ALSA-2026:5942

[ALSA-2026:5942] Important: golang security update

Type:

security

Severity:

important

Release date:

2026-03-27

Description:

The golang packages provide the Go programming language compiler.  

Security Fix(es):  

  * cmd/go: cmd/go: Arbitrary file write via malicious pkg-config directive (CVE-2025-61731)
  * net/url: Incorrect parsing of IPv6 host literals in net/url (CVE-2026-25679)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References:

Updated packages listed below:

Architecture	Package	Checksum
aarch64	go-toolset-1.25.8-1.el9_7.aarch64.rpm	2447a76531d9c5614eef7790d391bc0368ed5fcc2c9875f81d2b6d2f22949c70
aarch64	golang-bin-1.25.8-1.el9_7.aarch64.rpm	80cf3d96e9f35f261ae77409471450aa938f1da1a014ce8efd8a96bd6fffad45
aarch64	golang-race-1.25.8-1.el9_7.aarch64.rpm	bb9778067cbb81932cc9fba6d88e8c9d0844103a7ec86415b36a3a0a5133cfaf
aarch64	golang-1.25.8-1.el9_7.aarch64.rpm	f27906828c2d2954b6053dec0f0eb634210ed81a4fb152848c7aaabfe0e18261
noarch	golang-src-1.25.8-1.el9_7.noarch.rpm	45a4c4bc4bafc9f3cc030f532a49bb2916cf525a2f90fccb9034a0bf674e380f
noarch	golang-misc-1.25.8-1.el9_7.noarch.rpm	5a5c777474a1afe08ff05fdba78bd9e029acb30f5f712ae99a1b70f0bc26f617
noarch	golang-tests-1.25.8-1.el9_7.noarch.rpm	8396ecbeb0978e795a5ebd4033fcb83709360f0802ba4b3b9ebe8bb782727fdb
noarch	golang-docs-1.25.8-1.el9_7.noarch.rpm	bcb2fec225ae078b804b886ab40ac56bd8ff2885fa27ceda5e0887a8624c81ca
ppc64le	golang-bin-1.25.8-1.el9_7.ppc64le.rpm	0fa8cbc63f34b0f7cdee8981680dddcf3a5eb805df8824293a41f343b410e0ac
ppc64le	go-toolset-1.25.8-1.el9_7.ppc64le.rpm	2f2810aaabb6048d3ec9d6d64c4c343cf9268a27bf37e41959be2183e9a9194b
ppc64le	golang-race-1.25.8-1.el9_7.ppc64le.rpm	6a171955a843a46a8fc5cebff552c66c326011c7b69e5aa6b38aabbcf4a5f7e3
ppc64le	golang-1.25.8-1.el9_7.ppc64le.rpm	cce61aa097cbe16b361d85d2ec8349ce9521abe02baf2311bac68ab261f5f3a9
s390x	golang-race-1.25.8-1.el9_7.s390x.rpm	3aacd69a3d2aee0804aa89b1457993f5fc656646568299346325f57f2dc25438
s390x	golang-bin-1.25.8-1.el9_7.s390x.rpm	a02c3a660bd8deb92031524287d879b1bb301d07c7ea4d24b32cb57a360bdf5d
s390x	golang-1.25.8-1.el9_7.s390x.rpm	cc770a6ee6d925931e560a464a5db75ad1761a22f6d763d9d00596cbfba12af1
s390x	go-toolset-1.25.8-1.el9_7.s390x.rpm	e2baace2a5386ac2729333b4e170f23e5e0f6d1e162dbc10eeb680d5f43cc91c
x86_64	golang-bin-1.25.8-1.el9_7.x86_64.rpm	6e9b9fccfacc5e34b2e28a84059d916f21b298cf2fac547311dba520aebcaef2
x86_64	golang-race-1.25.8-1.el9_7.x86_64.rpm	85e4474e48b24883fa3c95e9c13b5c1c79fa28e82858dd2944c95af56489cee2
x86_64	golang-1.25.8-1.el9_7.x86_64.rpm	ab1df21d9d402ecd331ec78056d05d3169194682ac034c041b062ab123f3ff1f
x86_64	go-toolset-1.25.8-1.el9_7.x86_64.rpm	d2ac1acbff8ad1aca634176d37ed89d846935ab58b16c368dd87018080fb4bd0

Notes:

This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.