Alerts This Week
Warning Icon 1 485
Alerts This Week
Warning Icon 1 485

Fedora 41: FEDORA-2025-333708f4ce critical: golang-x-perf memory issue

fedora
Calendar Grey June 15, 2025
Dist Fedora Esm H88
Important security patch for golang-x-perf resolving memory management flaws and vulnerabilities related to proxy evasion.
Security update

Summary

This package holds the source for various tools related to performance

measurement, storage, and analysis.

- cmd/benchstat contains a command-line tool that computes and 7

compares statistics about benchmarks.

- cmd/benchsave contains a command-line tool for publishing benchmark

results.

- storage contains the benchmark result

storage system.

- analysis contains the https://perf.golang.org/ benchmark result analysis

system.

Update Information:

Security update

Change Log

* Fri Mar 28 2025 Alejandro Sáez - 0-0.28 - Update to newer version, migrate to vendor-tools * Fri Jan 17 2025 Fedora Release Engineering - 0-0.26 - Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild * Mon Sep 2 2024 Miroslav Suchý - 0-0.25 - convert license to SPDX

References


[ 1 ] Bug #2348825 - CVE-2025-22868 golang-x-perf: Unexpected memory consumption during token parsing in golang.org/x/oauth2 [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2348825 [ 2 ] Bug #2352286 - CVE-2025-22870 golang-x-perf: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2352286

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-333708f4ce' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
critical
Lowest
Low
Medium
High
Critical

Name: golang-x-perf
Product: Fedora 41
Version: 0
Release: 0.28.20250326git02a15fd.fc41
Summary: Performance measurement, storage, and analysis

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here