MGASA-2026-0035
- Source
- https://advisories.mageia.org/MGASA-2026-0035.html
- Import Source
- https://advisories.mageia.org/MGASA-2026-0035.json
- JSON Data
- https://api.osv.dev/v1/vulns/MGASA-2026-0035
- Related
- Published
- 2026-02-11T17:56:31Z
- Modified
- 2026-02-11T18:13:47.296640Z
- Summary
- Updated golang packages fix security vulnerabilities
- Details
-
net/http: memory exhaustion in Request.ParseForm. (CVE-2025-61726) archive/zip: denial of service when parsing arbitrary ZIP archives. (CVE-2025-61728) crypto/tls: handshake messages may be processed at the incorrect encryption level. (CVE-2025-61730) cmd/go: bypass of flag sanitization can lead to arbitrary code execution. (CVE-2025-61731) Potential code smuggling via doc comments in cmd/cgo. (CVE-2025-61732) cmd/go: unexpected code execution when invoking toolchain. (CVE-2025-68119) crypto/tls: Config.Clone copies automatically generated session ticket keys, session resumption does not account for the expiration of full certificate chain. (CVE-2025-68121)
- References
-
- https://advisories.mageia.org/MGASA-2026-0035.html
- https://bugs.mageia.org/show_bug.cgi?id=35007
- https://www.openwall.com/lists/oss-security/2026/01/15/3
- https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc
- https://openwall.com/lists/oss-security/2026/01/17/2
- https://openwall.com/lists/oss-security/2026/01/17/3
- https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/NH2ETRY5I4475P2G36TA426YNBGAZLJM/
- https://www.openwall.com/lists/oss-security/2026/02/07/2
- Credits
-
-
- Mageia - COORDINATOR
-
Affected packages
Mageia:9 / golang
Package
- Name
- golang
- Purl
- pkg:rpm/mageia/golang?arch=source&distro=mageia-9