ALAS-2025-913

Amazon Linux 2023 Security Advisory: ALAS-2025-913
Advisory Release Date: 2025-03-26 20:44 Pacific
Advisory Updated Date: 2025-04-01 11:34 Pacific
Severity: Medium
Issue Overview:

NOTE: https://groups.google.com/g/golang-announce/c/4t3lzH3I0eI/m/b42ImqrBAQAJ
NOTE: https://github.com/golang/go/issues/71984
NOTE: Fixed by: https://github.com/golang/go/commit/334de7982f8ec959c74470dd709ceedfd6dbd50a (go1.24.1)
NOTE: Fixed by: https://github.com/golang/go/commit/25177ecde0922c50753c043579d17828b7ee88e7 (go1.23.7) (CVE-2025-22870)


Affected Packages:

golang


Issue Correction:
Run dnf update golang --releasever 2023.7.20250331 to update your system.

New Packages:
aarch64:
    golang-bin-1.24.1-1.amzn2023.0.1.aarch64
    golang-1.24.1-1.amzn2023.0.1.aarch64
    golang-shared-1.24.1-1.amzn2023.0.1.aarch64

noarch:
    golang-misc-1.24.1-1.amzn2023.0.1.noarch
    golang-docs-1.24.1-1.amzn2023.0.1.noarch
    golang-src-1.24.1-1.amzn2023.0.1.noarch
    golang-tests-1.24.1-1.amzn2023.0.1.noarch

src:
    golang-1.24.1-1.amzn2023.0.1.src

x86_64:
    golang-bin-1.24.1-1.amzn2023.0.1.x86_64
    golang-1.24.1-1.amzn2023.0.1.x86_64
    golang-shared-1.24.1-1.amzn2023.0.1.x86_64

Additional References

Release Notes:  Amazon Linux 2023 Release Notes

Red Hat: CVE-2025-22870

Mitre: CVE-2025-22870