Alerts This Week
Warning Icon 1 1,111
Alerts This Week
Warning Icon 1 1,111

Ubuntu 24.10: USN-7574-1 important: golang-1.22 information disclosure

ubuntu
Calendar Grey June 19, 2025
Dist Ubuntu Esm H88
Numerous security flaws addressed in Go for Ubuntu platforms, confronting critical threats and requiring urgent patches.
Several security issues were fixed in Go.

Summary

Several security issues were fixed in Go.

Software Description:

- golang-1.22: Go programming language compiler

Details:

Kyle Seely discovered that the Go net/http module did not properly handle

sensitive headers during repeated redirects. An attacker could possibly

use this issue to obtain sensitive information. (CVE-2024-45336)

Juho Forsén discovered that the Go crypto/x509 module incorrectly handled

IPv6 addresses during URI parsing. An attacker could possibly use this

issue to bypass certificate URI constraints. (CVE-2024-45341)

It was discovered that the Go crypto module did not properly handle

variable time instructions under certain circumstances on 64-bit Power

(ppc64el) systems. An attacker could possibly use this issue to expose

sensitive information. (CVE-2025-22866)

It was discovered that the Go http/httpproxy module did not properly

handle IPv6 zone IDs during hostname matching. An attacker could possibly

use this issue to cause a denial of service. (CVE-2025-22...

Read the Full Advisory

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 24.10
  golang-1.22                     1.22.8-1ubuntu0.1
  golang-1.22-go                  1.22.8-1ubuntu0.1
  golang-1.22-src                 1.22.8-1ubuntu0.1

Ubuntu 24.04 LTS
  golang-1.22                     1.22.2-2ubuntu0.4
  golang-1.22-go                  1.22.2-2ubuntu0.4
  golang-1.22-src                 1.22.2-2ubuntu0.4

Ubuntu 22.04 LTS
  golang-1.22                     1.22.2-2~22.04.3
  golang-1.22-go                  1.22.2-2~22.04.3
  golang-1.22-src                 1.22.2-2~22.04.3

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-7574-1

CVE-2024-45336, CVE-2024-45341, CVE-2025-22866, CVE-2025-22870,

CVE-2025-4673

Severity
important
Lowest
Low
Medium
High
Critical

Ubuntu Security Notice USN-7574-1

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here