Mageia alert MGASA-2026-0035 (golang)
| From: | Mageia Updates <updates-announce@ml.mageia.org> | |
| To: | updates-announce@ml.mageia.org | |
| Subject: | [updates-announce] MGASA-2026-0035: Updated golang packages fix security vulnerabilities | |
| Date: | Wed, 11 Feb 2026 18:57:08 +0100 | |
| Message-ID: | <20260211175708.A7F7B9FD43@duvel.mageia.org> | |
| Archive-link: | Article |
MGASA-2026-0035 - Updated golang packages fix security vulnerabilities Publication date: 11 Feb 2026 URL: https://advisories.mageia.org/MGASA-2026-0035.html Type: security Affected Mageia releases: 9 CVE: CVE-2025-61726, CVE-2025-61728, CVE-2025-61730, CVE-2025-61731, CVE-2025-61732, CVE-2025-68119, CVE-2025-68121 Description: net/http: memory exhaustion in Request.ParseForm. (CVE-2025-61726) archive/zip: denial of service when parsing arbitrary ZIP archives. (CVE-2025-61728) crypto/tls: handshake messages may be processed at the incorrect encryption level. (CVE-2025-61730) cmd/go: bypass of flag sanitization can lead to arbitrary code execution. (CVE-2025-61731) Potential code smuggling via doc comments in cmd/cgo. (CVE-2025-61732) cmd/go: unexpected code execution when invoking toolchain. (CVE-2025-68119) crypto/tls: Config.Clone copies automatically generated session ticket keys, session resumption does not account for the expiration of full certificate chain. (CVE-2025-68121) References: - https://bugs.mageia.org/show_bug.cgi?id=35007 - https://www.openwall.com/lists/oss-security/2026/01/15/3 - https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc - https://openwall.com/lists/oss-security/2026/01/17/2 - https://openwall.com/lists/oss-security/2026/01/17/3 - https://lists.opensuse.org/archives/list/security-announc... - https://www.openwall.com/lists/oss-security/2026/02/07/2 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6... - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6... - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6... - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6... - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6... - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6... - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6... SRPMS: - 9/core/golang-1.24.13-1.mga9