CLSA-2026-1772124479

Update to Go 1.25.7
CVE-2025-61726: fixed DoS due to memory exhaustion flaw in net/url parameter parsing
CVE-2025-61732: fixed RCE via code smuggling flaw in cgo comment parsing
CVE-2025-68121: fixed security bypass in TLS where session resumption could ignore revoked or expired client certificates.
CVE-2025-61731: fixed arbitrary code execution vulnerability in the go command toolchain involving unsafe cgo configuration flags.
CVE-2025-68119: fixed arbitrary code execution risk when the go tool processes malicious version strings from external source control.
CVE-2025-61730: fixed minor information disclosure in TLS 1.3 during specific encrypted handshake message transitions.
CVE-2025-61727: fixed certificate validation bypass where specific wildcard domain constraints were not properly enforced by the security library.

References

https://errata.tuxcare.com/els_os/tuxcare9.6esu/CLSA-2026-1772124479.html

Affected packages

TuxCare:AlmaLinux:9.6

go-toolset

Package

Name: go-toolset
Purl: pkg:rpm/tuxcare/go-toolset?distro=almalinux-9.6

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.25.7-1.el9_6.tuxcare.els1

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/almalinux9.6esu/CLSA-2026-1772124479.json"

golang

Package

Name: golang
Purl: pkg:rpm/tuxcare/golang?distro=almalinux-9.6

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.25.7-1.el9_6.tuxcare.els1

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/almalinux9.6esu/CLSA-2026-1772124479.json"

golang-bin

Package

Name: golang-bin
Purl: pkg:rpm/tuxcare/golang-bin?distro=almalinux-9.6

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.25.7-1.el9_6.tuxcare.els1

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/almalinux9.6esu/CLSA-2026-1772124479.json"

golang-docs

Package

Name: golang-docs
Purl: pkg:rpm/tuxcare/golang-docs?distro=almalinux-9.6

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.25.7-1.el9_6.tuxcare.els1

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/almalinux9.6esu/CLSA-2026-1772124479.json"

golang-misc

Package

Name: golang-misc
Purl: pkg:rpm/tuxcare/golang-misc?distro=almalinux-9.6

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.25.7-1.el9_6.tuxcare.els1

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/almalinux9.6esu/CLSA-2026-1772124479.json"

golang-race

Package

Name: golang-race
Purl: pkg:rpm/tuxcare/golang-race?distro=almalinux-9.6

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.25.7-1.el9_6.tuxcare.els1

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/almalinux9.6esu/CLSA-2026-1772124479.json"

golang-src

Package

Name: golang-src
Purl: pkg:rpm/tuxcare/golang-src?distro=almalinux-9.6

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.25.7-1.el9_6.tuxcare.els1

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/almalinux9.6esu/CLSA-2026-1772124479.json"

golang-tests

Package

Name: golang-tests
Purl: pkg:rpm/tuxcare/golang-tests?distro=almalinux-9.6

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.25.7-1.el9_6.tuxcare.els1

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/almalinux9.6esu/CLSA-2026-1772124479.json"