摘要:
golang security update
安全等级: High
公告ID: KylinSec-SA-2025-2867
发布日期: 2025年9月12日
关联CVE: CVE-2025-47907 CVE-2025-47906
.
Security Fix(es):
A vulnerability was found in Google Go up to 1.23.11/1.24.5 (Programming Language Software). It has been declared as problematic.The manipulation of the argument PATH with an unknown input leads to a unknown weakness.As an impact it is known to affect integrity.Upgrading to version 1.23.12 or 1.24.6 eliminates this vulnerability.(CVE-2025-47906)
Cancelling a query (e.g. by cancelling the context passed to one of the query methods) during a call to the Scan method of the returned Rows can result in unexpected results if other queries are being made in parallel. This can result in a race condition that may overwrite the expected results with those of another query, causing the call to Scan to return either unexpected results from the other query or an error.(CVE-2025-47907)
| cve名称 | 产品 | 组件 | 是否受影响 |
|---|---|---|---|
| CVE-2025-47907 | KY3.4-5A | golang | Fixed |
| CVE-2025-47906 | KY3.4-5A | golang | Fixed |
| 软件名称 | 架构 | 版本号 |
|---|---|---|
| golang-devel | noarch | 1.15.7-53.ky3_4.kb1 |
| golang-help | noarch | 1.15.7-53.ky3_4.kb1 |
| golang | x86_64 | 1.15.7-53.ky3_4.kb1 |
| golang | aarch64 | 1.15.7-53.ky3_4.kb1 |
方法一:下载安装包进行升级安装
1、通过下载链接下载需要升级的升级包保存,如 xxx.rpm
2、通过rpm命令升级,如 rpm -Uvh xxx.rpm
方法二:通过软件源进行升级安装
1、保持能够连接上互联网
2、通过yum命令升级指定的包,如 yum install 包名
