Release date:
2026-03-02 10:30:03 UTC
Description:
- Update to Go 1.25.7
- CVE-2025-61726: fixed DoS due to memory exhaustion flaw in net/url parameter
parsing
- CVE-2025-61732: fixed RCE via code smuggling flaw in cgo comment parsing
- CVE-2025-68121: fixed security bypass in TLS where session resumption
could ignore revoked or expired client certificates.
- CVE-2025-61731: fixed arbitrary code execution vulnerability in the go
command toolchain involving unsafe cgo configuration flags.
- CVE-2025-68119: fixed arbitrary code execution risk when the go tool
processes malicious version strings from external source control.
- CVE-2025-61730: fixed minor information disclosure in TLS 1.3 during
specific encrypted handshake message transitions.
- CVE-2025-61727: fixed certificate validation bypass where specific wildcard
domain constraints were not properly enforced by the security library.
Updated packages:
-
go-toolset-1.25.7-1.el9_6.tuxcare.els1.x86_64.rpm
sha:4ab01b249bf504bef87a2e5058459dd3d27ac00823fa2a277e277d6454d60be2
-
golang-1.25.7-1.el9_6.tuxcare.els1.x86_64.rpm
sha:3030f353dfa7a5855d7c257cde650a2fb06cc7695cd4f81f5a87cce8d30fbec8
-
golang-bin-1.25.7-1.el9_6.tuxcare.els1.x86_64.rpm
sha:5eaa2df0a2163b4f2421988b2241256986eb3fa70dec44ec90761941f2662818
-
golang-docs-1.25.7-1.el9_6.tuxcare.els1.noarch.rpm
sha:706203379287d58ce253cdcfa733ffeed0da23ad54d9eb7ad05364aacff325a6
-
golang-misc-1.25.7-1.el9_6.tuxcare.els1.noarch.rpm
sha:e2c6df8a71868e53765a86befa15a6136f1521dc04a8bcc2f0351485702fe70e
-
golang-race-1.25.7-1.el9_6.tuxcare.els1.x86_64.rpm
sha:a4f167abf92ae199e2d642338e3f6a972ada60117e26fb5f7d571fdf1dd1bfa1
-
golang-src-1.25.7-1.el9_6.tuxcare.els1.noarch.rpm
sha:2432f19264dc542947756b6a9f7bc351ec90ef3befd01b0c99af2937584c77bb
-
golang-tests-1.25.7-1.el9_6.tuxcare.els1.noarch.rpm
sha:8ec60f921832875ff139deea7d11154f1b77097bef4829f584abc47def083fd8
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.
