Issued:: 2025-12-22
Updated:: 2025-12-22

RHSA-2025:23740 - Security Advisory

Overview
Updated Packages

Synopsis

Moderate: go-toolset:rhel8 security update

Type/Severity

Security Advisory: Moderate

Red Hat Lightspeed patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for the go-toolset:rhel8 module is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang.

Security Fix(es):

os/exec: Unexpected paths returned from LookPath in os/exec (CVE-2025-47906)
golang: archive/tar: Unbounded allocation when parsing GNU sparse map (CVE-2025-58183)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

Red Hat Enterprise Linux Server - AUS 8.2 x86_64

Fixes

BZ - 2396546 - CVE-2025-47906 os/exec: Unexpected paths returned from LookPath in os/exec
BZ - 2407258 - CVE-2025-58183 golang: archive/tar: Unbounded allocation when parsing GNU sparse map

CVEs

References

https://access.redhat.com/security/updates/classification/#moderate

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux Server - AUS 8.2

SRPM
delve-1.3.2-3.module+el8.2.0+5581+896cb53e.src.rpm	SHA-256: 61998a0b9b9cb0240fbd0ea9048c1c8be5cce3848ba7e057fdacd351398b4957
go-toolset-1.13.15-1.module+el8.2.0+7662+fa98b974.src.rpm	SHA-256: 91ee586b3443d0d786f4b894c45c18c0f287d0447c9e0a3a2b64a69292564179
golang-1.13.15-12.module+el8.2.0+23813+4482ebdd.src.rpm	SHA-256: 5da42a391c73d0a35f2e257122cb947dcbad5aefb53ed5fc132054f84f97fc42
x86_64
delve-1.3.2-3.module+el8.2.0+5581+896cb53e.x86_64.rpm	SHA-256: b0709ae53731835043e0eab5157240aaefb2536ff3fb020501e6b0f688890279
delve-debuginfo-1.3.2-3.module+el8.2.0+5581+896cb53e.x86_64.rpm	SHA-256: 51e2818ff6ed3b0513f1f1e1c99eaa89608445b0250274c6c2b5556f9a73a699
delve-debugsource-1.3.2-3.module+el8.2.0+5581+896cb53e.x86_64.rpm	SHA-256: e948d3a2dd0f5154872b401e74629365fa6a482f13ef103578a13078a2136bff
go-toolset-1.13.15-1.module+el8.2.0+7662+fa98b974.x86_64.rpm	SHA-256: 008476b28d4c5cf1683b9206940852d669a53be1022ac61f8dcfb1dc00b2af3f
golang-1.13.15-12.module+el8.2.0+23813+4482ebdd.x86_64.rpm	SHA-256: c809562465f0229628478dd9faa25023dfad5ed72b5e657df9535d9f047cbbc3
golang-bin-1.13.15-12.module+el8.2.0+23813+4482ebdd.x86_64.rpm	SHA-256: 91b96068578454d82b21c9cc1485f5f111c05bb699ed34900d431322d48b54a9
golang-docs-1.13.15-12.module+el8.2.0+23813+4482ebdd.noarch.rpm	SHA-256: 50b2cb4c05c1115d29d6267aba650a3caa313f011a6ac879cbc45339d731ad61
golang-misc-1.13.15-12.module+el8.2.0+23813+4482ebdd.noarch.rpm	SHA-256: 3aa0279189acc5aaa58147a5efe9b8e7640f3dc4bb02a836c75a37bb2afe3766
golang-race-1.13.15-12.module+el8.2.0+23813+4482ebdd.x86_64.rpm	SHA-256: a212e9030ccc4573cf204c3797bec2f1723aaddfdff8a2696ff90030339eeb3f
golang-src-1.13.15-12.module+el8.2.0+23813+4482ebdd.noarch.rpm	SHA-256: 7e43b6d97561791b22bffb3af3efbb66f9fef246f5dac1dd6baceb8d4ffb39c3
golang-tests-1.13.15-12.module+el8.2.0+23813+4482ebdd.noarch.rpm	SHA-256: 770c87aac0c30db82bddf7f251d1055cc738bacf4722be3161a9b384e8eff0be

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation