Golang and Delve updates for Fedora

Fedora Linux 9201 Published by

Fedora Linux has released several security updates to enhance the system's protection and stability. The latest security patches include updates for golang-github-google-wire, delve, and golang-github-googlecloudplatform-cloudsql-proxy in Fedora 42. In addition, updates have been made available for delve and golang-github-googlecloudplatform-cloudsql-proxy in Fedora 43.

Fedora 42 Update: golang-github-google-wire-0.6.0-14.fc42
Fedora 42 Update: delve-1.26.0-1.fc42
Fedora 42 Update: golang-github-googlecloudplatform-cloudsql-proxy-1.31.2-9.fc42
Fedora 43 Update: delve-1.26.0-1.fc43
Fedora 43 Update: golang-github-googlecloudplatform-cloudsql-proxy-1.31.2-11.fc43




[SECURITY] Fedora 42 Update: golang-github-google-wire-0.6.0-14.fc42


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-f8e5522ee0
2026-01-01 01:07:37.402506+00:00
--------------------------------------------------------------------------------

Name : golang-github-google-wire
Product : Fedora 42
Version : 0.6.0
Release : 14.fc42
URL : https://github.com/google/wire
Summary : Compile-time Dependency Injection for Go
Description :

Wire is a code generation tool that automates connecting components using
dependency injection. Dependencies between components are represented in Wire as
function parameters, encouraging explicit initialization instead of global
variables. Because Wire operates without runtime state or reflection, code
written to be used with Wire is useful even for hand-written initialization.

--------------------------------------------------------------------------------
Update Information:

Rebuilt for CVE-2025-47906
--------------------------------------------------------------------------------
ChangeLog:

* Tue Dec 23 2025 W. Michael Petullo [mike@flyn.org] - 0.6.0-14
- Rebuilt for CVE-2025-47906
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2399416 - CVE-2025-47906 golang-github-google-wire: Unexpected paths returned from LookPath in os/exec [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2399416
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-f8e5522ee0' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--



[SECURITY] Fedora 42 Update: delve-1.26.0-1.fc42


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-6d4139dafe
2026-01-01 01:07:37.402497+00:00
--------------------------------------------------------------------------------

Name : delve
Product : Fedora 42
Version : 1.26.0
Release : 1.fc42
URL : https://github.com/go-delve/delve
Summary : A debugger for the Go programming language
Description :

Delve is a debugger for the Go programming language. The goal of the project
is to provide a simple, full featured debugging tool for Go. Delve should be
easy to invoke and easy to use. Chances are if you're using a debugger, things
aren't going your way. With that in mind, Delve should stay out of your way as
much as possible.

--------------------------------------------------------------------------------
Update Information:

Support for Go 1.26 and security fixes. Upstream release notes.
--------------------------------------------------------------------------------
ChangeLog:

* Fri Dec 19 2025 Packit [hello@packit.dev] - 1.26.0-1
- Update to 1.26.0 upstream release
* Fri Oct 10 2025 Alejandro S??ez [asm@redhat.com] - 1.25.2-2
- rebuild
* Wed Aug 27 2025 Packit [hello@packit.dev] - 1.25.2-1
- Update to 1.25.2 upstream release
- Resolves: rhbz#2391351
* Fri Aug 15 2025 Maxwell G [maxwell@gtmx.me] - 1.25.1-5
- Rebuild for golang-1.25.0
* Fri Aug 15 2025 Maxwell G [maxwell@gtmx.me] - 1.25.1-4
- Revert "Rebuild for golang-1.25.0"
* Fri Aug 15 2025 Maxwell G [maxwell@gtmx.me] - 1.25.1-3
- Rebuild for golang-1.25.0
* Wed Jul 23 2025 Fedora Release Engineering [releng@fedoraproject.org] - 1.25.1-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2399350 - CVE-2025-47906 delve: Unexpected paths returned from LookPath in os/exec [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2399350
[ 2 ] Bug #2407876 - CVE-2025-58189 delve: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2407876
[ 3 ] Bug #2408153 - CVE-2025-58189 delve: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2408153
[ 4 ] Bug #2409344 - CVE-2025-61723 delve: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2409344
[ 5 ] Bug #2409623 - CVE-2025-61723 delve: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2409623
[ 6 ] Bug #2410295 - CVE-2025-58185 delve: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2410295
[ 7 ] Bug #2410574 - CVE-2025-58185 delve: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2410574
[ 8 ] Bug #2411208 - CVE-2025-58188 delve: Panic when validating certificates with DSA public keys in crypto/x509 [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2411208
[ 9 ] Bug #2411472 - CVE-2025-58188 delve: Panic when validating certificates with DSA public keys in crypto/x509 [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2411472
[ 10 ] Bug #2423981 - delve-1.26.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2423981
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-6d4139dafe' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------



[SECURITY] Fedora 42 Update: golang-github-googlecloudplatform-cloudsql-proxy-1.31.2-9.fc42


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-582e97b7b4
2026-01-01 01:07:37.402503+00:00
--------------------------------------------------------------------------------

Name : golang-github-googlecloudplatform-cloudsql-proxy
Product : Fedora 42
Version : 1.31.2
Release : 9.fc42
URL : https://github.com/GoogleCloudPlatform/cloudsql-proxy
Summary : Cloud SQL proxy client and Go library
Description :
The Cloud SQL Proxy allows a user with the appropriate permissions to connect
to a Second Generation Cloud SQL database without having to deal with IP
whitelisting or SSL certificates manually. It works by opening unix/tcp
sockets on the local machine and proxying connections to the associated
Cloud SQL instances when the sockets are used.

--------------------------------------------------------------------------------
Update Information:

Rebuilt for CVEs
--------------------------------------------------------------------------------
ChangeLog:

* Tue Dec 23 2025 W. Michael Petullo [mike@flyn.org] - 1.31.2-9
- Rebuilt for CVEs
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2398740 - CVE-2025-47910 golang-github-googlecloudplatform-cloudsql-proxy: CrossOriginProtection bypass in net/http [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2398740
[ 2 ] Bug #2399418 - CVE-2025-47906 golang-github-googlecloudplatform-cloudsql-proxy: Unexpected paths returned from LookPath in os/exec [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2399418
[ 3 ] Bug #2407942 - CVE-2025-58189 golang-github-googlecloudplatform-cloudsql-proxy: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2407942
[ 4 ] Bug #2409412 - CVE-2025-61723 golang-github-googlecloudplatform-cloudsql-proxy: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2409412
[ 5 ] Bug #2410363 - CVE-2025-58185 golang-github-googlecloudplatform-cloudsql-proxy: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2410363
[ 6 ] Bug #2411263 - CVE-2025-58188 golang-github-googlecloudplatform-cloudsql-proxy: Panic when validating certificates with DSA public keys in crypto/x509 [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2411263
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-582e97b7b4' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--



[SECURITY] Fedora 43 Update: delve-1.26.0-1.fc43


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-3591ae9dd3
2026-01-01 00:51:10.908299+00:00
--------------------------------------------------------------------------------

Name : delve
Product : Fedora 43
Version : 1.26.0
Release : 1.fc43
URL : https://github.com/go-delve/delve
Summary : A debugger for the Go programming language
Description :

Delve is a debugger for the Go programming language. The goal of the project
is to provide a simple, full featured debugging tool for Go. Delve should be
easy to invoke and easy to use. Chances are if you're using a debugger, things
aren't going your way. With that in mind, Delve should stay out of your way as
much as possible.

--------------------------------------------------------------------------------
Update Information:

Support for Go 1.26 and security fixes. Upstream release notes.
--------------------------------------------------------------------------------
ChangeLog:

* Fri Dec 19 2025 Packit [hello@packit.dev] - 1.26.0-1
- Update to 1.26.0 upstream release
* Fri Oct 10 2025 Alejandro S??ez [asm@redhat.com] - 1.25.2-2
- rebuild
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2399350 - CVE-2025-47906 delve: Unexpected paths returned from LookPath in os/exec [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2399350
[ 2 ] Bug #2407876 - CVE-2025-58189 delve: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2407876
[ 3 ] Bug #2408153 - CVE-2025-58189 delve: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2408153
[ 4 ] Bug #2409344 - CVE-2025-61723 delve: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2409344
[ 5 ] Bug #2409623 - CVE-2025-61723 delve: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2409623
[ 6 ] Bug #2410295 - CVE-2025-58185 delve: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2410295
[ 7 ] Bug #2410574 - CVE-2025-58185 delve: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2410574
[ 8 ] Bug #2411208 - CVE-2025-58188 delve: Panic when validating certificates with DSA public keys in crypto/x509 [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2411208
[ 9 ] Bug #2411472 - CVE-2025-58188 delve: Panic when validating certificates with DSA public keys in crypto/x509 [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2411472
[ 10 ] Bug #2423981 - delve-1.26.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2423981
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-3591ae9dd3' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------



[SECURITY] Fedora 43 Update: golang-github-googlecloudplatform-cloudsql-proxy-1.31.2-11.fc43


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-5906618a59
2026-01-01 00:51:10.908309+00:00
--------------------------------------------------------------------------------

Name : golang-github-googlecloudplatform-cloudsql-proxy
Product : Fedora 43
Version : 1.31.2
Release : 11.fc43
URL : https://github.com/GoogleCloudPlatform/cloudsql-proxy
Summary : Cloud SQL proxy client and Go library
Description :
The Cloud SQL Proxy allows a user with the appropriate permissions to connect
to a Second Generation Cloud SQL database without having to deal with IP
whitelisting or SSL certificates manually. It works by opening unix/tcp
sockets on the local machine and proxying connections to the associated
Cloud SQL instances when the sockets are used.

--------------------------------------------------------------------------------
Update Information:

Rebuilt for CVEs
--------------------------------------------------------------------------------
ChangeLog:

* Tue Dec 23 2025 W. Michael Petullo [mike@flyn.org] - 1.31.2-11
- Rebuilt for CVEs
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2408217 - CVE-2025-58189 golang-github-googlecloudplatform-cloudsql-proxy: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2408217
[ 2 ] Bug #2409687 - CVE-2025-61723 golang-github-googlecloudplatform-cloudsql-proxy: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2409687
[ 3 ] Bug #2410640 - CVE-2025-58185 golang-github-googlecloudplatform-cloudsql-proxy: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2410640
[ 4 ] Bug #2411536 - CVE-2025-58188 golang-github-googlecloudplatform-cloudsql-proxy: Panic when validating certificates with DSA public keys in crypto/x509 [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2411536
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-5906618a59' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--


Archinstall 3.0.15 released

Podman update for SUSE

Windows

Linux

macOS

Community

  • SeveG
    need some help here... situationPC= Packard BellOS= win1 ...
  • dhamu
    Hello Phil, I have a Linux Tutorial website that curre ...
  • StephanX
    Hi friends, i am new in the Linux universe but i try to ...