CVEs Fix (#1526)

* CVE-2025-22868

* Upgrade go module to 1.24.6

* Telegraf dalec upgrade test

* Telegraf upgrade 1.36.1 local

* rexml vul fix

* uninstaall rexml

* telegraf official image changes

* go build fix

Author: suyadav1

kubernetes/linux/setup.sh

@@ -37,6 +37,9 @@ rm -rf /usr/lib/ruby/gems/3.3.0/gems/rdoc-6.6.3.1
 # remove net-imap gem as it has a known CVE (CVE-2025-43857) and is not used by the agent
 gem uninstall net-imap --force
 
+# remove rexml gem as it has a known CVE (CVE-2025-58767) and is not used by the agent
+gem uninstall rexml --force
+
 sudo tdnf install -y azure-mdsd-1.37.0
 cp -f $TMPDIR/mdsd.xml /etc/mdsd.d
 cp -f $TMPDIR/envmdsd /etc/mdsd.d
@@ -59,7 +62,7 @@ sudo tdnf install jq-1.7.1-1.azl3 -y
 #used to setcaps for ruby process to read /proc/env
 sudo tdnf install libcap -y
 
-sudo tdnf install telegraf-agent-1.34.3 -y
+sudo tdnf install telegraf-agent-1.36.1 -y
 telegraf_version=$(sudo tdnf list installed | grep telegraf | awk '{print $2}')
 echo "telegraf $telegraf_version" >> packages_version.txt
 mv /usr/bin/telegraf-agent /opt/telegraf

source/plugins/go/input/go.mod

@@ -1,6 +1,6 @@
 module Docker-Provider/source/plugins/go/input
 
-go 1.23.8
+go 1.24.6
 
 require github.com/calyptia/plugin v1.0.2
 

source/plugins/go/src/go.mod

@@ -1,6 +1,6 @@
 module Docker-Provider/source/plugins/go/src
 
-go 1.23.8
+go 1.24.6
 
 require (
 	github.com/Microsoft/go-winio v0.6.1
@@ -38,7 +38,6 @@ require (
 	github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
 	github.com/philhofer/fwd v1.1.2 // indirect
 	golang.org/x/net v0.38.0 // indirect
-	golang.org/x/oauth2 v0.19.0 // indirect
 	golang.org/x/sys v0.31.0 // indirect
 	golang.org/x/term v0.30.0 // indirect
 	golang.org/x/text v0.23.0 // indirect
@@ -53,6 +52,7 @@ require (
 	github.com/pmezard/go-difflib v1.0.0 // indirect
 	github.com/rogpeppe/go-internal v1.12.0 // indirect
 	golang.org/x/mod v0.17.0 // indirect
+	golang.org/x/oauth2 v0.27.0 // indirect
 	golang.org/x/sync v0.12.0 // indirect
 	golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d // indirect
 	google.golang.org/protobuf v1.33.0 // indirect

source/plugins/go/src/go.sum

@@ -115,8 +115,8 @@ golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwY
 golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM=
 golang.org/x/net v0.38.0 h1:vRMAPTMaeGqVhG5QyLJHqNDwecKTomGeqbnfZyKlBI8=
 golang.org/x/net v0.38.0/go.mod h1:ivrbrMbzFq5J41QOQh0siUuly180yBYtLp+CKbEaFx8=
-golang.org/x/oauth2 v0.19.0 h1:9+E/EZBCbTLNrbN35fHv/a/d/mOBatymz1zbtQrXpIg=
-golang.org/x/oauth2 v0.19.0/go.mod h1:vYi7skDa1x015PmRRYZ7+s1cWyPgrPiSYRe4rnsexc8=
+golang.org/x/oauth2 v0.27.0 h1:da9Vo7/tDv5RH/7nZDz1eMGS/q1Vv1N/7FCrBhI9I3M=
+golang.org/x/oauth2 v0.27.0/go.mod h1:onh5ek6nERTohokkhCD/y2cV4Do3fxFHFuAejCkRWT8=
 golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=

source/plugins/go/src/oms.go

@@ -421,7 +421,7 @@ func createLogger() *log.Logger {
 		logfile, err = os.OpenFile(logPath, os.O_APPEND|os.O_WRONLY, 0600)
 		if err != nil {
 			SendException(err.Error())
-			fmt.Printf(err.Error())
+			fmt.Print(err.Error())
 		}
 	}
 
@@ -430,7 +430,7 @@ func createLogger() *log.Logger {
 		logfile, err = os.Create(logPath)
 		if err != nil {
 			SendException(err.Error())
-			fmt.Printf(err.Error())
+			fmt.Print(err.Error())
 		}
 	}
 
@@ -2314,7 +2314,7 @@ func InitializePlugin(pluginConfPath string, agentVersion string) {
 	ret, err := InitializeTelemetryClient(agentVersion)
 	if ret != 0 || err != nil {
 		message := fmt.Sprintf("Error During Telemetry Initialization :%s", err.Error())
-		fmt.Printf(message)
+		fmt.Print(message)
 		Log(message)
 	}