[ALSA-2026:5941] Important: golang security update
Type:
security
Severity:
important
Release date:
2026-03-27
Description:
The golang packages provide the Go programming language compiler. Security Fix(es): * cmd/go: cmd/go: Arbitrary file write via malicious pkg-config directive (CVE-2025-61731) * net/url: Incorrect parsing of IPv6 host literals in net/url (CVE-2026-25679) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
References:
Updated packages listed below:
Architecture Package Checksum
noarch golang-docs-1.25.8-1.el10_1.alma.1.noarch.rpm 712a1bc6c79530469646ab5c19daed54251df6f52b50b0eac5e3ff7e23e48f79
noarch golang-src-1.25.8-1.el10_1.alma.1.noarch.rpm b3656e0345edce7875e56f300e4e3520479708c506ccb4f26757c1dc32820493
noarch golang-tests-1.25.8-1.el10_1.alma.1.noarch.rpm c2aa7ba310ddf090bc3daca79fe7e89f4ef5088e11b77b0a9663442ca7f02470
noarch golang-misc-1.25.8-1.el10_1.alma.1.noarch.rpm c79d7f1dc907c2f8999a7be5fa5dbc77eb84fdd1789ecfd8b337e4ea8f0eabc6
Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.