Red Hat Product Errata RHSA-2025:23741 - Security Advisory
Issued:
2025-12-22
Updated:
2025-12-22

RHSA-2025:23741 - Security Advisory

Synopsis

Moderate: go-toolset:rhel8 security update

Type/Severity

Security Advisory: Moderate

Red Hat Lightspeed patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for the go-toolset:rhel8 module is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support and Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang.

Security Fix(es):

  • os/exec: Unexpected paths returned from LookPath in os/exec (CVE-2025-47906)
  • golang: archive/tar: Unbounded allocation when parsing GNU sparse map (CVE-2025-58183)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat Enterprise Linux for x86_64 - Extended Update Support Extension 8.4 x86_64
  • Red Hat Enterprise Linux Server - AUS 8.4 x86_64

Fixes

  • BZ - 2396546 - CVE-2025-47906 os/exec: Unexpected paths returned from LookPath in os/exec
  • BZ - 2407258 - CVE-2025-58183 golang: archive/tar: Unbounded allocation when parsing GNU sparse map

Red Hat Enterprise Linux for x86_64 - Extended Update Support Extension 8.4

SRPM
delve-1.5.0-2.module+el8.4.0+8864+58b0fcdb.src.rpm SHA-256: 82330956b947a41b6641b4a58b476507d2aadb0fb314fb775c2a12bb8786733d
go-toolset-1.15.14-3.module+el8.4.0+22765+91da4d3f.src.rpm SHA-256: 60c380bd18f2ebad31ca78dcf75724e54134583a8b8d46d6d0867d167b39a70d
golang-1.15.14-17.module+el8.4.0+23814+8f618eb7.src.rpm SHA-256: ca0657a0b844d97526605a48a470e359d4134f4d000c0b02e98d8e20aba72938
x86_64
delve-1.5.0-2.module+el8.4.0+8864+58b0fcdb.x86_64.rpm SHA-256: ea15304bd24355b219103aaf4c774ca82ec47b9def5f4bd2c38b125ad914fe8a
delve-debuginfo-1.5.0-2.module+el8.4.0+8864+58b0fcdb.x86_64.rpm SHA-256: 94e586cbd77e5cc8b98fda58a90d5ff365ddab1d155dd5f4e0ad4eac90e7ce1f
delve-debugsource-1.5.0-2.module+el8.4.0+8864+58b0fcdb.x86_64.rpm SHA-256: f654ab129b47aa437f717237ffc37c66a4716d81ac8575066939c76811eb0c6b
go-toolset-1.15.14-3.module+el8.4.0+22765+91da4d3f.x86_64.rpm SHA-256: 1ce3686ed1e446ef30b0d7ff75718b2098a04f1703f84d00086359ed90bb348e
golang-1.15.14-17.module+el8.4.0+23814+8f618eb7.x86_64.rpm SHA-256: ba67ffa7ed0f1c1e434d23f304768ee1a07e46f7f1d73b98b6793cc136a9709a
golang-bin-1.15.14-17.module+el8.4.0+23814+8f618eb7.x86_64.rpm SHA-256: e86bdc9d77ec6dab76ca4ab496a40136ce4fe999af3581b5305c2937bdde4f08
golang-docs-1.15.14-17.module+el8.4.0+23814+8f618eb7.noarch.rpm SHA-256: 05220c9a5266bd42234d1a52c9a63f4764b179503f8002e92ef95ece98fdab8d
golang-misc-1.15.14-17.module+el8.4.0+23814+8f618eb7.noarch.rpm SHA-256: 1d799bad93eb20b4b2797648bf057f02eaced753d217cbfddc0b4d0cd973f784
golang-race-1.15.14-17.module+el8.4.0+23814+8f618eb7.x86_64.rpm SHA-256: ab9c10206f24fe92bbb930eea5e8a8f2eba8f008ddcd21454e94faf931d47eeb
golang-src-1.15.14-17.module+el8.4.0+23814+8f618eb7.noarch.rpm SHA-256: c2262b93e8582b22765002ee21adb8c47794db0af667fe4eaff4ff2defc4f9ff
golang-tests-1.15.14-17.module+el8.4.0+23814+8f618eb7.noarch.rpm SHA-256: 84b267548c9da3b0bafb540d380e4af2b5157f66a6e8d72147eb656b743717d6

Red Hat Enterprise Linux Server - AUS 8.4

SRPM
delve-1.5.0-2.module+el8.4.0+8864+58b0fcdb.src.rpm SHA-256: 82330956b947a41b6641b4a58b476507d2aadb0fb314fb775c2a12bb8786733d
go-toolset-1.15.14-3.module+el8.4.0+22765+91da4d3f.src.rpm SHA-256: 60c380bd18f2ebad31ca78dcf75724e54134583a8b8d46d6d0867d167b39a70d
golang-1.15.14-17.module+el8.4.0+23814+8f618eb7.src.rpm SHA-256: ca0657a0b844d97526605a48a470e359d4134f4d000c0b02e98d8e20aba72938
x86_64
delve-1.5.0-2.module+el8.4.0+8864+58b0fcdb.x86_64.rpm SHA-256: ea15304bd24355b219103aaf4c774ca82ec47b9def5f4bd2c38b125ad914fe8a
delve-debuginfo-1.5.0-2.module+el8.4.0+8864+58b0fcdb.x86_64.rpm SHA-256: 94e586cbd77e5cc8b98fda58a90d5ff365ddab1d155dd5f4e0ad4eac90e7ce1f
delve-debugsource-1.5.0-2.module+el8.4.0+8864+58b0fcdb.x86_64.rpm SHA-256: f654ab129b47aa437f717237ffc37c66a4716d81ac8575066939c76811eb0c6b
go-toolset-1.15.14-3.module+el8.4.0+22765+91da4d3f.x86_64.rpm SHA-256: 1ce3686ed1e446ef30b0d7ff75718b2098a04f1703f84d00086359ed90bb348e
golang-1.15.14-17.module+el8.4.0+23814+8f618eb7.x86_64.rpm SHA-256: ba67ffa7ed0f1c1e434d23f304768ee1a07e46f7f1d73b98b6793cc136a9709a
golang-bin-1.15.14-17.module+el8.4.0+23814+8f618eb7.x86_64.rpm SHA-256: e86bdc9d77ec6dab76ca4ab496a40136ce4fe999af3581b5305c2937bdde4f08
golang-docs-1.15.14-17.module+el8.4.0+23814+8f618eb7.noarch.rpm SHA-256: 05220c9a5266bd42234d1a52c9a63f4764b179503f8002e92ef95ece98fdab8d
golang-misc-1.15.14-17.module+el8.4.0+23814+8f618eb7.noarch.rpm SHA-256: 1d799bad93eb20b4b2797648bf057f02eaced753d217cbfddc0b4d0cd973f784
golang-race-1.15.14-17.module+el8.4.0+23814+8f618eb7.x86_64.rpm SHA-256: ab9c10206f24fe92bbb930eea5e8a8f2eba8f008ddcd21454e94faf931d47eeb
golang-src-1.15.14-17.module+el8.4.0+23814+8f618eb7.noarch.rpm SHA-256: c2262b93e8582b22765002ee21adb8c47794db0af667fe4eaff4ff2defc4f9ff
golang-tests-1.15.14-17.module+el8.4.0+23814+8f618eb7.noarch.rpm SHA-256: 84b267548c9da3b0bafb540d380e4af2b5157f66a6e8d72147eb656b743717d6

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.