Red Hat Product Errata RHSA-2026:7834 - Security Advisory
Issued:
2026-04-13
Updated:
2026-04-13

RHSA-2026:7834 - Security Advisory

Synopsis

Important: golang security update

Type/Severity

Security Advisory: Important

Red Hat Lightspeed patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for golang is now available for Red Hat Enterprise Linux 9.4 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The golang packages provide the Go programming language compiler.

Security Fix(es):

  • cmd/go: cmd/go: Arbitrary file write via malicious pkg-config directive (CVE-2025-61731)
  • net/url: Incorrect parsing of IPv6 host literals in net/url (CVE-2026-25679)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.4 x86_64
  • Red Hat Enterprise Linux Server - AUS 9.4 x86_64
  • Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.4 s390x
  • Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.4 ppc64le
  • Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.4 aarch64
  • Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.4 ppc64le
  • Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.4 x86_64
  • Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.4 aarch64
  • Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.4 s390x
  • Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 9.4 x86_64
  • Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 9.4 aarch64
  • Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 9.4 ppc64le
  • Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 9.4 s390x

Fixes

  • BZ - 2434433 - CVE-2025-61731 cmd/go: cmd/go: Arbitrary file write via malicious pkg-config directive
  • BZ - 2445356 - CVE-2026-25679 net/url: Incorrect parsing of IPv6 host literals in net/url

Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.4

SRPM
golang-1.21.13-15.el9_4.src.rpm SHA-256: 96e15f0e0b3689429331121ef26dac4be794ab7f6267cf2e15afded9fc70a6f6
x86_64
go-toolset-1.21.13-15.el9_4.x86_64.rpm SHA-256: 4fd5c4c70e7f6cddbf987d5616082580426503663c5335671e2fb131bd61354e
golang-1.21.13-15.el9_4.x86_64.rpm SHA-256: c2be4fd5c4e83b171fd3ab51175dc80c466095d548415b7265a749d5ce78eb22
golang-bin-1.21.13-15.el9_4.x86_64.rpm SHA-256: c0a830412334621d9d6910e8c5f69ac743340284771a7711ec4b0a6c4133207a
golang-docs-1.21.13-15.el9_4.noarch.rpm SHA-256: dd85ee22aa81a896dabd02e069ac004b8bff5c50f71d9f9680b1c156b88b14b2
golang-misc-1.21.13-15.el9_4.noarch.rpm SHA-256: 03fb7ae174ad0ac8929fefdd33e81d61086ca41605ae709152ad93810a1955b1
golang-src-1.21.13-15.el9_4.noarch.rpm SHA-256: f8f0f75eef61acded8c12c1154f14ef435c3878ec18e8454b7fbe48805ad5f93
golang-tests-1.21.13-15.el9_4.noarch.rpm SHA-256: 382578dcc7602fb2b7a605a56a2c294ffa77fb4f13e4685c28b18f0bbd80c39e

Red Hat Enterprise Linux Server - AUS 9.4

SRPM
golang-1.21.13-15.el9_4.src.rpm SHA-256: 96e15f0e0b3689429331121ef26dac4be794ab7f6267cf2e15afded9fc70a6f6
x86_64
go-toolset-1.21.13-15.el9_4.x86_64.rpm SHA-256: 4fd5c4c70e7f6cddbf987d5616082580426503663c5335671e2fb131bd61354e
golang-1.21.13-15.el9_4.x86_64.rpm SHA-256: c2be4fd5c4e83b171fd3ab51175dc80c466095d548415b7265a749d5ce78eb22
golang-bin-1.21.13-15.el9_4.x86_64.rpm SHA-256: c0a830412334621d9d6910e8c5f69ac743340284771a7711ec4b0a6c4133207a
golang-docs-1.21.13-15.el9_4.noarch.rpm SHA-256: dd85ee22aa81a896dabd02e069ac004b8bff5c50f71d9f9680b1c156b88b14b2
golang-misc-1.21.13-15.el9_4.noarch.rpm SHA-256: 03fb7ae174ad0ac8929fefdd33e81d61086ca41605ae709152ad93810a1955b1
golang-src-1.21.13-15.el9_4.noarch.rpm SHA-256: f8f0f75eef61acded8c12c1154f14ef435c3878ec18e8454b7fbe48805ad5f93
golang-tests-1.21.13-15.el9_4.noarch.rpm SHA-256: 382578dcc7602fb2b7a605a56a2c294ffa77fb4f13e4685c28b18f0bbd80c39e

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.4

SRPM
golang-1.21.13-15.el9_4.src.rpm SHA-256: 96e15f0e0b3689429331121ef26dac4be794ab7f6267cf2e15afded9fc70a6f6
s390x
go-toolset-1.21.13-15.el9_4.s390x.rpm SHA-256: b05feec4970b267b337c9cd6667d32da98d8aeeac6b594a45dd2937a07b6ac65
golang-1.21.13-15.el9_4.s390x.rpm SHA-256: 2f7ebe3d728243c59069b3eda29dce4865bf954ad77862ccf65cf9b977e51c0d
golang-bin-1.21.13-15.el9_4.s390x.rpm SHA-256: f68da8363fa0855f077f8d303da6eead79dd04a1b43dd650f1d21ed6068b8d26
golang-docs-1.21.13-15.el9_4.noarch.rpm SHA-256: dd85ee22aa81a896dabd02e069ac004b8bff5c50f71d9f9680b1c156b88b14b2
golang-misc-1.21.13-15.el9_4.noarch.rpm SHA-256: 03fb7ae174ad0ac8929fefdd33e81d61086ca41605ae709152ad93810a1955b1
golang-src-1.21.13-15.el9_4.noarch.rpm SHA-256: f8f0f75eef61acded8c12c1154f14ef435c3878ec18e8454b7fbe48805ad5f93
golang-tests-1.21.13-15.el9_4.noarch.rpm SHA-256: 382578dcc7602fb2b7a605a56a2c294ffa77fb4f13e4685c28b18f0bbd80c39e

Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.4

SRPM
golang-1.21.13-15.el9_4.src.rpm SHA-256: 96e15f0e0b3689429331121ef26dac4be794ab7f6267cf2e15afded9fc70a6f6
ppc64le
go-toolset-1.21.13-15.el9_4.ppc64le.rpm SHA-256: ac9c3fe5f93348842a54c114523b545bbcfdd5463bce8ca89d52dc98336d1954
golang-1.21.13-15.el9_4.ppc64le.rpm SHA-256: 9285f420485cf252b94607ecc8277490ffe67bff4158fc848eb0bb2cc21082ff
golang-bin-1.21.13-15.el9_4.ppc64le.rpm SHA-256: 95a32b4576eef6333fb735fcb437ee3ccd25f855717de3f09ef4bc1adee1d6e7
golang-docs-1.21.13-15.el9_4.noarch.rpm SHA-256: dd85ee22aa81a896dabd02e069ac004b8bff5c50f71d9f9680b1c156b88b14b2
golang-misc-1.21.13-15.el9_4.noarch.rpm SHA-256: 03fb7ae174ad0ac8929fefdd33e81d61086ca41605ae709152ad93810a1955b1
golang-src-1.21.13-15.el9_4.noarch.rpm SHA-256: f8f0f75eef61acded8c12c1154f14ef435c3878ec18e8454b7fbe48805ad5f93
golang-tests-1.21.13-15.el9_4.noarch.rpm SHA-256: 382578dcc7602fb2b7a605a56a2c294ffa77fb4f13e4685c28b18f0bbd80c39e

Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.4

SRPM
golang-1.21.13-15.el9_4.src.rpm SHA-256: 96e15f0e0b3689429331121ef26dac4be794ab7f6267cf2e15afded9fc70a6f6
aarch64
go-toolset-1.21.13-15.el9_4.aarch64.rpm SHA-256: da89235e14089c2bad48e4ad07d8eeb656a78d9353aa10b69639696d48056bf9
golang-1.21.13-15.el9_4.aarch64.rpm SHA-256: fade4d42b5a3dd944cbe5893a1df1b6a92cd12accd61947ed8bec3cae5a7bc8d
golang-bin-1.21.13-15.el9_4.aarch64.rpm SHA-256: 59da178d6671eb39b80c5efff991ecef5d4c144f5612a9ea263754e85155b5df
golang-docs-1.21.13-15.el9_4.noarch.rpm SHA-256: dd85ee22aa81a896dabd02e069ac004b8bff5c50f71d9f9680b1c156b88b14b2
golang-misc-1.21.13-15.el9_4.noarch.rpm SHA-256: 03fb7ae174ad0ac8929fefdd33e81d61086ca41605ae709152ad93810a1955b1
golang-src-1.21.13-15.el9_4.noarch.rpm SHA-256: f8f0f75eef61acded8c12c1154f14ef435c3878ec18e8454b7fbe48805ad5f93
golang-tests-1.21.13-15.el9_4.noarch.rpm SHA-256: 382578dcc7602fb2b7a605a56a2c294ffa77fb4f13e4685c28b18f0bbd80c39e

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.4

SRPM
golang-1.21.13-15.el9_4.src.rpm SHA-256: 96e15f0e0b3689429331121ef26dac4be794ab7f6267cf2e15afded9fc70a6f6
ppc64le
go-toolset-1.21.13-15.el9_4.ppc64le.rpm SHA-256: ac9c3fe5f93348842a54c114523b545bbcfdd5463bce8ca89d52dc98336d1954
golang-1.21.13-15.el9_4.ppc64le.rpm SHA-256: 9285f420485cf252b94607ecc8277490ffe67bff4158fc848eb0bb2cc21082ff
golang-bin-1.21.13-15.el9_4.ppc64le.rpm SHA-256: 95a32b4576eef6333fb735fcb437ee3ccd25f855717de3f09ef4bc1adee1d6e7
golang-docs-1.21.13-15.el9_4.noarch.rpm SHA-256: dd85ee22aa81a896dabd02e069ac004b8bff5c50f71d9f9680b1c156b88b14b2
golang-misc-1.21.13-15.el9_4.noarch.rpm SHA-256: 03fb7ae174ad0ac8929fefdd33e81d61086ca41605ae709152ad93810a1955b1
golang-src-1.21.13-15.el9_4.noarch.rpm SHA-256: f8f0f75eef61acded8c12c1154f14ef435c3878ec18e8454b7fbe48805ad5f93
golang-tests-1.21.13-15.el9_4.noarch.rpm SHA-256: 382578dcc7602fb2b7a605a56a2c294ffa77fb4f13e4685c28b18f0bbd80c39e

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.4

SRPM
golang-1.21.13-15.el9_4.src.rpm SHA-256: 96e15f0e0b3689429331121ef26dac4be794ab7f6267cf2e15afded9fc70a6f6
x86_64
go-toolset-1.21.13-15.el9_4.x86_64.rpm SHA-256: 4fd5c4c70e7f6cddbf987d5616082580426503663c5335671e2fb131bd61354e
golang-1.21.13-15.el9_4.x86_64.rpm SHA-256: c2be4fd5c4e83b171fd3ab51175dc80c466095d548415b7265a749d5ce78eb22
golang-bin-1.21.13-15.el9_4.x86_64.rpm SHA-256: c0a830412334621d9d6910e8c5f69ac743340284771a7711ec4b0a6c4133207a
golang-docs-1.21.13-15.el9_4.noarch.rpm SHA-256: dd85ee22aa81a896dabd02e069ac004b8bff5c50f71d9f9680b1c156b88b14b2
golang-misc-1.21.13-15.el9_4.noarch.rpm SHA-256: 03fb7ae174ad0ac8929fefdd33e81d61086ca41605ae709152ad93810a1955b1
golang-src-1.21.13-15.el9_4.noarch.rpm SHA-256: f8f0f75eef61acded8c12c1154f14ef435c3878ec18e8454b7fbe48805ad5f93
golang-tests-1.21.13-15.el9_4.noarch.rpm SHA-256: 382578dcc7602fb2b7a605a56a2c294ffa77fb4f13e4685c28b18f0bbd80c39e

Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.4

SRPM
golang-1.21.13-15.el9_4.src.rpm SHA-256: 96e15f0e0b3689429331121ef26dac4be794ab7f6267cf2e15afded9fc70a6f6
aarch64
go-toolset-1.21.13-15.el9_4.aarch64.rpm SHA-256: da89235e14089c2bad48e4ad07d8eeb656a78d9353aa10b69639696d48056bf9
golang-1.21.13-15.el9_4.aarch64.rpm SHA-256: fade4d42b5a3dd944cbe5893a1df1b6a92cd12accd61947ed8bec3cae5a7bc8d
golang-bin-1.21.13-15.el9_4.aarch64.rpm SHA-256: 59da178d6671eb39b80c5efff991ecef5d4c144f5612a9ea263754e85155b5df
golang-docs-1.21.13-15.el9_4.noarch.rpm SHA-256: dd85ee22aa81a896dabd02e069ac004b8bff5c50f71d9f9680b1c156b88b14b2
golang-misc-1.21.13-15.el9_4.noarch.rpm SHA-256: 03fb7ae174ad0ac8929fefdd33e81d61086ca41605ae709152ad93810a1955b1
golang-src-1.21.13-15.el9_4.noarch.rpm SHA-256: f8f0f75eef61acded8c12c1154f14ef435c3878ec18e8454b7fbe48805ad5f93
golang-tests-1.21.13-15.el9_4.noarch.rpm SHA-256: 382578dcc7602fb2b7a605a56a2c294ffa77fb4f13e4685c28b18f0bbd80c39e

Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.4

SRPM
golang-1.21.13-15.el9_4.src.rpm SHA-256: 96e15f0e0b3689429331121ef26dac4be794ab7f6267cf2e15afded9fc70a6f6
s390x
go-toolset-1.21.13-15.el9_4.s390x.rpm SHA-256: b05feec4970b267b337c9cd6667d32da98d8aeeac6b594a45dd2937a07b6ac65
golang-1.21.13-15.el9_4.s390x.rpm SHA-256: 2f7ebe3d728243c59069b3eda29dce4865bf954ad77862ccf65cf9b977e51c0d
golang-bin-1.21.13-15.el9_4.s390x.rpm SHA-256: f68da8363fa0855f077f8d303da6eead79dd04a1b43dd650f1d21ed6068b8d26
golang-docs-1.21.13-15.el9_4.noarch.rpm SHA-256: dd85ee22aa81a896dabd02e069ac004b8bff5c50f71d9f9680b1c156b88b14b2
golang-misc-1.21.13-15.el9_4.noarch.rpm SHA-256: 03fb7ae174ad0ac8929fefdd33e81d61086ca41605ae709152ad93810a1955b1
golang-src-1.21.13-15.el9_4.noarch.rpm SHA-256: f8f0f75eef61acded8c12c1154f14ef435c3878ec18e8454b7fbe48805ad5f93
golang-tests-1.21.13-15.el9_4.noarch.rpm SHA-256: 382578dcc7602fb2b7a605a56a2c294ffa77fb4f13e4685c28b18f0bbd80c39e

Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 9.4

SRPM
golang-1.21.13-15.el9_4.src.rpm SHA-256: 96e15f0e0b3689429331121ef26dac4be794ab7f6267cf2e15afded9fc70a6f6
x86_64
go-toolset-1.21.13-15.el9_4.x86_64.rpm SHA-256: 4fd5c4c70e7f6cddbf987d5616082580426503663c5335671e2fb131bd61354e
golang-1.21.13-15.el9_4.x86_64.rpm SHA-256: c2be4fd5c4e83b171fd3ab51175dc80c466095d548415b7265a749d5ce78eb22
golang-bin-1.21.13-15.el9_4.x86_64.rpm SHA-256: c0a830412334621d9d6910e8c5f69ac743340284771a7711ec4b0a6c4133207a
golang-docs-1.21.13-15.el9_4.noarch.rpm SHA-256: dd85ee22aa81a896dabd02e069ac004b8bff5c50f71d9f9680b1c156b88b14b2
golang-misc-1.21.13-15.el9_4.noarch.rpm SHA-256: 03fb7ae174ad0ac8929fefdd33e81d61086ca41605ae709152ad93810a1955b1
golang-src-1.21.13-15.el9_4.noarch.rpm SHA-256: f8f0f75eef61acded8c12c1154f14ef435c3878ec18e8454b7fbe48805ad5f93
golang-tests-1.21.13-15.el9_4.noarch.rpm SHA-256: 382578dcc7602fb2b7a605a56a2c294ffa77fb4f13e4685c28b18f0bbd80c39e

Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 9.4

SRPM
golang-1.21.13-15.el9_4.src.rpm SHA-256: 96e15f0e0b3689429331121ef26dac4be794ab7f6267cf2e15afded9fc70a6f6
aarch64
go-toolset-1.21.13-15.el9_4.aarch64.rpm SHA-256: da89235e14089c2bad48e4ad07d8eeb656a78d9353aa10b69639696d48056bf9
golang-1.21.13-15.el9_4.aarch64.rpm SHA-256: fade4d42b5a3dd944cbe5893a1df1b6a92cd12accd61947ed8bec3cae5a7bc8d
golang-bin-1.21.13-15.el9_4.aarch64.rpm SHA-256: 59da178d6671eb39b80c5efff991ecef5d4c144f5612a9ea263754e85155b5df
golang-docs-1.21.13-15.el9_4.noarch.rpm SHA-256: dd85ee22aa81a896dabd02e069ac004b8bff5c50f71d9f9680b1c156b88b14b2
golang-misc-1.21.13-15.el9_4.noarch.rpm SHA-256: 03fb7ae174ad0ac8929fefdd33e81d61086ca41605ae709152ad93810a1955b1
golang-src-1.21.13-15.el9_4.noarch.rpm SHA-256: f8f0f75eef61acded8c12c1154f14ef435c3878ec18e8454b7fbe48805ad5f93
golang-tests-1.21.13-15.el9_4.noarch.rpm SHA-256: 382578dcc7602fb2b7a605a56a2c294ffa77fb4f13e4685c28b18f0bbd80c39e

Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 9.4

SRPM
golang-1.21.13-15.el9_4.src.rpm SHA-256: 96e15f0e0b3689429331121ef26dac4be794ab7f6267cf2e15afded9fc70a6f6
ppc64le
go-toolset-1.21.13-15.el9_4.ppc64le.rpm SHA-256: ac9c3fe5f93348842a54c114523b545bbcfdd5463bce8ca89d52dc98336d1954
golang-1.21.13-15.el9_4.ppc64le.rpm SHA-256: 9285f420485cf252b94607ecc8277490ffe67bff4158fc848eb0bb2cc21082ff
golang-bin-1.21.13-15.el9_4.ppc64le.rpm SHA-256: 95a32b4576eef6333fb735fcb437ee3ccd25f855717de3f09ef4bc1adee1d6e7
golang-docs-1.21.13-15.el9_4.noarch.rpm SHA-256: dd85ee22aa81a896dabd02e069ac004b8bff5c50f71d9f9680b1c156b88b14b2
golang-misc-1.21.13-15.el9_4.noarch.rpm SHA-256: 03fb7ae174ad0ac8929fefdd33e81d61086ca41605ae709152ad93810a1955b1
golang-src-1.21.13-15.el9_4.noarch.rpm SHA-256: f8f0f75eef61acded8c12c1154f14ef435c3878ec18e8454b7fbe48805ad5f93
golang-tests-1.21.13-15.el9_4.noarch.rpm SHA-256: 382578dcc7602fb2b7a605a56a2c294ffa77fb4f13e4685c28b18f0bbd80c39e

Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 9.4

SRPM
golang-1.21.13-15.el9_4.src.rpm SHA-256: 96e15f0e0b3689429331121ef26dac4be794ab7f6267cf2e15afded9fc70a6f6
s390x
go-toolset-1.21.13-15.el9_4.s390x.rpm SHA-256: b05feec4970b267b337c9cd6667d32da98d8aeeac6b594a45dd2937a07b6ac65
golang-1.21.13-15.el9_4.s390x.rpm SHA-256: 2f7ebe3d728243c59069b3eda29dce4865bf954ad77862ccf65cf9b977e51c0d
golang-bin-1.21.13-15.el9_4.s390x.rpm SHA-256: f68da8363fa0855f077f8d303da6eead79dd04a1b43dd650f1d21ed6068b8d26
golang-docs-1.21.13-15.el9_4.noarch.rpm SHA-256: dd85ee22aa81a896dabd02e069ac004b8bff5c50f71d9f9680b1c156b88b14b2
golang-misc-1.21.13-15.el9_4.noarch.rpm SHA-256: 03fb7ae174ad0ac8929fefdd33e81d61086ca41605ae709152ad93810a1955b1
golang-src-1.21.13-15.el9_4.noarch.rpm SHA-256: f8f0f75eef61acded8c12c1154f14ef435c3878ec18e8454b7fbe48805ad5f93
golang-tests-1.21.13-15.el9_4.noarch.rpm SHA-256: 382578dcc7602fb2b7a605a56a2c294ffa77fb4f13e4685c28b18f0bbd80c39e

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.