a7edbef2edd05a77a5b99e6623a6bd1fc91d1f60b7 |
| golang-tests-1.24.6-1.module+el8.10.0+23407+428597c7.noarch.rpm | SHA-256: 24fdf41f500f8fec59297b3424137d51644b60aa56abb8e32161191a46125c42 |
Red Hat Enterprise Linux for Power, little endian 8
| SRPM | |
|---|---|
| delve-1.24.1-1.module+el8.10.0+22945+b2c96a17.src.rpm | SHA-256: f2cc1f7ce0ff833db04bb5b97d495bebb38525cf034f0ac7d5abbffd3468bd04 |
| go-toolset-1.24.6-1.module+el8.10.0+23407+428597c7.src.rpm | SHA-256: 836f2edfc87255292f8ac881a831f57c04e99874f1317cddb76e4922fd21a3ce |
| golang-1.24.6-1.module+el8.10.0+23407+428597c7.src.rpm | SHA-256: ab50d56c18801172ea68b8fc430ec369f4e511b41cd229f00cea3893c469ba0e |
| ppc64le | |
| golang-docs-1.24.6-1.module+el8.10.0+23407+428597c7.noarch.rpm | SHA-256: 1284b11f2b8f7bedc8aeebf950eb2acd20d3671bbedd1a19329afd886e35ce5a |
| golang-misc-1.24.6-1.module+el8.10.0+23407+428597c7.noarch.rpm | SHA-256: f64281d7378e2d576119704c3524d83b68655d1cc7a58ca7d32deae532948bb4 |
| golang-src-1.24.6-1.module+el8.10.0+23407+428597c7.noarch.rpm | SHA-256: 5a6b5c4cc43309fe020027a7edbef2edd05a77a5b99e6623a6bd1fc91d1f60b7 |
| golang-tests-1.24.6-1.module+el8.10.0+23407+428597c7.noarch.rpm | SHA-256: 24fdf41f500f8fec59297b3424137d51644b60aa56abb8e32161191a46125c42 |
| golang-docs-1.24.6-1.module+el8.10.0+23407+428597c7.noarch.rpm | SHA-256: 1284b11f2b8f7bedc8aeebf950eb2acd20d3671bbedd1a19329afd886e35ce5a |
| golang-misc-1.24.6-1.module+el8.10.0+23407+428597c7.noarch.rpm | SHA-256: f64281d7378e2d576119704c3524d83b68655d1cc7a58ca7d32deae532948bb4 |
| golang-src-1.24.6-1.module+el8.10.0+23407+428597c7.noarch.rpm | SHA-256: 5a6b5c4cc43309fe020027a7edbef2edd05a77a5b99e6623a6bd1fc91d1f60b7 |
| golang-tests-1.24.6-1.module+el8.10.0+23407+428597c7.noarch.rpm | SHA-256: 24fdf41f500f8fec59297b3424137d51644b60aa56abb8e32161191a46125c42 |
| golang-docs-1.24.6-1.module+el8.10.0+23407+428597c7.noarch.rpm | SHA-256: 1284b11f2b8f7bedc8aeebf950eb2acd20d3671bbedd1a19329afd886e35ce5a |
| golang-misc-1.24.6-1.module+el8.10.0+23407+428597c7.noarch.rpm | SHA-256: f64281d7378e2d576119704c3524d83b68655d1cc7a58ca7d32deae532948bb4 |
| golang-src-1.24.6-1.module+el8.10.0+23407+428597c7.noarch.rpm | SHA-256: 5a6b5c4cc43309fe020027a7edbef2edd05a77a5b99e6623a6bd1fc91d1f60b7 |
| golang-tests-1.24.6-1.module+el8.10.0+23407+428597c7.noarch.rpm | SHA-256: 24fdf41f500f8fec59297b3424137d51644b60aa56abb8e32161191a46125c42 |
| delve-1.24.1-1.module+el8.10.0+22945+b2c96a17.ppc64le.rpm | SHA-256: 65c9cfbedd22a0a4c00e0cbc2b3674e259c5233937e7292f72b009b4eb882e4b |
| delve-debuginfo-1.24.1-1.module+el8.10.0+22945+b2c96a17.ppc64le.rpm | SHA-256: 7259c25a4280b9d2d914697a4692e59a40de21cf74d3ef63af7351724098094b |
| delve-debugsource-1.24.1-1.module+el8.10.0+22945+b2c96a17.ppc64le.rpm | SHA-256: f7e2adc3bf71a3a4b2d1183a746307db9d3884b4915f8dfbb9a30a3ebbedb5eb |
| go-toolset-1.24.6-1.module+el8.10.0+23407+428597c7.ppc64le.rpm | SHA-256: 3b12f2c7550ca1c10df109301d949ff7f8d503edb4aff8727be02800623584f0 |
| golang-1.24.6-1.module+el8.10.0+23407+428597c7.ppc64le.rpm | SHA-256: 1026c831ddb6f0c69ba9276cf1ef6c1db9c0ddfe12c1d08716ef3ac35a3d7951 |
| golang-bin-1.24.6-1.module+el8.10.0+23407+428597c7.ppc64le.rpm | SHA-256: 90381f781c392d16ea533186d8317a6968ec9523b212aa1e35b80f34fb43eae2 |
| golang-docs-1.24.6-1.module+el8.10.0+23407+428597c7.noarch.rpm | SHA-256: 1284b11f2b8f7bedc8aeebf950eb2acd20d3671bbedd1a19329afd886e35ce5a |
| golang-misc-1.24.6-1.module+el8.10.0+23407+428597c7.noarch.rpm | SHA-256: f64281d7378e2d576119704c3524d83b68655d1cc7a58ca7d32deae532948bb4 |
| golang-src-1.24.6-1.module+el8.10.0+23407+428597c7.noarch.rpm | SHA-256: 5a6b5c4cc43309fe020027a7edbef2edd05a77a5b99e6623a6bd1fc91d1f60b7 |
| golang-tests-1.24.6-1.module+el8.10.0+23407+428597c7.noarch.rpm | SHA-256: 24fdf41f500f8fec59297b3424137d51644b60aa56abb8e32161191a46125c42 |
Red Hat Enterprise Linux for ARM 64 8
| SRPM | |
|---|---|
| delve-1.24.1-1.module+el8.10.0+22945+b2c96a17.src.rpm | SHA-256: f2cc1f7ce0ff833db04bb5b97d495bebb38525cf034f0ac7d5abbffd3468bd04 |
| go-toolset-1.24.6-1.module+el8.10.0+23407+428597c7.src.rpm | SHA-256: 836f2edfc87255292f8ac881a831f57c04e99874f1317cddb76e4922fd21a3ce |
| golang-1.24.6-1.module+el8.10.0+23407+428597c7.src.rpm | SHA-256: ab50d56c18801172ea68b8fc430ec369f4e511b41cd229f00cea3893c469ba0e |
| aarch64 | |
| delve-1.24.1-1.module+el8.10.0+22945+b2c96a17.aarch64.rpm | SHA-256: 99335542a8129ded4ecd8a2f6f23c70cd5503468c58dd461bdf47ae1e55ab086 |
| delve-debuginfo-1.24.1-1.module+el8.10.0+22945+b2c96a17.aarch64.rpm | SHA-256: 0403dc76b309407f7f05c32f0cff54ef34607fcb2eb46e65b6f379428202f07f |
| delve-debugsource-1.24.1-1.module+el8.10.0+22945+b2c96a17.aarch64.rpm | SHA-256: 45f6715a8c2e817b385a5c7a94bd75580307a73fdc47cb8a935926250ca91fd3 |
| go-toolset-1.24.6-1.module+el8.10.0+23407+428597c7.aarch64.rpm | SHA-256: 811a477cf72e61274f74f39aa49031721aa7f496101155cb120e2fc003f013cc |
| golang-1.24.6-1.module+el8.10.0+23407+428597c7.aarch64.rpm | SHA-256: 4323f9c2de2a1677758ca57e48e0314b452c3ab9498e9791df45df295daec367 |
| golang-bin-1.24.6-1.module+el8.10.0+23407+428597c7.aarch64.rpm | SHA-256: 206542787cb5e8c9d85ddb95682cd95cc82776931cc1ded32dfd8f04861f7990 |
| golang-docs-1.24.6-1.module+el8.10.0+23407+428597c7.noarch.rpm | SHA-256: 1284b11f2b8f7bedc8aeebf950eb2acd20d3671bbedd1a19329afd886e35ce5a |
| golang-misc-1.24.6-1.module+el8.10.0+23407+428597c7.noarch.rpm | SHA-256: f64281d7378e2d576119704c3524d83b68655d1cc7a58ca7d32deae532948bb4 |
| golang-src-1.24.6-1.module+el8.10.0+23407+428597c7.noarch.rpm | SHA-256: 5a6b5c4cc43309fe020027a7edbef2edd05a77a5b99e6623a6bd1fc91d1f60b7 |
| golang-tests-1.24.6-1.module+el8.10.0+23407+428597c7.noarch.rpm | SHA-256: 24fdf41f500f8fec59297b3424137d51644b60aa56abb8e32161191a46125c42 |
| golang-docs-1.24.6-1.module+el8.10.0+23407+428597c7.noarch.rpm | SHA-256: 1284b11f2b8f7bedc8aeebf950eb2acd20d3671bbedd1a19329afd886e35ce5a |
| golang-misc-1.24.6-1.module+el8.10.0+23407+428597c7.noarch.rpm | SHA-256: f64281d7378e2d576119704c3524d83b68655d1cc7a58ca7d32deae532948bb4 |
| golang-src-1.24.6-1.module+el8.10.0+23407+428597c7.noarch.rpm | SHA-256: 5a6b5c4cc43309fe020027a7edbef2edd05a77a5b99e6623a6bd1fc91d1f60b7 |
| golang-tests-1.24.6-1.module+el8.10.0+23407+428597c7.noarch.rpm | SHA-256: 24fdf41f500f8fec59297b3424137d51644b60aa56abb8e32161191a46125c42 |
| golang-docs-1.24.6-1.module+el8.10.0+23407+428597c7.noarch.rpm | SHA-256: 1284b11f2b8f7bedc8aeebf950eb2acd20d3671bbedd1a19329afd886e35ce5a |
| golang-misc-1.24.6-1.module+el8.10.0+23407+428597c7.noarch.rpm | SHA-256: f64281d7378e2d576119704c3524d83b68655d1cc7a58ca7d32deae532948bb4 |
| golang-src-1.24.6-1.module+el8.10.0+23407+428597c7.noarch.rpm | SHA-256: 5a6b5c4cc43309fe020027a7edbef2edd05a77a5b99e6623a6bd1fc91d1f60b7 |
| golang-tests-1.24.6-1.module+el8.10.0+23407+428597c7.noarch.rpm | SHA-256: 24fdf41f500f8fec59297b3424137d51644b60aa56abb8e32161191a46125c42 |
| golang-docs-1.24.6-1.module+el8.10.0+23407+428597c7.noarch.rpm | SHA-256: 1284b11f2b8f7bedc8aeebf950eb2acd20d3671bbedd1a19329afd886e35ce5a |
| golang-misc-1.24.6-1.module+el8.10.0+23407+428597c7.noarch.rpm | SHA-256: f64281d7378e2d576119704c3524d83b68655d1cc7a58ca7d32deae532948bb4 |
| golang-src-1.24.6-1.module+el8.10.0+23407+428597c7.noarch.rpm | SHA-256: 5a6b5c4cc43309fe020027a7edbef2edd05a77a5b99e6623a6bd1fc91d1f60b7 |
| golang-tests-1.24.6-1.module+el8.10.0+23407+428597c7.noarch.rpm | SHA-256: 24fdf41f500f8fec59297b3424137d51644b60aa56abb8e32161191a46125c42 |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.
