The AlmaLinux team has released two security updates: one for golang and another for GIMP, both classified as Important. The golang update addresses four vulnerabilities that could allow an attacker to perform excessive CPU consumption, memory exhaustion, code smuggling, or unexpected session resumption. The GIMP update fixes a heap-based buffer overflow vulnerability in the program that could be exploited by specially crafted PSP files (CVE-2025-15059).

ALSA-2026:2709: golang security update (Important)
ALSA-2026:2707: gimp security update (Important)

ALSA-2026:2709: golang security update (Important)

Hi,

You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.

AlmaLinux: 9
Type: Security
Severity: Important
Release date: 2026-02-17

Summary:

The golang packages provide the Go programming language compiler.

Security Fix(es):

* golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip (CVE-2025-61728)
* golang: net/url: Memory exhaustion in query parameter parsing in net/url (CVE-2025-61726)
* cmd/cgo: Potential code smuggling via doc comments in cmd/cgo (CVE-2025-61732)
* crypto/tls: Unexpected session resumption in crypto/tls (CVE-2025-68121)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Full details, updated packages, references, and other related information: https://errata.almalinux.org/9/ALSA-2026-2709.html

This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.

Kind regards,
AlmaLinux Team

ALSA-2026:2707: gimp security update (Important)

Hi,

You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.

AlmaLinux: 9
Type: Security
Severity: Important
Release date: 2026-02-17

Summary:

The GIMP (GNU Image Manipulation Program) is an image composition and editing program. GIMP provides a large image manipulation toolbox, including channel operations and layers, effects, sub-pixel imaging and anti-aliasing, and conversions, all with multi-level undo.

Security Fix(es):

* gimp: heap-based buffer overflow via specially crafted PSP file (CVE-2025-15059)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Full details, updated packages, references, and other related information: https://errata.almalinux.org/9/ALSA-2026-2707.html

This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.

Kind regards,
AlmaLinux Team