RLSA-2026:6949

Описание

Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang.

Security Fix(es):

• cmd/go: cmd/go: Arbitrary file write via malicious pkg-config directive (CVE-2025-61731)

• net/url: Incorrect parsing of IPv6 host literals in net/url (CVE-2026-25679)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.