- Issued:
- 2025-06-04
- Updated:
- 2025-06-04
RHSA-2025:8478 - Security Advisory
Synopsis
Moderate: go-toolset:rhel8 security update
Type/Severity
Security Advisory: Moderate
Red Hat Lightspeed patch analysis
Identify and remediate systems affected by this advisory.
Topic
An update for the go-toolset:rhel8 module is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang.
Security Fix(es):
- net/http: Request smuggling due to acceptance of invalid chunked data in net/http (CVE-2025-22871)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Solution
For details on how to apply this update, which includes the changes described in this advisory, refer to:
Affected Products
- Red Hat Enterprise Linux for x86_64 8 x86_64
- Red Hat Enterprise Linux for IBM z Systems 8 s390x
- Red Hat Enterprise Linux for Power, little endian 8 ppc64le
- Red Hat Enterprise Linux for ARM 64 8 aarch64
Fixes
- BZ - 2358493 - CVE-2025-22871 net/http: Request smuggling due to acceptance of invalid chunked data in net/http
- RHEL-94636 - Update to Go 1.23.9 [rhel-8.10]
CVEs
Note:
More recent versions of these packages may be available.
Click a package name for more details.
Red Hat Enterprise Linux for x86_64 8
| SRPM | |
|---|---|
| delve-1.24.1-1.module+el8.10.0+22945+b2c96a17.src.rpm | SHA-256: f2cc1f7ce0ff833db04bb5b97d495bebb38525cf034f0ac7d5abbffd3468bd04 |
| go-toolset-1.23.9-1.module+el8.10.0+23162+9223a61a.src.rpm | SHA-256: 797bca6423c4abfbc6fe880e9bbe3534a8c7b10f11234d6c3d616d59d4937a11 |
| golang-1.23.9-1.module+el8.10.0+23162+9223a61a.src.rpm | SHA-256: a85c1212cf7f8025bc2ce1be3812a2cdff792182819c073c63809e5c5a4b06e5 |
| x86_64 | |
| delve-1.24.1-1.module+el8.10.0+22945+b2c96a17.x86_64.rpm | SHA-256: 5882a0cfa7eb18396621d8783f062a506ae6977d9a5a29e9c05ae7e5fd93dc8a |
| delve-debuginfo-1.24.1-1.module+el8.10.0+22945+b2c96a17.x86_64.rpm | SHA-256: 0eebebbed117c0b0e191bb086b8785f0ff982d89717733d2a711bcf66a0f7176 |
| delve-debugsource-1.24.1-1.module+el8.10.0+22945+b2c96a17.x86_64.rpm | SHA-256: fc3f176322bdd65942d986bb5da347e89c7392164ea225ef522905e9452d37a2 |
| go-toolset-1.23.9-1.module+el8.10.0+23162+9223a61a.x86_64.rpm | SHA-256: fa02c9f6506a1704b8d8951791da5118ce97f0df2540571ddce66c0f38255f2b |
| golang-1.23.9-1.module+el8.10.0+23162+9223a61a.x86_64.rpm | SHA-256: 198f8ffd500ee4525787048eb9df947c92c7895caf6251400a505369230fa7fc |
| golang-bin-1.23.9-1.module+el8.10.0+23162+9223a61a.x86_64.rpm | SHA-256: a7125ea8b32fd352e3f94f2a427be98c3550f05fcbd0ca28b42586037fd93c8a |
| golang-docs-1.23.9-1.module+el8.10.0+23162+9223a61a.noarch.rpm | SHA-256: 1fec77a364f13344b621503e3aca5982e5989bd71af707b2f1844e3746b4950f |
| golang-misc-1.23.9-1.module+el8.10.0+23162+9223a61a.noarch.rpm | SHA-256: 3d98827005c7431697640a8d56685dd273e85920b304615c47bfc032e68d1a37 |
| golang-src-1.23.9-1.module+el8.10.0+23162+9223a61a.noarch.rpm | SHA-256: 346e10b45d1249e2121072ed7e80db558a7cb2b3d9b96b430a23e49de91836fa |
| golang-tests-1.23.9-1.module+el8.10.0+23162+9223a61a.noarch.rpm | SHA-256: 46818e6d3d62ca1a6c5abb114aa07b7cd7b2c896f6878821fd746cc6565bdd9e |
| golang-docs-1.23.9-1.module+el8.10.0+23162+9223a61a.noarch.rpm | SHA-256: 1fec77a364f13344b621503e3aca5982e5989bd71af707b2f1844e3746b4950f |
| golang-misc-1.23.9-1.module+el8.10.0+23162+9223a61a.noarch.rpm | SHA-256: 3d98827005c7431697640a8d56685dd273e85920b304615c47bfc032e68d1a37 |
| golang-src-1.23.9-1.module+el8.10.0+23162+9223a61a.noarch.rpm | SHA-256: 346e10b45d1249e2121072ed7e80db558a7cb2b3d9b96b430a23e49de91836fa |
| golang-tests-1.23.9-1.module+el8.10.0+23162+9223a61a.noarch.rpm | SHA-256: 46818e6d3d62ca1a6c5abb114aa07b7cd7b2c896f6878821fd746cc6565bdd9e |
| golang-docs-1.23.9-1.module+el8.10.0+23162+9223a61a.noarch.rpm | SHA-256: 1fec77a364f13344b621503e3aca5982e5989bd71af707b2f1844e3746b4950f |
| golang-misc-1.23.9-1.module+el8.10.0+23162+9223a61a.noarch.rpm | SHA-256: 3d98827005c7431697640a8d56685dd273e85920b304615c47bfc032e68d1a37 |
| golang-src-1.23.9-1.module+el8.10.0+23162+9223a61a.noarch.rpm | SHA-256: 346e10b45d1249e2121072ed7e80db558a7cb2b3d9b96b430a23e49de91836fa |
| golang-tests-1.23.9-1.module+el8.10.0+23162+9223a61a.noarch.rpm | SHA-256: 46818e6d3d62ca1a6c5abb114aa07b7cd7b2c896f6878821fd746cc6565bdd9e |
| golang-docs-1.23.9-1.module+el8.10.0+23162+9223a61a.noarch.rpm | SHA-256: 1fec77a364f13344b621503e3aca5982e5989bd71af707b2f1844e3746b4950f |
| golang-misc-1.23.9-1.module+el8.10.0+23162+9223a61a.noarch.rpm | SHA-256: 3d98827005c7431697640a8d56685dd273e85920b304615c47bfc032e68d1a37 |
| golang-src-1.23.9-1.module+el8.10.0+23162+9223a61a.noarch.rpm | SHA-256: 346e10b45d1249e2121072ed7e80db558a7cb2b3d9b96b430a23e49de91836fa |
| golang-tests-1.23.9-1.module+el8.10.0+23162+9223a61a.noarch.rpm | SHA-256: 46818e6d3d62ca1a6c5abb114aa07b7cd7b2c896f6878821fd746cc6565bdd9e |
Red Hat Enterprise Linux for IBM z Systems 8
| SRPM | |
|---|---|
| go-toolset-1.23.9-1.module+el8.10.0+23162+9223a61a.src.rpm | SHA-256: 797bca6423c4abfbc6fe880e9bbe3534a8c7b10f11234d6c3d616d59d4937a11 |
| golang-1.23.9-1.module+el8.10.0+23162+9223a61a.src.rpm | SHA-256: a85c1212cf7f8025bc2ce1be3812a2cdff792182819c073c63809e5c5a4b06e5 |
| s390x | |
| golang-docs-1.23.9-1.module+el8.10.0+23162+9223a61a.noarch.rpm | SHA-256: 1fec77a364f13344b621503e3aca5982e5989bd71af707b2f1844e3746b4950f |
| golang-misc-1.23.9-1.module+el8.10.0+23162+9223a61a.noarch.rpm | SHA-256: 3d98827005c7431697640a8d56685dd273e85920b304615c47bfc032e68d1a37 |
| golang-src-1.23.9-1.module+el8.10.0+23162+9223a61a.noarch.rpm | SHA-256: 346e10b45d1249e2121072ed7e80db558a7cb2b3d9b96b430a23e49de91836fa |
| golang-tests-1.23.9-1.module+el8.10.0+23162+9223a61a.noarch.rpm | SHA-256: 46818e6d3d62ca1a6c5abb114aa07b7cd7b2c896f6878821fd746cc6565bdd9e |
| golang-docs-1.23.9-1.module+el8.10.0+23162+9223a61a.noarch.rpm | SHA-256: 1fec77a364f13344b621503e3aca5982e5989bd71af707b2f1844e3746b4950f |
| golang-misc-1.23.9-1.module+el8.10.0+23162+9223a61a.noarch.rpm | SHA-256: 3d98827005c7431697640a8d56685dd273e85920b304615c47bfc032e68d1a37 |
| golang-src-1.23.9-1.module+el8.10.0+23162+9223a61a.noarch.rpm | SHA-256: 346e10b45d1249e2121072ed7e80db558a7cb2b3d9b96b430a23e49de91836fa |
| golang-tests-1.23.9-1.module+el8.10.0+23162+9223a61a.noarch.rpm | SHA-256: 46818e6d3d62ca1a6c5abb114aa07b7cd7b2c896f6878821fd746cc6565bdd9e |
| golang-docs-1.23.9-1.module+el8.10.0+23162+9223a61a.noarch.rpm | SHA-256: 1fec77a364f13344b621503e3aca5982e5989bd71af707b2f1844e3746b4950f |
| golang-misc-1.23.9-1.module+el8.10.0+23162+9223a61a.noarch.rpm | SHA-256: 3d98827005c7431697640a8d56685dd273e85920b304615c47bfc032e68d1a37 |
| golang-src-1.23.9-1.module+el8.10.0+23162+9223a61a.noarch.rpm | SHA-256: 346e10b45d1249e2121072ed7e80db558a7cb2b3d9b96b430a23e49de91836fa |
| golang-tests-1.23.9-1.module+el8.10.0+23162+9223a61a.noarch.rpm | SHA-256: 46818e6d3d62ca1a6c5abb114aa07b7cd7b2c896f6878821fd746cc6565bdd9e |
| go-toolset-1.23.9-1.module+el8.10.0+23162+9223a61a.s390x.rpm | SHA-256: 40e126ba11e1d81b8913b9456464a7aba1f1e6e061958c09afbee114a6ac1276 |
| golang-1.23.9-1.module+el8.10.0+23162+9223a61a.s390x.rpm | SHA-256: aa24866641c76d3dfd1c2a53998127d34f427dfe1668fb77c141da9453b6127c |
| golang-bin-1.23.9-1.module+el8.10.0+23162+9223a61a.s390x.rpm | SHA-256: f383645a5bcf93a6c1e53e31623f15dc5bccb8b4382fcf286d16d62dc60bd430 |
| golang-docs-1.23.9-1.module+el8.10.0+23162+9223a61a.noarch.rpm | SHA-256: 1fec77a364f13344b621503e3aca5982e5989bd71af707b2f1844e3746b4950f |
| golang-misc-1.23.9-1.module+el8.10.0+23162+9223a61a.noarch.rpm | SHA-256: 3d98827005c7431697640a8d56685dd273e85920b304615c47bfc032e68d1a37 |
| golang-src-1.23.9-1.module+el8.10.0+23162+9223a61a.noarch.rpm | SHA-256: 346e10b45d1249e2121072ed7e80db558a7cb2b3d9b96b430a23e49de91836fa |
| golang-tests-1.23.9-1.module+el8.10.0+23162+9223a61a.noarch.rpm | SHA-256: 46818e6d3d62ca1a6c5abb114aa07b7cd7b2c896f6878821fd746cc6565bdd9e |
Red Hat Enterprise Linux for Power, little endian 8
| SRPM | |
|---|---|
| delve-1.24.1-1.module+el8.10.0+22945+b2c96a17.src.rpm | SHA-256: f2cc1f7ce0ff833db04bb5b97d495bebb38525cf034f0ac7d5abbffd3468bd04 |
| go-toolset-1.23.9-1.module+el8.10.0+23162+9223a61a.src.rpm | SHA-256: 797bca6423c4abfbc6fe880e9bbe3534a8c7b10f11234d6c3d616d59d4937a11 |
| golang-1.23.9-1.module+el8.10.0+23162+9223a61a.src.rpm | SHA-256: a85c1212cf7f8025bc2ce1be3812a2cdff792182819c073c63809e5c5a4b06e5 |
| ppc64le | |
| golang-docs-1.23.9-1.module+el8.10.0+23162+9223a61a.noarch.rpm | SHA-256: 1fec77a364f13344b621503e3aca5982e5989bd71af707b2f1844e3746b4950f |
| golang-misc-1.23.9-1.module+el8.10.0+23162+9223a61a.noarch.rpm | SHA-256: 3d98827005c7431697640a8d56685dd273e85920b304615c47bfc032e68d1a37 |
| golang-src-1.23.9-1.module+el8.10.0+23162+9223a61a.noarch.rpm | SHA-256: 346e10b45d1249e2121072ed7e80db558a7cb2b3d9b96b430a23e49de91836fa |
| golang-tests-1.23.9-1.module+el8.10.0+23162+9223a61a.noarch.rpm | SHA-256: 46818e6d3d62ca1a6c5abb114aa07b7cd7b2c896f6878821fd746cc6565bdd9e |
| golang-docs-1.23.9-1.module+el8.10.0+23162+9223a61a.noarch.rpm | SHA-256: 1fec77a364f13344b621503e3aca5982e5989bd71af707b2f1844e3746b4950f |
| golang-misc-1.23.9-1.module+el8.10.0+23162+9223a61a.noarch.rpm | SHA-256: 3d98827005c7431697640a8d56685dd273e85920b304615c47bfc032e68d1a37 |
| golang-src-1.23.9-1.module+el8.10.0+23162+9223a61a.noarch.rpm | SHA-256: 346e10b45d1249e2121072ed7e80db558a7cb2b3d9b96b430a23e49de91836fa |
| golang-tests-1.23.9-1.module+el8.10.0+23162+9223a61a.noarch.rpm | SHA-256: 46818e6d3d62ca1a6c5abb114aa07b7cd7b2c896f6878821fd746cc6565bdd9e |
| delve-1.24.1-1.module+el8.10.0+22945+b2c96a17.ppc64le.rpm | SHA-256: 65c9cfbedd22a0a4c00e0cbc2b3674e259c5233937e7292f72b009b4eb882e4b |
| delve-debuginfo-1.24.1-1.module+el8.10.0+22945+b2c96a17.ppc64le.rpm | SHA-256: 7259c25a4280b9d2d914697a4692e59a40de21cf74d3ef63af7351724098094b |
| delve-debugsource-1.24.1-1.module+el8.10.0+22945+b2c96a17.ppc64le.rpm | SHA-256: f7e2adc3bf71a3a4b2d1183a746307db9d3884b4915f8dfbb9a30a3ebbedb5eb |
| go-toolset-1.23.9-1.module+el8.10.0+23162+9223a61a.ppc64le.rpm | SHA-256: 55a206766939cf20caf9f31ddf427176b8c125413c544c9ca66dbce6359067ee |
| golang-1.23.9-1.module+el8.10.0+23162+9223a61a.ppc64le.rpm | SHA-256: 94702a838807e81cb3827d6ecd25187c8129a7fe7fdb66485bf75dde0839194a |
| golang-bin-1.23.9-1.module+el8.10.0+23162+9223a61a.ppc64le.rpm | SHA-256: 3e270bcc3f6dde280b3bed02f0d608d300d18571b423fd8445053ba2f59f7def |
| golang-docs-1.23.9-1.module+el8.10.0+23162+9223a61a.noarch.rpm | SHA-256: 1fec77a364f13344b621503e3aca5982e5989bd71af707b2f1844e3746b4950f |
| golang-misc-1.23.9-1.module+el8.10.0+23162+9223a61a.noarch.rpm | SHA-256: 3d98827005c7431697640a8d56685dd273e85920b304615c47bfc032e68d1a37 |
| golang-src-1.23.9-1.module+el8.10.0+23162+9223a61a.noarch.rpm | SHA-256: 346e10b45d1249e2121072ed7e80db558a7cb2b3d9b96b430a23e49de91836fa |
| golang-tests-1.23.9-1.module+el8.10.0+23162+9223a61a.noarch.rpm | SHA-256: 46818e6d3d62ca1a6c5abb114aa07b7cd7b2c896f6878821fd746cc6565bdd9e |
| golang-docs-1.23.9-1.module+el8.10.0+23162+9223a61a.noarch.rpm | SHA-256: 1fec77a364f13344b621503e3aca5982e5989bd71af707b2f1844e3746b4950f |
| golang-misc-1.23.9-1.module+el8.10.0+23162+9223a61a.noarch.rpm | SHA-256: 3d98827005c7431697640a8d56685dd273e85920b304615c47bfc032e68d1a37 |
| golang-src-1.23.9-1.module+el8.10.0+23162+9223a61a.noarch.rpm | SHA-256: 346e10b45d1249e2121072ed7e80db558a7cb2b3d9b96b430a23e49de91836fa |
| golang-tests-1.23.9-1.module+el8.10.0+23162+9223a61a.noarch.rpm | SHA-256: 46818e6d3d62ca1a6c5abb114aa07b7cd7b2c896f6878821fd746cc6565bdd9e |
Red Hat Enterprise Linux for ARM 64 8
| SRPM | |
|---|---|
| delve-1.24.1-1.module+el8.10.0+22945+b2c96a17.src.rpm | SHA-256: f2cc1f7ce0ff833db04bb5b97d495bebb38525cf034f0ac7d5abbffd3468bd04 |
| go-toolset-1.23.9-1.module+el8.10.0+23162+9223a61a.src.rpm | SHA-256: 797bca6423c4abfbc6fe880e9bbe3534a8c7b10f11234d6c3d616d59d4937a11 |
| golang-1.23.9-1.module+el8.10.0+23162+9223a61a.src.rpm | SHA-256: a85c1212cf7f8025bc2ce1be3812a2cdff792182819c073c63809e5c5a4b06e5 |
| aarch64 | |
| golang-docs-1.23.9-1.module+el8.10.0+23162+9223a61a.noarch.rpm | SHA-256: 1fec77a364f13344b621503e3aca5982e5989bd71af707b2f1844e3746b4950f |
| golang-misc-1.23.9-1.module+el8.10.0+23162+9223a61a.noarch.rpm | SHA-256: 3d98827005c7431697640a8d56685dd273e85920b304615c47bfc032e68d1a37 |
| golang-src-1.23.9-1.module+el8.10.0+23162+9223a61a.noarch.rpm | SHA-256: 346e10b45d1249e2121072ed7e80db558a7cb2b3d9b96b430a23e49de91836fa |
| golang-tests-1.23.9-1.module+el8.10.0+23162+9223a61a.noarch.rpm | SHA-256: 46818e6d3d62ca1a6c5abb114aa07b7cd7b2c896f6878821fd746cc6565bdd9e |
| delve-1.24.1-1.module+el8.10.0+22945+b2c96a17.aarch64.rpm | SHA-256: 99335542a8129ded4ecd8a2f6f23c70cd5503468c58dd461bdf47ae1e55ab086 |
| delve-debuginfo-1.24.1-1.module+el8.10.0+22945+b2c96a17.aarch64.rpm | SHA-256: 0403dc76b309407f7f05c32f0cff54ef34607fcb2eb46e65b6f379428202f07f |
| delve-debugsource-1.24.1-1.module+el8.10.0+22945+b2c96a17.aarch64.rpm | SHA-256: 45f6715a8c2e817b385a5c7a94bd75580307a73fdc47cb8a935926250ca91fd3 |
| go-toolset-1.23.9-1.module+el8.10.0+23162+9223a61a.aarch64.rpm | SHA-256: a04ebff26d4591949633d4190ef9d124e3bcba6725df6b80acff4e062da459e3 |
| golang-1.23.9-1.module+el8.10.0+23162+9223a61a.aarch64.rpm | SHA-256: 39b2f8afd1c07d4f0a43165299e08542cdf2618b13a11f1de99c8b3e51d3f224 |
| golang-bin-1.23.9-1.module+el8.10.0+23162+9223a61a.aarch64.rpm | SHA-256: efc5272599e95c6a2fea54c008fc29de3996d6f7635441d0bab34352b691be1b |
| golang-docs-1.23.9-1.module+el8.10.0+23162+9223a61a.noarch.rpm | SHA-256: 1fec77a364f13344b621503e3aca5982e5989bd71af707b2f1844e3746b4950f |
| golang-misc-1.23.9-1.module+el8.10.0+23162+9223a61a.noarch.rpm | SHA-256: 3d98827005c7431697640a8d56685dd273e85920b304615c47bfc032e68d1a37 |
| golang-src-1.23.9-1.module+el8.10.0+23162+9223a61a.noarch.rpm | SHA-256: 346e10b45d1249e2121072ed7e80db558a7cb2b3d9b96b430a23e49de91836fa |
| golang-tests-1.23.9-1.module+el8.10.0+23162+9223a61a.noarch.rpm | SHA-256: 46818e6d3d62ca1a6c5abb114aa07b7cd7b2c896f6878821fd746cc6565bdd9e |
| golang-docs-1.23.9-1.module+el8.10.0+23162+9223a61a.noarch.rpm | SHA-256: 1fec77a364f13344b621503e3aca5982e5989bd71af707b2f1844e3746b4950f |
| golang-misc-1.23.9-1.module+el8.10.0+23162+9223a61a.noarch.rpm | SHA-256: 3d98827005c7431697640a8d56685dd273e85920b304615c47bfc032e68d1a37 |
| golang-src-1.23.9-1.module+el8.10.0+23162+9223a61a.noarch.rpm | SHA-256: 346e10b45d1249e2121072ed7e80db558a7cb2b3d9b96b430a23e49de91836fa |
| golang-tests-1.23.9-1.module+el8.10.0+23162+9223a61a.noarch.rpm | SHA-256: 46818e6d3d62ca1a6c5abb114aa07b7cd7b2c896f6878821fd746cc6565bdd9e |
| golang-docs-1.23.9-1.module+el8.10.0+23162+9223a61a.noarch.rpm | SHA-256: 1fec77a364f13344b621503e3aca5982e5989bd71af707b2f1844e3746b4950f |
| golang-misc-1.23.9-1.module+el8.10.0+23162+9223a61a.noarch.rpm | SHA-256: 3d98827005c7431697640a8d56685dd273e85920b304615c47bfc032e68d1a37 |
| golang-src-1.23.9-1.module+el8.10.0+23162+9223a61a.noarch.rpm | SHA-256: 346e10b45d1249e2121072ed7e80db558a7cb2b3d9b96b430a23e49de91836fa |
| golang-tests-1.23.9-1.module+el8.10.0+23162+9223a61a.noarch.rpm | SHA-256: 46818e6d3d62ca1a6c5abb114aa07b7cd7b2c896f6878821fd746cc6565bdd9e |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.
