Alerts This Week
Warning Icon 1 727
Alerts This Week
Warning Icon 1 727

Fedora 43: Important Memory Issue in golangci-lint ALPN Negotiation

fedora
Calendar Grey December 14, 2025
Dist Fedora Esm H88
Fedora 43 releases golangci-lint with critical fixes for Go CVEs affecting security and application performance.
Latest version This build with the latest golang should also fix all the Go CVEs, although I did verify how/if this package is affected by these CVEs.

Summary

Fast linters runner for Go.

Update Information:

Latest version This build with the latest golang should also fix all the Go CVEs, although I did verify how/if this package is affected by these CVEs.

Topics%20covered

Topics Covered

security advisory fedora important memory exhaustion alpn negotiation golangci-lint

Change Log

* Fri Dec 5 2025 Packit - 2.7.1-1 - Update to 2.7.1 upstream release - Resolves: rhbz#2407287 * Fri Oct 10 2025 Maxwell G - 2.5.0-4 - Rebuild for golang 1.25.2

References


[ 1 ] Bug #2407757 - CVE-2025-58189 golangci-lint: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2407757 [ 2 ] Bug #2408026 - CVE-2025-58189 golangci-lint: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2408026 [ 3 ] Bug #2408284 - CVE-2025-58189 golangci-lint: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2408284 [ 4 ] Bug #2409207 - CVE-2025-61723 golangci-lint: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2409207 [ 5 ] Bug #2409494 - CVE-2025-61723 golangci-lint: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?...

Read the Full Advisory

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-cc4c533b49' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
important
Lowest
Low
Medium
High
Critical

Name: golangci-lint
Product: Fedora 43
Version: 2.7.1
Release: 1.fc43
URL: https://github.com/golangci/golangci-lint
Summary: Fast linters runner for Go

Topics%20covered

Topics Covered

security advisory fedora important memory exhaustion alpn negotiation golangci-lint

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here