Red Hat Product Errata RHSA-2026:5942 - Security Advisory
Issued:
2026-03-26
Updated:
2026-03-26

RHSA-2026:5942 - Security Advisory

Synopsis

Important: golang security update

Type/Severity

Security Advisory: Important

Red Hat Lightspeed patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for golang is now available for Red Hat Enterprise Linux 9.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The golang packages provide the Go programming language compiler.

Security Fix(es):

  • cmd/go: cmd/go: Arbitrary file write via malicious pkg-config directive (CVE-2025-61731)
  • net/url: Incorrect parsing of IPv6 host literals in net/url (CVE-2026-25679)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat Enterprise Linux for x86_64 9 x86_64
  • Red Hat Enterprise Linux for IBM z Systems 9 s390x
  • Red Hat Enterprise Linux for Power, little endian 9 ppc64le
  • Red Hat Enterprise Linux for ARM 64 9 aarch64

Fixes

  • BZ - 2434433 - CVE-2025-61731 cmd/go: cmd/go: Arbitrary file write via malicious pkg-config directive
  • BZ - 2445356 - CVE-2026-25679 net/url: Incorrect parsing of IPv6 host literals in net/url

Red Hat Enterprise Linux for x86_64 9

SRPM
golang-1.25.8-1.el9_7.src.rpm SHA-256: 94039ae48deab0610cf3eb87d1a492def881c41eb8e04ab6acee602f82c59a59
x86_64
go-toolset-1.25.8-1.el9_7.x86_64.rpm SHA-256: c6e82869e0ae2b36495bab58afa7df20642661de324e32dd98003f51a023410f
golang-1.25.8-1.el9_7.x86_64.rpm SHA-256: f8d452f6bf69543bcded24cf5ef05790ce78ebc101959756ab31b7d7f62c30fe
golang-bin-1.25.8-1.el9_7.x86_64.rpm SHA-256: 72c41054c6d08259f912bfc9f8a089a77da96212915ec2e6b5303fdc9a46cb6b
golang-docs-1.25.8-1.el9_7.noarch.rpm SHA-256: b4b926cd709ed3e2018b9e24d9b8c565fdd61cf89301e3b980cffc0bcb429817
golang-misc-1.25.8-1.el9_7.noarch.rpm SHA-256: 257898b8c958bd0e2806d36b55ce50b7915326f01fcbf1a9b91bdb1ba69ec8f3
golang-race-1.25.8-1.el9_7.x86_64.rpm SHA-256: d18f5ce921eb7ddbed3bf3b36230c5f2512ff9fcfa09d9e6bca3f69c3063761c
golang-src-1.25.8-1.el9_7.noarch.rpm SHA-256: 8c2cb1d68e2672326170c0f8f0b0c57dc283c56312f0b72ac9810ac358348d6d
golang-tests-1.25.8-1.el9_7.noarch.rpm SHA-256: 8214cd18dee4204075196e6a71d62cc6bea3328fa92273e7520dda3102ff6223

Red Hat Enterprise Linux for IBM z Systems 9

SRPM
golang-1.25.8-1.el9_7.src.rpm SHA-256: 94039ae48deab0610cf3eb87d1a492def881c41eb8e04ab6acee602f82c59a59
s390x
go-toolset-1.25.8-1.el9_7.s390x.rpm SHA-256: ee1fd6170c172281d5fdd9858404148bdc3ec16f0a867117fceccd2dcc887ff7
golang-1.25.8-1.el9_7.s390x.rpm SHA-256: 98b4a2def0f1d000d7c088772c602a3732a2d8489fb451d2029743567bc7d92e
golang-bin-1.25.8-1.el9_7.s390x.rpm SHA-256: 0c67c0a1bdd5f66bb142aef7fe8bff362c15e8ef3410edb84232752f21809a79
golang-docs-1.25.8-1.el9_7.noarch.rpm SHA-256: b4b926cd709ed3e2018b9e24d9b8c565fdd61cf89301e3b980cffc0bcb429817
golang-misc-1.25.8-1.el9_7.noarch.rpm SHA-256: 257898b8c958bd0e2806d36b55ce50b7915326f01fcbf1a9b91bdb1ba69ec8f3
golang-race-1.25.8-1.el9_7.s390x.rpm SHA-256: 3f52a51f05f1d223ad686f6aaf517eb1729f983ffda23757e6de0768c66a4730
golang-src-1.25.8-1.el9_7.noarch.rpm SHA-256: 8c2cb1d68e2672326170c0f8f0b0c57dc283c56312f0b72ac9810ac358348d6d
golang-tests-1.25.8-1.el9_7.noarch.rpm SHA-256: 8214cd18dee4204075196e6a71d62cc6bea3328fa92273e7520dda3102ff6223

Red Hat Enterprise Linux for Power, little endian 9

SRPM
golang-1.25.8-1.el9_7.src.rpm SHA-256: 94039ae48deab0610cf3eb87d1a492def881c41eb8e04ab6acee602f82c59a59
ppc64le
go-toolset-1.25.8-1.el9_7.ppc64le.rpm SHA-256: 20c959f8316c1917ea03b559f8bff2f5a80feecf9caf88bc7928ad23d4fac630
golang-1.25.8-1.el9_7.ppc64le.rpm SHA-256: 2d5b072e40f51fb85fb2e7144056a0095d3f4aba1cf673c2b3933853f74c49ae
golang-bin-1.25.8-1.el9_7.ppc64le.rpm SHA-256: 592abaeda68bc1034ac66cb62821bbfe5a9ec1be7beb5adb8fa82f10194c5319
golang-docs-1.25.8-1.el9_7.noarch.rpm SHA-256: b4b926cd709ed3e2018b9e24d9b8c565fdd61cf89301e3b980cffc0bcb429817
golang-misc-1.25.8-1.el9_7.noarch.rpm SHA-256: 257898b8c958bd0e2806d36b55ce50b7915326f01fcbf1a9b91bdb1ba69ec8f3
golang-race-1.25.8-1.el9_7.ppc64le.rpm SHA-256: 6ea7be39e4973556394466e37287e0da893942fbf0b7f6b13cbb68e10bdef15c
golang-src-1.25.8-1.el9_7.noarch.rpm SHA-256: 8c2cb1d68e2672326170c0f8f0b0c57dc283c56312f0b72ac9810ac358348d6d
golang-tests-1.25.8-1.el9_7.noarch.rpm SHA-256: 8214cd18dee4204075196e6a71d62cc6bea3328fa92273e7520dda3102ff6223

Red Hat Enterprise Linux for ARM 64 9

SRPM
golang-1.25.8-1.el9_7.src.rpm SHA-256: 94039ae48deab0610cf3eb87d1a492def881c41eb8e04ab6acee602f82c59a59
aarch64
go-toolset-1.25.8-1.el9_7.aarch64.rpm SHA-256: ca2a02ed516c4d81d85c6c3e611eb564b1ea2de19b1d0edff49089c8b8ce7ed1
golang-1.25.8-1.el9_7.aarch64.rpm SHA-256: c96eba3d1dd82e1e44b5ccdc8a91529595ab63d078cdb2d838afd2f623547ad5
golang-bin-1.25.8-1.el9_7.aarch64.rpm SHA-256: d8a464cbfb4affc7be90a25fea1ddacfe716e03001e6afba187e6f86f9e0534e
golang-docs-1.25.8-1.el9_7.noarch.rpm SHA-256: b4b926cd709ed3e2018b9e24d9b8c565fdd61cf89301e3b980cffc0bcb429817
golang-misc-1.25.8-1.el9_7.noarch.rpm SHA-256: 257898b8c958bd0e2806d36b55ce50b7915326f01fcbf1a9b91bdb1ba69ec8f3
golang-race-1.25.8-1.el9_7.aarch64.rpm SHA-256: 3c69537324b8875e86da43b228c4c118fb34042ed415ab1c5e40cd9986aaaeaf
golang-src-1.25.8-1.el9_7.noarch.rpm SHA-256: 8c2cb1d68e2672326170c0f8f0b0c57dc283c56312f0b72ac9810ac358348d6d
golang-tests-1.25.8-1.el9_7.noarch.rpm SHA-256: 8214cd18dee4204075196e6a71d62cc6bea3328fa92273e7520dda3102ff6223

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.