Warning: Undefined array key "Description" in /var/www/www.linuxsecurity.com-443/html/lsadvisories/lsadvisories.php on line 220
Fedora 41 - FEDORA-2025-77ace1a41b critical: golang HTTP security fix
fedora
April 15, 2025
Includes security fixes to the net/http package, as well as bug fixes to the runtime and the go command
Summary
The Go Programming Language.
Update Information:
Includes security fixes to the net/http package, as well as bug fixes to the runtime and the go command. Full changelog.
Topics Covered
Change Log
* Mon Apr 14 2025 Packit
References
[ 1 ] Bug #2279816 - TRIAGE CVE-2024-24788 golang: net: malformed DNS message can cause infinite loop [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2279816
[ 2 ] Bug #2351948 - CVE-2025-22870 golang: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2351948
[ 3 ] Bug #2358578 - CVE-2025-22871 golang: Request smuggling due to acceptance of invalid chunked data in net/http [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2358578
Update Instructions
This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-77ace1a41b' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Name: golang
Product: Fedora 41
Version: 1.23.8
Release: 1.fc41
URL: https://go.dev
Summary: The Go Programming Language
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!