ALSA-2026:2706

[ALSA-2026:2706] Important: golang security update

Type:

security

Severity:

important

Release date:

2026-02-18

Description:

The golang packages provide the Go programming language compiler.  

Security Fix(es):  

  * golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip (CVE-2025-61728)
  * golang: net/url: Memory exhaustion in query parameter parsing in net/url (CVE-2025-61726)
  * cmd/cgo: Potential code smuggling via doc comments in cmd/cgo (CVE-2025-61732)
  * crypto/tls: Unexpected session resumption in crypto/tls (CVE-2025-68121)


For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References:

Updated packages listed below:

Architecture	Package	Checksum
aarch64	golang-1.25.7-1.el10_1.alma.1.aarch64.rpm	526fc41a8d587c40314e5be2fc0acdd3d0d412bd46d7d8e42905f0fb5f1b6d12
aarch64	go-toolset-1.25.7-1.el10_1.alma.1.aarch64.rpm	b1b14cbbf93dc69953d749a41e8264e470ad63740aacf2c904cb003b486fea01
aarch64	golang-race-1.25.7-1.el10_1.alma.1.aarch64.rpm	d0a1d69edfe14c1cc11bcf727bf1d78b2f8605a7b7356947997cde5d22edbf0a
aarch64	golang-bin-1.25.7-1.el10_1.alma.1.aarch64.rpm	f50864e64bdcdf72cd649e62570627906938a081391abd14e8a14fd705a8c6c2
noarch	golang-src-1.25.7-1.el10_1.alma.1.noarch.rpm	4b5afc307bfde16dc9cbc4d0971ced774ed4ce330dad233ce21d128636e025d9
noarch	golang-tests-1.25.7-1.el10_1.alma.1.noarch.rpm	4e6afd2590d8c4f9f6ade0bca5023b891ce3175a7741bb8010c0699466da21b2
noarch	golang-docs-1.25.7-1.el10_1.alma.1.noarch.rpm	734b7815d74807e1730a117c8eb955496b60f3fedf7e90661e19123a0754f251
noarch	golang-misc-1.25.7-1.el10_1.alma.1.noarch.rpm	ad061ff590c39bb5d6c81dc1a35873e12de344049aa3891863376ddf14556ceb
ppc64le	golang-bin-1.25.7-1.el10_1.alma.1.ppc64le.rpm	0d628ea8b4b948320e66f284b4cf9672499842fa0937bf91fd27e022b00da29b
ppc64le	go-toolset-1.25.7-1.el10_1.alma.1.ppc64le.rpm	3340d09e6af30ac2d86252be889fae02baf25dadacb96ef2d5151b1c59c757ee
ppc64le	golang-race-1.25.7-1.el10_1.alma.1.ppc64le.rpm	604cf208b5ab26ade9cc3c3222ce13eef29718367d61b870129e7ca184a8abec
ppc64le	golang-1.25.7-1.el10_1.alma.1.ppc64le.rpm	833bfc0e5022d1fc0052464d3c08a16fd69cbb9ebc7fc9535c546a115826913a
s390x	golang-1.25.7-1.el10_1.alma.1.s390x.rpm	8dc9ec4bfb1c4d1881b0c176bd183bf54f17ff4e3b7dcac4bedf55cb2866e683
s390x	golang-race-1.25.7-1.el10_1.alma.1.s390x.rpm	9c0cf6e1d719d8936a6bebf858852e719df56c7125da4847b9b3a910566ee2b6
s390x	go-toolset-1.25.7-1.el10_1.alma.1.s390x.rpm	c6409d3ca2dc9bb5d7ffdfc127aeb150d5c26edca1bdd159e0cc5466643474ed
s390x	golang-bin-1.25.7-1.el10_1.alma.1.s390x.rpm	e7fb9b035009bda8aeba0d0ab32fefcd4c819d813dfa263a9eec5c7b261dcacc
x86_64	golang-1.25.7-1.el10_1.alma.1.x86_64.rpm	5c6254111d2dbd0be1af5dd02ffeb190413e4963a749a76db9e64417f24d8baf
x86_64	golang-race-1.25.7-1.el10_1.alma.1.x86_64.rpm	9cc2969007348a1ab9c5859e4e9ca11851c8ff4dbe5b89cdc43d8dbd43a511b0
x86_64	golang-bin-1.25.7-1.el10_1.alma.1.x86_64.rpm	d3adbeea4688f90ab258cf7d790ccd054b73d5f86599ca121a6368202c9a2740
x86_64	go-toolset-1.25.7-1.el10_1.alma.1.x86_64.rpm	f33602aaeb47f04bddf023e691466cd19d8c0573c9af7c7bb717a4d47b2ee0c9
x86_64_v2	golang-race-1.25.7-1.el10_1.alma.1.x86_64_v2.rpm	22b157c712c657a4f2266d864e87fa674daf02d070551452dc8aa8bcd67a6260
x86_64_v2	go-toolset-1.25.7-1.el10_1.alma.1.x86_64_v2.rpm	c259c8eb3bf91c58806f8e20325e74178d301c7d18c34406a9ff67fac4d7ea14
x86_64_v2	golang-bin-1.25.7-1.el10_1.alma.1.x86_64_v2.rpm	ca04ed4e21aca4c73f389d2a68553d1f0e46774c2e53fe76f160e067ecc7ef8f
x86_64_v2	golang-1.25.7-1.el10_1.alma.1.x86_64_v2.rpm	dbe41c43260613fc352922da5adf3b7523b1cd532cb68e90f889ac7a96ebaa07

Notes:

This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.