ALSA-2026:2706

[ALSA-2026:2706] Important: golang security update

Type:

security

Severity:

important

Release date:

2026-02-18

Description:

The golang packages provide the Go programming language compiler.  

Security Fix(es):  

  * golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip (CVE-2025-61728)
  * golang: net/url: Memory exhaustion in query parameter parsing in net/url (CVE-2025-61726)
  * cmd/cgo: Potential code smuggling via doc comments in cmd/cgo (CVE-2025-61732)
  * crypto/tls: Unexpected session resumption in crypto/tls (CVE-2025-68121)


For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References:

Updated packages listed below:

Architecture	Package	Checksum
noarch	golang-src-1.25.7-1.el10_1.alma.1.noarch.rpm	4b5afc307bfde16dc9cbc4d0971ced774ed4ce330dad233ce21d128636e025d9
noarch	golang-tests-1.25.7-1.el10_1.alma.1.noarch.rpm	4e6afd2590d8c4f9f6ade0bca5023b891ce3175a7741bb8010c0699466da21b2
noarch	golang-docs-1.25.7-1.el10_1.alma.1.noarch.rpm	734b7815d74807e1730a117c8eb955496b60f3fedf7e90661e19123a0754f251
noarch	golang-misc-1.25.7-1.el10_1.alma.1.noarch.rpm	ad061ff590c39bb5d6c81dc1a35873e12de344049aa3891863376ddf14556ceb

Notes:

This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.