34456 – golang new security issue CVE-2025-4674

Bug 34456 - golang new security issue CVE-2025-4674

Summary: golang new security issue CVE-2025-4674

Status:	RESOLVED FIXED

Alias:	None

Product:	Mageia
Classification:	Unclassified
Component:	Security (show other bugs)
Version:	9
Hardware:	All Linux

Priority:	Normal Severity: normal
Target Milestone:	---
Assignee:	QA Team
QA Contact:	Sec team

URL:
Whiteboard:	MGA9-64-OK,MGA9-32-OK
Keywords:	advisory, validated_update

Depends on:
Blocks:

Reported:	2025-07-09 08:37 CEST by Nicolas Salguero
Modified:	2025-10-08 14:18 CEST (History)
CC List:	2 users (show)

See Also:
Source RPM:	golang-1.24.4-1.mga9
CVE:	CVE-2025-4674
Status comment:	Fixed upstream in 1.24.5

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Nicolas Salguero 2025-07-09 08:37:42 CEST

CVE-2025-4674 was announced here:
https://www.openwall.com/lists/oss-security/2025/07/08/5

Nicolas Salguero 2025-07-09 08:38:38 CEST

Status comment: (none) => Fixed upstream in 1.24.5
CVE: (none) => CVE-2025-4674
Source RPM: (none) => golang-1.24.4-1.mga10.src.rpm, golang-1.24.4-1.mga9.src.rpm
Whiteboard: (none) => MGA9TOO

katnatek 2025-07-09 20:18:41 CEST

Assignee: bugsquad => j.alberto.vc

Comment 1 katnatek 2025-07-10 01:45:52 CEST

RPMS:

golang-1.24.5-1.mga9
golang-bin-1.24.5-1.mga9
golang-docs-1.24.5-1.mga9
golang-misc-1.24.5-1.mga9
golang-shared-1.24.5-1.mga9
golang-src-1.24.5-1.mga9
golang-tests-1.24.5-1.mga9


SRPM:
golang-1.24.5-1.mga9

Assignee: j.alberto.vc => qa-bugs
Whiteboard: MGA9TOO => (none)
Source RPM: golang-1.24.4-1.mga10.src.rpm, golang-1.24.4-1.mga9.src.rpm => golang-1.24.4-1.mga9
Version: Cauldron => 9

Comment 2 katnatek 2025-07-10 03:32:28 CEST

Used the updated packages in mageia 9 & cauldron to build the current version of docker in cauldron & mageia 9 

Looks good to me

CC: (none) => andrewsfarm
Whiteboard: (none) => MGA9-64-OK,MGA9-32-OK

katnatek 2025-07-10 03:40:03 CEST

Keywords: (none) => advisory

Comment 3 Thomas Andrews 2025-07-10 15:36:57 CEST

Validating.

Keywords: (none) => validated_update
CC: (none) => sysadmin-bugs

Comment 4 Mageia Robot 2025-07-11 20:53:26 CEST

An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2025-0205.html

Resolution: (none) => FIXED
Status: NEW => RESOLVED

Comment 5 spammer 2025-10-08 12:56:35 CEST Comment hidden (spam)

The Mageia Updates repository now provides an update for this problem.  https://advisories.mageia.org/MGASA-2025-0205.html https://geometrydash-2.bitbucket.io

CC: (none) => traumasmart29

Nicolas Salguero 2025-10-08 14:18:52 CEST

CC: traumasmart29 => (none)

Note You need to log in before you can comment on or make changes to this bug.