ALSA-2026:37436

See a problem?
Import Source
https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux10/ALSA-2026:37436.json
JSON Data
https://api.osv.dev/v1/vulns/ALSA-2026:37436
Related
Published
2026-07-09T00:00:00Z
Modified
2026-07-13T14:15:18.319713809Z
Summary
Important: golang security, bug fix, and enhancement update
Details

The golang packages provide the Go programming language compiler.

Security Fix(es):

  • golang.org/x/net/idna: golang: golang.org/x/net/idna: Privilege escalation via incorrect Punycode label processing (CVE-2026-39821)
  • os: golang: Go os.Root: Symlink following vulnerability allows directory traversal (CVE-2026-39822)

Bug Fix(es) and Enhancement(s):

  • Update Go to version 1.26.5+1 [almalinux-10.2.z] (JIRA:AlmaLinux-193473)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References

Affected packages

AlmaLinux:10
go-toolset

Package

Name
go-toolset
Purl
pkg:rpm/almalinux/go-toolset

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.26.5-1.el10_2.alma.1

Database specific

source
"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux10/ALSA-2026:37436.json"
golang

Package

Name
golang
Purl
pkg:rpm/almalinux/golang

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.26.5-1.el10_2.alma.1

Database specific

source
"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux10/ALSA-2026:37436.json"
golang-bin

Package

Name
golang-bin
Purl
pkg:rpm/almalinux/golang-bin

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.26.5-1.el10_2.alma.1

Database specific

source
"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux10/ALSA-2026:37436.json"
golang-docs

Package

Name
golang-docs
Purl
pkg:rpm/almalinux/golang-docs

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.26.5-1.el10_2.alma.1

Database specific

source
"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux10/ALSA-2026:37436.json"
golang-misc

Package

Name
golang-misc
Purl
pkg:rpm/almalinux/golang-misc

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.26.5-1.el10_2.alma.1

Database specific

source
"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux10/ALSA-2026:37436.json"
golang-race

Package

Name
golang-race
Purl
pkg:rpm/almalinux/golang-race

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.26.5-1.el10_2.alma.1

Database specific

source
"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux10/ALSA-2026:37436.json"
golang-src

Package

Name
golang-src
Purl
pkg:rpm/almalinux/golang-src

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.26.5-1.el10_2.alma.1

Database specific

source
"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux10/ALSA-2026:37436.json"
golang-tests

Package

Name
golang-tests
Purl
pkg:rpm/almalinux/golang-tests

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.26.5-1.el10_2.alma.1

Database specific

source
"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux10/ALSA-2026:37436.json"