AlmaLinux issued two security errata for version 10 targeting the golang compiler and the base Linux kernel. The golang update holds a moderate severity rating, patches a net/textproto input injection flaw, and upgrades the toolchain to version 1.26.4. The kernel update carries an important severity rating and resolves nine separate vulnerabilities spanning network protocols, storage controllers, RDMA drivers, and KVM virtualization.

ALSA-2026:29980: golang security, bug fix, and enhancement update (Moderate)
ALSA-2026:30129: kernel security, bug fix, and enhancement update (Important)

ALSA-2026:29980: golang security, bug fix, and enhancement update (Moderate)

Hi,

You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.

AlmaLinux: 10
Type: Security
Severity: Moderate
Release date: 2026-06-27

Summary:

The golang packages provide the Go programming language compiler.

Security Fix(es):

* net/textproto: golang: Golang net/textproto: Misleading error messages via input injection (CVE-2026-42507)

Bug Fix(es) and Enhancement(s):

* Update Go to version 1.26.4+1 [almalinux-10.2.z] (JIRA:AlmaLinux-183347)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Full details, updated packages, references, and other related information: https://errata.almalinux.org/10/ALSA-2026-29980.html

This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.

Kind regards,
AlmaLinux Team

ALSA-2026:30129: kernel security, bug fix, and enhancement update (Important)

Hi,

You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.

AlmaLinux: 10
Type: Security
Severity: Important
Release date: 2026-06-27

Summary:

The kernel packages contain the Linux kernel, the core of any Linux operating system.

Security Fix(es):

* kernel: rxrpc: fix RESPONSE authenticator parser OOB read (CVE-2026-31636)
* kernel: ipv6: icmp: clear skb2->cb[] in ip6_err_gen_icmpv6_unreach() (CVE-2026-43038)
* kernel: tcp: fix potential race in tcp_v6_syn_recv_sock() (CVE-2026-43198)
* kernel: scsi: qla2xxx: Completely fix fcport double free (CVE-2026-43414)
* kernel: RDMA/iwcm: Fix workqueue list corruption by removing work_list (CVE-2026-45898)
* kernel: RDMA/mana: Remove user triggerable WARN_ON() in mana_ib_create_qp_rss() (CVE-2026-46117)
* kernel: RDMA/mana: Validate rx_hash_key_len (CVE-2026-46145)
* kernel: nvmet-tcp: fix race between ICReq handling and queue teardown (CVE-2026-46135)
* kernel: KVM: arm64: vgic-its: Drop the translation cache reference only for the erased entry (CVE-2026-46316)

Bug Fix(es) and Enhancement(s):

* Unexpected execmem SELinux denials after CVE-2026-46054 fix [rhel-10.2.z] (JIRA:RHEL-185117)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Full details, updated packages, references, and other related information: https://errata.almalinux.org/10/ALSA-2026-30129.html

This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.

Kind regards,
AlmaLinux Team