RLSA-2026:2706

Опубликовано: 17 фев. 2026

Источник: rocky

Оценка: Important

Описание

Important: golang security update

The golang packages provide the Go programming language compiler.

Security Fix(es):

golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip (CVE-2025-61728)
golang: net/url: Memory exhaustion in query parameter parsing in net/url (CVE-2025-61726)
cmd/cgo: Potential code smuggling via doc comments in cmd/cgo (CVE-2025-61732)
crypto/tls: Unexpected session resumption in crypto/tls (CVE-2025-68121)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Затронутые продукты

Rocky Linux 10

Наименование	Архитектура	Релиз	RPM
golang	x86_64	1.el10_1	golang-1.25.7-1.el10_1.x86_64.rpm
golang-misc	noarch	1.el10_1	golang-misc-1.25.7-1.el10_1.noarch.rpm
golang-bin	x86_64	1.el10_1	golang-bin-1.25.7-1.el10_1.x86_64.rpm
go-toolset	x86_64	1.el10_1	go-toolset-1.25.7-1.el10_1.x86_64.rpm
golang-docs	noarch	1.el10_1	golang-docs-1.25.7-1.el10_1.noarch.rpm
golang-race	x86_64	1.el10_1	golang-race-1.25.7-1.el10_1.x86_64.rpm
golang-tests	noarch	1.el10_1	golang-tests-1.25.7-1.el10_1.noarch.rpm
golang-src	noarch	1.el10_1	golang-src-1.25.7-1.el10_1.noarch.rpm