[ALSA-2026:37435] Important: golang security, bug fix, and enhancement update
Type:
security
Severity:
important
Release date:
2026-07-13
Description:
The golang packages provide the Go programming language compiler. Security Fix(es): * golang.org/x/net/idna: golang: golang.org/x/net/idna: Privilege escalation via incorrect Punycode label processing (CVE-2026-39821) * os: golang: Go os.Root: Symlink following vulnerability allows directory traversal (CVE-2026-39822) Bug Fix(es) and Enhancement(s): * Update Go to version 1.26.5+1 [almalinux-9.8.z] (JIRA:AlmaLinux-193476) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Updated packages listed below:
Architecture Package Checksum
aarch64 golang-race-1.26.5-1.el9_8.aarch64.rpm 248251b1377acfd2ef6df13098dee8cebe1b89c4ac172498ad8dedbe292afd58
aarch64 go-toolset-1.26.5-1.el9_8.aarch64.rpm 52eb1a78866a77a3023fc48fec84592bda118c6cbbeb5ace34da13f4a8acc4c7
aarch64 golang-1.26.5-1.el9_8.aarch64.rpm 8c38e89a0fc7d60407492885d8e58ca577605b646607e6f07f5f98536c02c3ef
aarch64 golang-bin-1.26.5-1.el9_8.aarch64.rpm fbcae7ecd8244a0ec55716504ab5f6918bdaffb667073662ddcb0758511718a9
noarch golang-misc-1.26.5-1.el9_8.noarch.rpm 1b0cbee9a35a7b9c8ca6a706b29e919de7b40cfefc3905814997aaf1f191b47c
noarch golang-src-1.26.5-1.el9_8.noarch.rpm 8c9194ab73cd3e8966a44f7ed9332e5eb88c0fbc7b1fe0092a748d3d1f8772c0
noarch golang-tests-1.26.5-1.el9_8.noarch.rpm acf98e39d416ff38b57a2190f23f2bfb43b7a3ee35e7fd1dd39433ea4f24992f
noarch golang-docs-1.26.5-1.el9_8.noarch.rpm f15ecea52d7dfe2a6228d2a9b4c75c71e1e51f9ab50ea0ac0d4d004026d64a36
ppc64le golang-1.26.5-1.el9_8.ppc64le.rpm 3b7ee771345fcde2a76595348ff1a7074c9dc893dbe2adaad81100c94938da22
ppc64le go-toolset-1.26.5-1.el9_8.ppc64le.rpm 83e7419f5a66b78f6ffbe6e759b64ac7e79bf9a10de0910ea519183a8e7f6be1
ppc64le golang-bin-1.26.5-1.el9_8.ppc64le.rpm a534af2f30837d2d0138233b283e416aa66f0055641c36d72ae086e465a66b1e
ppc64le golang-race-1.26.5-1.el9_8.ppc64le.rpm b68a9bfadeb8161f593b256d431699a0e653684ac0e0721aeb51fb35ebec452a
s390x golang-race-1.26.5-1.el9_8.s390x.rpm 19fd474f8740b8fb948db5b2e0401cb02f704e5f629e7a42225dbd7f4cb61a28
s390x golang-1.26.5-1.el9_8.s390x.rpm 92e4d07a1aa3afd6a4a07ddd21245c3761c68baa8773b6469e7f18cd349bbb5a
s390x golang-bin-1.26.5-1.el9_8.s390x.rpm 9b6d279e7ffd559254b6b145650a560a34bef676625ef2bf933a3689fbee0883
s390x go-toolset-1.26.5-1.el9_8.s390x.rpm aa9a0b57c8366a963654c66750a1795c5b89211dd4829f21ed9d5554aee187d3
x86_64 golang-bin-1.26.5-1.el9_8.x86_64.rpm 03e3d972b1361bd57891355e4c3a57070a7cf3581b80ff2a8540a796bd5ca248
x86_64 golang-1.26.5-1.el9_8.x86_64.rpm 4733eb14d134fbd998bd68e625f384a037ffdca111d09ba8107ae3a86878bdfe
x86_64 golang-race-1.26.5-1.el9_8.x86_64.rpm 8f9d3ef413a52aef4b6ce6050c73564b10bf4e995a7e8b3b0432f8c2407c2a5b
x86_64 go-toolset-1.26.5-1.el9_8.x86_64.rpm af98712f74d083aac00e7a92d6e3b7a8216076a521b35b89d8cd246d70f2590e
Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.