Issued:: 2025-06-04
Updated:: 2025-06-04

RHSA-2025:8478 - Security Advisory

Overview
Updated Packages

Synopsis

Moderate: go-toolset:rhel8 security update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for the go-toolset:rhel8 module is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang.

Security Fix(es):

net/http: Request smuggling due to acceptance of invalid chunked data in net/http (CVE-2025-22871)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

Red Hat Enterprise Linux for x86_64 8 x86_64
Red Hat Enterprise Linux for IBM z Systems 8 s390x
Red Hat Enterprise Linux for Power, little endian 8 ppc64le
Red Hat Enterprise Linux for ARM 64 8 aarch64

Fixes

BZ - 2358493 - CVE-2025-22871 net/http: Request smuggling due to acceptance of invalid chunked data in net/http
RHEL-94636 - Update to Go 1.23.9 [rhel-8.10]

CVEs

CVE-2025-22871

References

https://access.redhat.com/security/updates/classification/#moderate

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux for x86_64 8

SRPM
delve-1.24.1-1.module+el8.10.0+22945+b2c96a17.src.rpm	SHA-256: f2cc1f7ce0ff833db04bb5b97d495bebb38525cf034f0ac7d5abbffd3468bd04
go-toolset-1.23.9-1.module+el8.10.0+23162+9223a61a.src.rpm	SHA-256: 797bca6423c4abfbc6fe880e9bbe3534a8c7b10f11234d6c3d616d59d4937a11
golang-1.23.9-1.module+el8.10.0+23162+9223a61a.src.rpm	SHA-256: a85c1212cf7f8025bc2ce1be3812a2cdff792182819c073c63809e5c5a4b06e5
x86_64
delve-1.24.1-1.module+el8.10.0+22945+b2c96a17.x86_64.rpm	SHA-256: 5882a0cfa7eb18396621d8783f062a506ae6977d9a5a29e9c05ae7e5fd93dc8a
delve-debuginfo-1.24.1-1.module+el8.10.0+22945+b2c96a17.x86_64.rpm	SHA-256: 0eebebbed117c0b0e191bb086b8785f0ff982d89717733d2a711bcf66a0f7176
delve-debugsource-1.24.1-1.module+el8.10.0+22945+b2c96a17.x86_64.rpm	SHA-256: fc3f176322bdd65942d986bb5da347e89c7392164ea225ef522905e9452d37a2
go-toolset-1.23.9-1.module+el8.10.0+23162+9223a61a.x86_64.rpm	SHA-256: fa02c9f6506a1704b8d8951791da5118ce97f0df2540571ddce66c0f38255f2b
golang-1.23.9-1.module+el8.10.0+23162+9223a61a.x86_64.rpm	SHA-256: 198f8ffd500ee4525787048eb9df947c92c7895caf6251400a505369230fa7fc
golang-bin-1.23.9-1.module+el8.10.0+23162+9223a61a.x86_64.rpm	SHA-256: a7125ea8b32fd352e3f94f2a427be98c3550f05fcbd0ca28b42586037fd93c8a
golang-docs-1.23.9-1.module+el8.10.0+23162+9223a61a.noarch.rpm	SHA-256: 1fec77a364f13344b621503e3aca5982e5989bd71af707b2f1844e3746b4950f
golang-misc-1.23.9-1.module+el8.10.0+23162+9223a61a.noarch.rpm	SHA-256: 3d98827005c7431697640a8d56685dd273e85920b304615c47bfc032e68d1a37
golang-src-1.23.9-1.module+el8.10.0+23162+9223a61a.noarch.rpm	SHA-256: 346e10b45d1249e2121072ed7e80db558a7cb2b3d9b96b430a23e49de91836fa
golang-tests-1.23.9-1.module+el8.10.0+23162+9223a61a.noarch.rpm	SHA-256: 46818e6d3d62ca1a6c5abb114aa07b7cd7b2c896f6878821fd746cc6565bdd9e

Red Hat Enterprise Linux for IBM z Systems 8

SRPM
go-toolset-1.23.9-1.module+el8.10.0+23162+9223a61a.src.rpm	SHA-256: 797bca6423c4abfbc6fe880e9bbe3534a8c7b10f11234d6c3d616d59d4937a11
golang-1.23.9-1.module+el8.10.0+23162+9223a61a.src.rpm	SHA-256: a85c1212cf7f8025bc2ce1be3812a2cdff792182819c073c63809e5c5a4b06e5
s390x
golang-docs-1.23.9-1.module+el8.10.0+23162+9223a61a.noarch.rpm	SHA-256: 1fec77a364f13344b621503e3aca5982e5989bd71af707b2f1844e3746b4950f
golang-misc-1.23.9-1.module+el8.10.0+23162+9223a61a.noarch.rpm	SHA-256: 3d98827005c7431697640a8d56685dd273e85920b304615c47bfc032e68d1a37
golang-src-1.23.9-1.module+el8.10.0+23162+9223a61a.noarch.rpm	SHA-256: 346e10b45d1249e2121072ed7e80db558a7cb2b3d9b96b430a23e49de91836fa
golang-tests-1.23.9-1.module+el8.10.0+23162+9223a61a.noarch.rpm	SHA-256: 46818e6d3d62ca1a6c5abb114aa07b7cd7b2c896f6878821fd746cc6565bdd9e
go-toolset-1.23.9-1.module+el8.10.0+23162+9223a61a.s390x.rpm	SHA-256: 40e126ba11e1d81b8913b9456464a7aba1f1e6e061958c09afbee114a6ac1276
golang-1.23.9-1.module+el8.10.0+23162+9223a61a.s390x.rpm	SHA-256: aa24866641c76d3dfd1c2a53998127d34f427dfe1668fb77c141da9453b6127c
golang-bin-1.23.9-1.module+el8.10.0+23162+9223a61a.s390x.rpm	SHA-256: f383645a5bcf93a6c1e53e31623f15dc5bccb8b4382fcf286d16d62dc60bd430

Red Hat Enterprise Linux for Power, little endian 8

SRPM
delve-1.24.1-1.module+el8.10.0+22945+b2c96a17.src.rpm	SHA-256: f2cc1f7ce0ff833db04bb5b97d495bebb38525cf034f0ac7d5abbffd3468bd04
go-toolset-1.23.9-1.module+el8.10.0+23162+9223a61a.src.rpm	SHA-256: 797bca6423c4abfbc6fe880e9bbe3534a8c7b10f11234d6c3d616d59d4937a11
golang-1.23.9-1.module+el8.10.0+23162+9223a61a.src.rpm	SHA-256: a85c1212cf7f8025bc2ce1be3812a2cdff792182819c073c63809e5c5a4b06e5
ppc64le
golang-docs-1.23.9-1.module+el8.10.0+23162+9223a61a.noarch.rpm	SHA-256: 1fec77a364f13344b621503e3aca5982e5989bd71af707b2f1844e3746b4950f
golang-misc-1.23.9-1.module+el8.10.0+23162+9223a61a.noarch.rpm	SHA-256: 3d98827005c7431697640a8d56685dd273e85920b304615c47bfc032e68d1a37
golang-src-1.23.9-1.module+el8.10.0+23162+9223a61a.noarch.rpm	SHA-256: 346e10b45d1249e2121072ed7e80db558a7cb2b3d9b96b430a23e49de91836fa
golang-tests-1.23.9-1.module+el8.10.0+23162+9223a61a.noarch.rpm	SHA-256: 46818e6d3d62ca1a6c5abb114aa07b7cd7b2c896f6878821fd746cc6565bdd9e
delve-1.24.1-1.module+el8.10.0+22945+b2c96a17.ppc64le.rpm	SHA-256: 65c9cfbedd22a0a4c00e0cbc2b3674e259c5233937e7292f72b009b4eb882e4b
delve-debuginfo-1.24.1-1.module+el8.10.0+22945+b2c96a17.ppc64le.rpm	SHA-256: 7259c25a4280b9d2d914697a4692e59a40de21cf74d3ef63af7351724098094b
delve-debugsource-1.24.1-1.module+el8.10.0+22945+b2c96a17.ppc64le.rpm	SHA-256: f7e2adc3bf71a3a4b2d1183a746307db9d3884b4915f8dfbb9a30a3ebbedb5eb
go-toolset-1.23.9-1.module+el8.10.0+23162+9223a61a.ppc64le.rpm	SHA-256: 55a206766939cf20caf9f31ddf427176b8c125413c544c9ca66dbce6359067ee
golang-1.23.9-1.module+el8.10.0+23162+9223a61a.ppc64le.rpm	SHA-256: 94702a838807e81cb3827d6ecd25187c8129a7fe7fdb66485bf75dde0839194a
golang-bin-1.23.9-1.module+el8.10.0+23162+9223a61a.ppc64le.rpm	SHA-256: 3e270bcc3f6dde280b3bed02f0d608d300d18571b423fd8445053ba2f59f7def

Red Hat Enterprise Linux for ARM 64 8

SRPM
delve-1.24.1-1.module+el8.10.0+22945+b2c96a17.src.rpm	SHA-256: f2cc1f7ce0ff833db04bb5b97d495bebb38525cf034f0ac7d5abbffd3468bd04
go-toolset-1.23.9-1.module+el8.10.0+23162+9223a61a.src.rpm	SHA-256: 797bca6423c4abfbc6fe880e9bbe3534a8c7b10f11234d6c3d616d59d4937a11
golang-1.23.9-1.module+el8.10.0+23162+9223a61a.src.rpm	SHA-256: a85c1212cf7f8025bc2ce1be3812a2cdff792182819c073c63809e5c5a4b06e5
aarch64
golang-docs-1.23.9-1.module+el8.10.0+23162+9223a61a.noarch.rpm	SHA-256: 1fec77a364f13344b621503e3aca5982e5989bd71af707b2f1844e3746b4950f
golang-misc-1.23.9-1.module+el8.10.0+23162+9223a61a.noarch.rpm	SHA-256: 3d98827005c7431697640a8d56685dd273e85920b304615c47bfc032e68d1a37
golang-src-1.23.9-1.module+el8.10.0+23162+9223a61a.noarch.rpm	SHA-256: 346e10b45d1249e2121072ed7e80db558a7cb2b3d9b96b430a23e49de91836fa
golang-tests-1.23.9-1.module+el8.10.0+23162+9223a61a.noarch.rpm	SHA-256: 46818e6d3d62ca1a6c5abb114aa07b7cd7b2c896f6878821fd746cc6565bdd9e
delve-1.24.1-1.module+el8.10.0+22945+b2c96a17.aarch64.rpm	SHA-256: 99335542a8129ded4ecd8a2f6f23c70cd5503468c58dd461bdf47ae1e55ab086
delve-debuginfo-1.24.1-1.module+el8.10.0+22945+b2c96a17.aarch64.rpm	SHA-256: 0403dc76b309407f7f05c32f0cff54ef34607fcb2eb46e65b6f379428202f07f
delve-debugsource-1.24.1-1.module+el8.10.0+22945+b2c96a17.aarch64.rpm	SHA-256: 45f6715a8c2e817b385a5c7a94bd75580307a73fdc47cb8a935926250ca91fd3
go-toolset-1.23.9-1.module+el8.10.0+23162+9223a61a.aarch64.rpm	SHA-256: a04ebff26d4591949633d4190ef9d124e3bcba6725df6b80acff4e062da459e3
golang-1.23.9-1.module+el8.10.0+23162+9223a61a.aarch64.rpm	SHA-256: 39b2f8afd1c07d4f0a43165299e08542cdf2618b13a11f1de99c8b3e51d3f224
golang-bin-1.23.9-1.module+el8.10.0+23162+9223a61a.aarch64.rpm	SHA-256: efc5272599e95c6a2fea54c008fc29de3996d6f7635441d0bab34352b691be1b

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation