go toolchain News Articles
Recent news articles refferecing the vendors vulnerabilities.
Fedora DiscussionCVE-2025-4674Go 1.24.5 and CVE-2025-4674 - Fedora Discussion
Go 1.24.5 was officially released by the upstream two days ago. One of the changes in this version is a resolving of a security vulnerability CVE-2025-4674 that allows “unexpected command execution in untrusted VCS repositories”. When the golang package for Fedora 42 will be updated? Currently I do...
Seclists.orgCVE-2025-4674oss-sec: Go 1.24.5 & 1.23.11 fix CVE-2025-4674
oss-sec mailing list archives From: Alan Coopersmith <alan.coopersmith () oracle com> Date: Tue, 8 Jul 2025 14:33:12 -0700 https://groups.google.com/g/golang-announce/c/gTNJnDXmn34 announces: Hello...
VulDBCVE-2025-4674CVE-2025-4674 Google Go cmd-go privilege escalation
A vulnerability, which was classified as problematic, has been found in Google Go up to 1.23.10/1.24.4. This vulnerability is handled as CVE-2025-4674. It is recommended to upgrade the affected component.
Linux SecuritySUSE: 2024:1587-1 moderate: go1.22 Security Advisory Updates | LinuxSecurity.com
SUSE: 2024:1587-1 moderate: go1.22 Security Advisory Updates - # Security update for go1.22 Announcement ID: SUSE-SU-2024:1587-1 Rating: moderate References: * bsc
CybersecurityNewsGolang Vulnerability Alert: Remote Code Execution & Infinite Loop DNS Lookup
The Go team has released patches for two significant vulnerabilities that could allow attackers to execute arbitrary code and cause service disruptions through infinite loops.