An important security update for AlmaLinux 8 has been released, addressing four vulnerabilities in the Go Toolset. The issues include excessive CPU consumption when building archive index, memory exhaustion while parsing query parameters, potential code smuggling via doc comments, and unexpected session resumption. These problems have been fixed with new updates available on the AlmaLinux website.

ALSA-2026:2708: go-toolset:rhel8 security update (Important)

ALSA-2026:2708: go-toolset:rhel8 security update (Important)

Hi,

You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.

AlmaLinux: 8
Type: Security
Severity: Important
Release date: 2026-02-16

Summary:

Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang.

Security Fix(es):

* golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip (CVE-2025-61728)
* golang: net/url: Memory exhaustion in query parameter parsing in net/url (CVE-2025-61726)
* cmd/cgo: Potential code smuggling via doc comments in cmd/cgo (CVE-2025-61732)
* crypto/tls: Unexpected session resumption in crypto/tls (CVE-2025-68121)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Full details, updated packages, references, and other related information: https://errata.almalinux.org/8/ALSA-2026-2708.html

This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.

Kind regards,
AlmaLinux Team