ALSA-2026:2709

[ALSA-2026:2709] Important: golang security update

Type:

security

Severity:

important

Release date:

2026-02-17

Description:

The golang packages provide the Go programming language compiler.  

Security Fix(es):  

  * golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip (CVE-2025-61728)
  * golang: net/url: Memory exhaustion in query parameter parsing in net/url (CVE-2025-61726)
  * cmd/cgo: Potential code smuggling via doc comments in cmd/cgo (CVE-2025-61732)
  * crypto/tls: Unexpected session resumption in crypto/tls (CVE-2025-68121)


For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References:

Updated packages listed below:

Architecture	Package	Checksum
aarch64	golang-race-1.25.7-1.el9_7.aarch64.rpm	5379ecd99fbee6922b97270940b00b8623b9c2ab70ed7bba521c8d9b6d04b6eb
aarch64	go-toolset-1.25.7-1.el9_7.aarch64.rpm	8baa0f147894d99b4ffbf1c9e5d6261b8a87a97beb209213842107fb9785554e
aarch64	golang-1.25.7-1.el9_7.aarch64.rpm	b0a7dc6fc38c010d720e738ede760eeac9546d343033a90431679152e6e3de02
aarch64	golang-bin-1.25.7-1.el9_7.aarch64.rpm	cb18a06ad7109d6417427f3dd09540db1b9a32f45ba9a4e0bd2bf3dcb008748f
noarch	golang-docs-1.25.7-1.el9_7.noarch.rpm	686ac35cb0130236e1ba9f065e7fa2a21533ae475237498d0c222af295a5fe47
noarch	golang-tests-1.25.7-1.el9_7.noarch.rpm	7cb785edbb4f7d6eafc3e43e383b7d6bc925cd055c5bec99cedb8be289c830f7
noarch	golang-src-1.25.7-1.el9_7.noarch.rpm	b3ea6240252afc4aa1cd8e39e5e65f40e80fb4df1ced744cd5d613572c0b0049
noarch	golang-misc-1.25.7-1.el9_7.noarch.rpm	c12eaeb220c75cd9ace3ccca24d26329389573e2fbaf8cf5533b296b5bbd81f5
ppc64le	golang-race-1.25.7-1.el9_7.ppc64le.rpm	6e75ca9795b058c55cb421489f027cc50375bd3a70db25cce634b397aba8f3d8
ppc64le	golang-1.25.7-1.el9_7.ppc64le.rpm	84dbdc55e266ccf89f174978b935d76930acb68452045534e3479e2fd2f5314c
ppc64le	go-toolset-1.25.7-1.el9_7.ppc64le.rpm	85c0ec87cbcbf1acfd2d5e38cc2aa959581a2d649e25f92c539402f4ab853c14
ppc64le	golang-bin-1.25.7-1.el9_7.ppc64le.rpm	c74900383f67ed4b6a9f3ea046af3b096ca28d2932accee1102cb6aaf2203219
s390x	golang-bin-1.25.7-1.el9_7.s390x.rpm	0f4c4efb1d4f2f28558b9bfab408612280d91a79811904965a19215c7fb12b9a
s390x	golang-1.25.7-1.el9_7.s390x.rpm	29abda12b7dab9e3065c1f4eea450cd1b111c82ec80e21e855b8ed9d08edfd55
s390x	go-toolset-1.25.7-1.el9_7.s390x.rpm	33ff3c4f2edec3885e2363b10d7cc5f83d1fc3941d1441ce4d6b25ee4b3c7bf4
s390x	golang-race-1.25.7-1.el9_7.s390x.rpm	60184f3a6af270f2670d5b2c7ac10bc69557138c6b0cfe60d11199d6c2a840a6
x86_64	golang-race-1.25.7-1.el9_7.x86_64.rpm	3a82cc284c7a6656c7d5cb7956be76cb93b5625107118176f382a60057474933
x86_64	go-toolset-1.25.7-1.el9_7.x86_64.rpm	ae3c658c0ded9a686a89b465d8c577269626277a39b0d2729f420c20f8a0726a
x86_64	golang-1.25.7-1.el9_7.x86_64.rpm	bf27759843a9e13da29a4f604aec966174b6ce8c24dfd76fecb2e0a9270705c8
x86_64	golang-bin-1.25.7-1.el9_7.x86_64.rpm	ec8948c98c36c74e0fb7d65739a0a84df0c9126b493060adaae229ff9863a511

Notes:

This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.