ALSA-2026:5941

[ALSA-2026:5941] Important: golang security update

Type:

security

Severity:

important

Release date:

2026-03-27

Description:

The golang packages provide the Go programming language compiler.  

Security Fix(es):  

  * cmd/go: cmd/go: Arbitrary file write via malicious pkg-config directive (CVE-2025-61731)
  * net/url: Incorrect parsing of IPv6 host literals in net/url (CVE-2026-25679)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References:

Updated packages listed below:

Architecture	Package	Checksum
aarch64	golang-bin-1.25.8-1.el10_1.alma.1.aarch64.rpm	3d9344adbedbdf2a40746d4c67d579f3a5de8cef9db4a7f788781e898372d8d2
aarch64	golang-race-1.25.8-1.el10_1.alma.1.aarch64.rpm	6d51f7c4c4af5a85fed172af058ea5eb885f1e49a9d6b4e901e4f211e2d6eb87
aarch64	go-toolset-1.25.8-1.el10_1.alma.1.aarch64.rpm	7e935a6b88a4b6d324e39350c28a0943740659c91f79cfe7c4f7b0df86335478
aarch64	golang-1.25.8-1.el10_1.alma.1.aarch64.rpm	ee431711bc2c0c92562925847ebe510ba2bf34eca73d083c67b982f5a41dfbc0
noarch	golang-docs-1.25.8-1.el10_1.alma.1.noarch.rpm	712a1bc6c79530469646ab5c19daed54251df6f52b50b0eac5e3ff7e23e48f79
noarch	golang-src-1.25.8-1.el10_1.alma.1.noarch.rpm	b3656e0345edce7875e56f300e4e3520479708c506ccb4f26757c1dc32820493
noarch	golang-tests-1.25.8-1.el10_1.alma.1.noarch.rpm	c2aa7ba310ddf090bc3daca79fe7e89f4ef5088e11b77b0a9663442ca7f02470
noarch	golang-misc-1.25.8-1.el10_1.alma.1.noarch.rpm	c79d7f1dc907c2f8999a7be5fa5dbc77eb84fdd1789ecfd8b337e4ea8f0eabc6
ppc64le	golang-bin-1.25.8-1.el10_1.alma.1.ppc64le.rpm	08f735ff520cfb38906d06070b470317c4a867ea378466b5d990349561bc2052
ppc64le	go-toolset-1.25.8-1.el10_1.alma.1.ppc64le.rpm	66552d0f364a28348920a77cd822b53474f41c30641b2a678d4f3879e7f0f67d
ppc64le	golang-1.25.8-1.el10_1.alma.1.ppc64le.rpm	83fd48a6af862cd3cc1a0cb4877d8844f291bfade146cc651b75b7f7efff5c11
ppc64le	golang-race-1.25.8-1.el10_1.alma.1.ppc64le.rpm	b9ff4273951378c14b72818951dbf8e900b67265ec666f787b4135586f146f44
s390x	golang-bin-1.25.8-1.el10_1.alma.1.s390x.rpm	02ec697060308e06f8a901317cfc5d20f6abe35421783b58a8b08a71a45c6ea1
s390x	golang-1.25.8-1.el10_1.alma.1.s390x.rpm	66cffe443d7f101c816d43f89f47fc38743fd07d58d7b6709cc6774b0f453159
s390x	go-toolset-1.25.8-1.el10_1.alma.1.s390x.rpm	810ec236706d791bbab60e52a343e154f64b796903f9bc92932136f11c4ba749
s390x	golang-race-1.25.8-1.el10_1.alma.1.s390x.rpm	e842129e8aec9b06b58b6587199874d49c09ec0fa77fbc27d929b11466f75d48
x86_64	golang-race-1.25.8-1.el10_1.alma.1.x86_64.rpm	0f13bd2c8e5470b1e78342621f206d64d9b8dda17499a659a7a20e9b2cfa3512
x86_64	go-toolset-1.25.8-1.el10_1.alma.1.x86_64.rpm	37ec6639ca47555a61f7efec9148d30afbb633897dac5ff48b56fb9801dab0d6
x86_64	golang-bin-1.25.8-1.el10_1.alma.1.x86_64.rpm	5065ac67092de9f8024c1cdcee0d917a25fa379584c7a098cf449724d0432095
x86_64	golang-1.25.8-1.el10_1.alma.1.x86_64.rpm	ae01e04cc2d78dbaab47e668ab4af1cc21a0695d66990746e95667c214a22728
x86_64_v2	golang-1.25.8-1.el10_1.alma.1.x86_64_v2.rpm	0955d7b64635ec50348f9f7fd62f1c38a3ae45ab8135a5976fb56318d3275f54
x86_64_v2	golang-race-1.25.8-1.el10_1.alma.1.x86_64_v2.rpm	1eb5577a9b3240debaf3234dabb7bf530e57d67ff8d53ea93ae8b6ae5f658c70
x86_64_v2	go-toolset-1.25.8-1.el10_1.alma.1.x86_64_v2.rpm	6614c8f6a16a7dc07996ac428c2d6ab49d93b4b8b98c6c4f003ddfb4df288bf9
x86_64_v2	golang-bin-1.25.8-1.el10_1.alma.1.x86_64_v2.rpm	c30fa3991a0d0cce3f2e6dc89b8f30463bbb4531d6cc73bef78f5834d668deaa

Notes:

This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.