{"id":"CLSA-2026-1772124479","summary":"golang: Fix of 7 CVEs","details":"- Update to Go 1.25.7\n- CVE-2025-61726: fixed DoS due to memory exhaustion flaw in net/url parameter\n  parsing\n- CVE-2025-61732: fixed RCE via code smuggling flaw in cgo comment parsing\n- CVE-2025-68121: fixed security bypass in TLS where session resumption\n  could ignore revoked or expired client certificates.\n- CVE-2025-61731: fixed arbitrary code execution vulnerability in the go\n  command toolchain involving unsafe cgo configuration flags.\n- CVE-2025-68119: fixed arbitrary code execution risk when the go tool\n  processes malicious version strings from external source control.\n- CVE-2025-61730: fixed minor information disclosure in TLS 1.3 during\n  specific encrypted handshake message transitions.\n- CVE-2025-61727: fixed certificate validation bypass where specific wildcard\n  domain constraints were not properly enforced by the security library.","modified":"2026-05-27T11:17:48.731729719Z","published":"2026-03-02T10:30:03Z","upstream":["CVE-2025-61726","CVE-2025-61732","CVE-2025-68121","CVE-2025-61731","CVE-2025-68119","CVE-2025-61730","CVE-2025-61727"],"references":[{"type":"ADVISORY","url":"https://errata.tuxcare.com/els_os/tuxcare9.6esu/CLSA-2026-1772124479.html"}],"affected":[{"package":{"name":"go-toolset","ecosystem":"TuxCare:AlmaLinux:9.6","purl":"pkg:rpm/tuxcare/go-toolset?distro=almalinux-9.6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.25.7-1.el9_6.tuxcare.els1"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/almalinux9.6esu/CLSA-2026-1772124479.json"}},{"package":{"name":"golang","ecosystem":"TuxCare:AlmaLinux:9.6","purl":"pkg:rpm/tuxcare/golang?distro=almalinux-9.6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.25.7-1.el9_6.tuxcare.els1"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/almalinux9.6esu/CLSA-2026-1772124479.json"}},{"package":{"name":"golang-bin","ecosystem":"TuxCare:AlmaLinux:9.6","purl":"pkg:rpm/tuxcare/golang-bin?distro=almalinux-9.6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.25.7-1.el9_6.tuxcare.els1"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/almalinux9.6esu/CLSA-2026-1772124479.json"}},{"package":{"name":"golang-docs","ecosystem":"TuxCare:AlmaLinux:9.6","purl":"pkg:rpm/tuxcare/golang-docs?distro=almalinux-9.6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.25.7-1.el9_6.tuxcare.els1"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/almalinux9.6esu/CLSA-2026-1772124479.json"}},{"package":{"name":"golang-misc","ecosystem":"TuxCare:AlmaLinux:9.6","purl":"pkg:rpm/tuxcare/golang-misc?distro=almalinux-9.6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.25.7-1.el9_6.tuxcare.els1"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/almalinux9.6esu/CLSA-2026-1772124479.json"}},{"package":{"name":"golang-race","ecosystem":"TuxCare:AlmaLinux:9.6","purl":"pkg:rpm/tuxcare/golang-race?distro=almalinux-9.6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.25.7-1.el9_6.tuxcare.els1"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/almalinux9.6esu/CLSA-2026-1772124479.json"}},{"package":{"name":"golang-src","ecosystem":"TuxCare:AlmaLinux:9.6","purl":"pkg:rpm/tuxcare/golang-src?distro=almalinux-9.6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.25.7-1.el9_6.tuxcare.els1"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/almalinux9.6esu/CLSA-2026-1772124479.json"}},{"package":{"name":"golang-tests","ecosystem":"TuxCare:AlmaLinux:9.6","purl":"pkg:rpm/tuxcare/golang-tests?distro=almalinux-9.6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.25.7-1.el9_6.tuxcare.els1"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/almalinux9.6esu/CLSA-2026-1772124479.json"}}],"schema_version":"1.7.5"}