Release date:
2026-06-10 11:14:50 UTC
Description:
- CVE-2026-33811: fix double-free of cgo pointer in net resolver when handling
oversized DNS responses by reordering Free calls relative to retry path
- CVE-2026-33814: fix hang in net/http/internal/http2 Transport when peer sends
a SETTINGS frame with an invalid value by surfacing the error and tearing
down the connection instead of blocking
- CVE-2026-42499: fix quadratic consumePhrase behavior in net/mail by using a
strings.Builder to accumulate encoded-word runs instead of repeatedly
concatenating into the previous slice element
- CVE-2026-42501: fix cmd/go sumdb verification gap by rejecting checksum
database responses that omit the module hash, preventing acceptance of a
go.sum-mismatched module
Updated packages:
-
go-toolset-1.25.7-1.el9_6.tuxcare.els8.x86_64.rpm
sha:cb6fa5db5b68953c06309709ba0f1c924e51dbcdba62a4ff7cb63040d77131e5
-
golang-1.25.7-1.el9_6.tuxcare.els8.x86_64.rpm
sha:a8ff224c995b61a6dc4236fa6040d08040ab38600e23449684925c94aa3fc1a2
-
golang-bin-1.25.7-1.el9_6.tuxcare.els8.x86_64.rpm
sha:caf5bc34f82c72bf63597730568c7324c48a95af720be21c51f2d01ee707a740
-
golang-docs-1.25.7-1.el9_6.tuxcare.els8.noarch.rpm
sha:10b048d2122c99a1cb877f59f6ce129841e6e8e7d8ec926a09553355f4055ff9
-
golang-misc-1.25.7-1.el9_6.tuxcare.els8.noarch.rpm
sha:91f5b9a4767fc24f5bd9aa8d5af350392bb5056d86d7f891f723e756c252802f
-
golang-race-1.25.7-1.el9_6.tuxcare.els8.x86_64.rpm
sha:5989f9d48be83e3b2828a3e48f5eba4786b2f118efdf2c6f32a5b1735fa76814
-
golang-src-1.25.7-1.el9_6.tuxcare.els8.noarch.rpm
sha:e54a457f6d0f41fdfc5ece3ceced3edfa074b767d8a8ecffb3bb62aa0a031ac1
-
golang-tests-1.25.7-1.el9_6.tuxcare.els8.noarch.rpm
sha:c4a3c52a178511cad78ca35cd6553f75c08322a596531a7f13bc139971cdf9de
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.
