Alerts This Week
Warning Icon 1 727
Alerts This Week
Warning Icon 1 727

Fedora 42: delve Critical Memory Exhaustion Fixes FEDORA-2025-6d4139dafe

fedora
Calendar Grey January 1, 2026
Dist Fedora Esm H88
Delve 1.26.0 on Fedora 42 brings critical security fixes and supports Go 1.26, ensuring a safer programming environment.
Support for Go 1.26 and security fixes

Summary

Delve is a debugger for the Go programming language. The goal of the project

is to provide a simple, full featured debugging tool for Go. Delve should be

easy to invoke and easy to use. Chances are if you're using a debugger, things

aren't going your way. With that in mind, Delve should stay out of your way as

much as possible.

Update Information:

Support for Go 1.26 and security fixes. Upstream release notes.

Topics%20covered

Topics Covered

security advisory security issue fedora critical memory exhaustion delve

Change Log

* Fri Dec 19 2025 Packit - 1.26.0-1 - Update to 1.26.0 upstream release * Fri Oct 10 2025 Alejandro Sez - 1.25.2-2 - rebuild * Wed Aug 27 2025 Packit - 1.25.2-1 - Update to 1.25.2 upstream release - Resolves: rhbz#2391351 * Fri Aug 15 2025 Maxwell G - 1.25.1-5 - Rebuild for golang-1.25.0 * Fri Aug 15 2025 Maxwell G - 1.25.1-4 - Revert "Rebuild for golang-1.25.0" * Fri Aug 15 2025 Maxwell G - 1.25.1-3 - Rebuild for golang-1.25.0 * Wed Jul 23 2025 Fedora Release Engineering - 1.25.1-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild

References


[ 1 ] Bug #2399350 - CVE-2025-47906 delve: Unexpected paths returned from LookPath in os/exec [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2399350 [ 2 ] Bug #2407876 - CVE-2025-58189 delve: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2407876 [ 3 ] Bug #2408153 - CVE-2025-58189 delve: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2408153 [ 4 ] Bug #2409344 - CVE-2025-61723 delve: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2409344 [ 5 ] Bug #2409623 - CVE-2025-61723 delve: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2409623 [ 6 ] Bug #2410295 - CVE-2025-58185 delve: Parsing DER payload ...

Read the Full Advisory

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-6d4139dafe' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
critical
Lowest
Low
Medium
High
Critical

Name: delve
Product: Fedora 42
Version: 1.26.0
Release: 1.fc42
URL: https://github.com/go-delve/delve
Summary: A debugger for the Go programming language

Topics%20covered

Topics Covered

security advisory security issue fedora critical memory exhaustion delve

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here