AlmaLinux has recently issued two significant security updates for its go-toolset and delve/golang packages, aimed at addressing vulnerabilities in the Go programming language. The updates are categorized as follows:
1. ALSA-2025:3772: This update pertains to the go-toolset, classified as a moderate severity security update. It was released on April 10, 2025, and addresses two critical security issues:
- CVE-2024-45341: A vulnerability in the crypto/x509 package where the use of IPv6 zone IDs may bypass URI name constraints.
- CVE-2024-45336: An issue in the net/http package where sensitive headers could be inadvertently sent after a cross-domain redirect.
For further details, users can refer to the official CVE pages linked in the notification.
2. ALSA-2025:3773: This important update concerns delve and golang, also released on April 10, 2025. The key security fix included in this update is:
- CVE-2024-34156: A vulnerability in the encoding/gob package that could lead to a panic due to stack exhaustion when calling Decoder.Decode on messages with deeply nested structures.
Both updates are crucial for maintaining the security and integrity of applications built with Go on AlmaLinux. Users are encouraged to review the updates and apply them as necessary.
For more information or to manage notification settings, users can visit the AlmaLinux community chat or the mailing list management page.
Extension: As software security continues to be a critical focus for developers and organizations, it is essential for users of AlmaLinux to stay informed about such updates. Regularly applying security patches not only mitigates risks associated with vulnerabilities but also ensures compliance with best practices in software development. Moreover, users should consider engaging with the AlmaLinux community for discussions on security practices, troubleshooting, and optimizing the use of Go and its toolset. Keeping abreast of updates and participating in community forums can enhance overall software security and performance
1. ALSA-2025:3772: This update pertains to the go-toolset, classified as a moderate severity security update. It was released on April 10, 2025, and addresses two critical security issues:
- CVE-2024-45341: A vulnerability in the crypto/x509 package where the use of IPv6 zone IDs may bypass URI name constraints.
- CVE-2024-45336: An issue in the net/http package where sensitive headers could be inadvertently sent after a cross-domain redirect.
For further details, users can refer to the official CVE pages linked in the notification.
2. ALSA-2025:3773: This important update concerns delve and golang, also released on April 10, 2025. The key security fix included in this update is:
- CVE-2024-34156: A vulnerability in the encoding/gob package that could lead to a panic due to stack exhaustion when calling Decoder.Decode on messages with deeply nested structures.
Both updates are crucial for maintaining the security and integrity of applications built with Go on AlmaLinux. Users are encouraged to review the updates and apply them as necessary.
For more information or to manage notification settings, users can visit the AlmaLinux community chat or the mailing list management page.
Extension: As software security continues to be a critical focus for developers and organizations, it is essential for users of AlmaLinux to stay informed about such updates. Regularly applying security patches not only mitigates risks associated with vulnerabilities but also ensures compliance with best practices in software development. Moreover, users should consider engaging with the AlmaLinux community for discussions on security practices, troubleshooting, and optimizing the use of Go and its toolset. Keeping abreast of updates and participating in community forums can enhance overall software security and performance
Go-Toolset and Delve Golang updates for AlmaLinux
AlmaLinux has been updated with two security patches for go-toolset and delve/golang:
ALSA-2025:3772: go-toolset:rhel8 security update (Moderate)
ALSA-2025:3773: delve and golang security update (Important)Go-Toolset and Delve Golang updates for AlmaLinux @ Linux Compatible
