Explore top 10 tips to secure your open-source projects now. Read More
×
The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:. Oracle Linux Security Advisory ELSA-2026-37435 http://linux.oracle.com/errata/ELSA-2026-37435.html The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network: x86_64: go-toolset-1.26.5-1.0.1.el9_8.x86_64.rpm golang-1.26.5-1.0.1.el9_8.x86_64.rpm golang-bin-1.26.5-1.0.1.el9_8.x86_64.rpm golang-docs-1.26.5-1.0.1.el9_8.noarch.rpm golang-misc-1.26.5-1.0.1.el9_8.noarch.rpm golang-race-1.26.5-1.0.1.el9_8.x86_64.rpm golang-src-1.26.5-1.0.1.el9_8.noarch.rpm golang-tests-1.26.5-1.0.1.el9_8.noarch.rpm aarch64: go-toolset-1.26.5-1.0.1.el9_8.aarch64.rpm golang-1.26.5-1.0.1.el9_8.aarch64.rpm golang-bin-1.26.5-1.0.1.el9_8.aarch64.rpm golang-docs-1.26.5-1.0.1.el9_8.noarch.rpm golang-misc-1.26.5-1.0.1.el9_8.noarch.rpm golang-race-1.26.5-1.0.1.el9_8.aarch64.rpm golang-src-1.26.5-1.0.1.el9_8.noarch.rpm golang-tests-1.26.5-1.0.1.el9_8.noarch.rpm SRPMS: http://oss.oracle.com/ol9/SRPMS-updates/golang-1.26.5-1.0.1.el9_8.src.rpm Related CVEs: CVE-2026-39821 CVE-2026-39822 Description of changes: [1.26.5-1.0.1] - EXPERIMENTAL: Introduce fipsnoenforceems GODEBUG var [1.26.5-1] - Update to Go 1.26.5 (fips-1) - Resolves: RHEL-193476 [1.25.7-1] - Update to Go 1.25.7 (fips-1) - Resolves: RHEL-146452 [1.25.5-1] - Update to Go 1.25.5 (fips-1) - Resolves: RHEL-139364 [1.25.3-2] - Cleanup lib/ ownership [1.25.3-1] - Update to Go 1.25.3 - Resolves: RHEL-121220 [1.25.1-1] - Update to Go 1.25.1 - Resolves: RHEL-116850 [1.25.0-2] - Revert DWARF5 defaults - Add elf5 to rpminspect.yaml - Related: RHEL-109557 [1.25.0-1] - Update to Go 1.25.0 - Set GOAMD64 to v2 to align with new architecture baselines - Modify the modify_go.env.patch to reflect GOAMD64 baseline version change to v2 - Resolves: RHEL-109557 [1.24.6-1] - Update to Go 1.24.6 (fips-1) - Resolves: RHEL-106461 _______________________________________________ El-errata mailinglist
Rebuild with newer golang toolchain. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-e48c1b5f93 2026-07-10 01:05:32.166941+00:00 -------------------------------------------------------------------------------- Name : kind Product : Fedora 43 Version : 0.31.0 Release : 4.fc43 URL : https://github.com/kubernetes-sigs/kind Summary : Kubernetes IN Docker Description : Kubernetes IN Docker - local clusters for testing Kubernetes. -------------------------------------------------------------------------------- Update Information: Rebuild with newer golang toolchain -------------------------------------------------------------------------------- ChangeLog: * Tue Jul 7 2026 blinxen - 0.31.0-4 - Rebuild (rhbz#2494326) * Tue Feb 3 2026 Mikel Olasagasti Uranga - 0.31.0-3 - Use correct goipath * Tue Feb 3 2026 Maxwell G - 0.31.0-2 - Rebuild for https://fedoraproject.org/wiki/Changes/golang1.26 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-e48c1b5f93' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Important: git-lfs security update. {"type": "TYPE_SECURITY", "shortCode": "RL", "name": "RLSA-2026:30854", "synopsis": "Important: git-lfs security update", "severity": "SEVERITY_IMPORTANT", "topic": "An update is available for git-lfs.\nThis update affects Rocky Linux 9.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list", "description": "Git Large File Storage (LFS) replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while storing the file contents on a remote server.\n\nSecurity Fix(es):\n\n* golang.org/x/net/idna: golang: golang.org/x/net/idna: Privilege escalation via incorrect Punycode label processing (CVE-2026-39821)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "solution": null, "affectedProducts": ["Rocky Linux 9"], "fixes": [{"ticket": "2480756", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2480756", "description": ""}], "cves": [{"name": "CVE-2026-39821", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-39821", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N", "cvss3BaseScore": "8.2", "cwe": "CWE-1289"}], "references": [], "publishedAt": "2026-07-01T12:03:26.775911Z", "rpms": {"Rocky Linux 9": {"nvras": ["git-lfs-0:3.7.1-4.el9_8.1.aarch64.rpm", "git-lfs-0:3.7.1-4.el9_8.1.ppc64le.rpm", "git-lfs-0:3.7.1-4.el9_8.1.s390x.rpm", "git-lfs-0:3.7.1-4.el9_8.1.src.rpm", "git-lfs-0:3.7.1-4.el9_8.1.x86_64.rpm", "git-lfs-debuginfo-0:3.7.1-4.el9_8.1.aarch64.rpm", "git-lfs-debuginfo-0:3.7.1-4.el9_8.1.ppc64le.rpm", "git-lfs-debuginfo-0:3.7.1-4.el9_8.1.s390x.rpm", "git-lfs-debuginfo-0:3.7.1-4.el9_8.1.x86_64.rpm", "git-lfs-debugsource-0:3.7.1-4.el9_8.1.aarch64.rpm", "git-lfs-debugsource-0:3.7.1-4.el9_8.1.ppc64le.rpm","git-lfs-debugsource-0:3.7.1-4.el9_8.1.s390x.rpm", "git-lfs-debugsource-0:3.7.1-4.el9_8.1.x86_64.rpm"]}}, "rebootSuggested": false, "buildReferences": []}. Critical git-lfs security update for Rocky Linux addresses potential privilege escalation issues via CVE-2026-39821.. git-lfs security update, Rocky Linux advisory, privilege escalation fix, CVE-2026-39821. . Severity: Important. LinuxSecurity.com Team
The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:. Oracle Linux Security Advisory ELSA-2026-29981 http://linux.oracle.com/errata/ELSA-2026-29981.html The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network: x86_64: go-toolset-1.26.4-1.0.1.el9_8.x86_64.rpm golang-1.26.4-1.0.1.el9_8.x86_64.rpm golang-bin-1.26.4-1.0.1.el9_8.x86_64.rpm golang-docs-1.26.4-1.0.1.el9_8.noarch.rpm golang-misc-1.26.4-1.0.1.el9_8.noarch.rpm golang-race-1.26.4-1.0.1.el9_8.x86_64.rpm golang-src-1.26.4-1.0.1.el9_8.noarch.rpm golang-tests-1.26.4-1.0.1.el9_8.noarch.rpm aarch64: go-toolset-1.26.4-1.0.1.el9_8.aarch64.rpm golang-1.26.4-1.0.1.el9_8.aarch64.rpm golang-bin-1.26.4-1.0.1.el9_8.aarch64.rpm golang-docs-1.26.4-1.0.1.el9_8.noarch.rpm golang-misc-1.26.4-1.0.1.el9_8.noarch.rpm golang-race-1.26.4-1.0.1.el9_8.aarch64.rpm golang-src-1.26.4-1.0.1.el9_8.noarch.rpm golang-tests-1.26.4-1.0.1.el9_8.noarch.rpm SRPMS: http://oss.oracle.com/ol9/SRPMS-updates/golang-1.26.4-1.0.1.el9_8.src.rpm Related CVEs: CVE-2026-42507 Description of changes: [1.26.4-1.0.1] - EXPERIMENTAL: Introduce fipsnoenforceems GODEBUG var [1.26.4-1] - Update to Go 1.26.4 (fips-1) - Resolves: RHEL-183349 _______________________________________________ El-errata mailing list
Moderate: golang security, bug fix, and enhancement update. {"type": "TYPE_SECURITY", "shortCode": "RL", "name": "RLSA-2026:29980", "synopsis": "Moderate: golang security, bug fix, and enhancement update", "severity": "SEVERITY_MODERATE", "topic": "An update is available for golang.\nThis update affects Rocky Linux 10.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list", "description": "The golang packages provide the Go programming language compiler.\n\nSecurity Fix(es):\n\n* net/textproto: golang: Golang net/textproto: Misleading error messages via input injection (CVE-2026-42507)\n\nBug Fix(es) and Enhancement(s):\n\n* Update Go to version 1.26.4+1 [rhel-10.2.z] (JIRA:Rocky Linux-183347)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "solution": null, "affectedProducts": ["Rocky Linux 10"], "fixes": [{"ticket": "2484205", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2484205", "description": ""}], "cves": [{"name": "CVE-2026-42507", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42507", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "cvss3BaseScore": "5.3", "cwe": "CWE-117"}], "references": [], "publishedAt": "2026-06-26T12:05:00.179765Z", "rpms": {"Rocky Linux 10": {"nvras": ["golang-bin-0:1.26.4-1.el10_2.ppc64le.rpm", "golang-race-0:1.26.4-1.el10_2.aarch64.rpm", "go-toolset-0:1.26.4-1.el10_2.aarch64.rpm", "golang-race-0:1.26.4-1.el10_2.x86_64.rpm", "go-toolset-0:1.26.4-1.el10_2.ppc64le.rpm", "golang-race-0:1.26.4-1.el10_2.ppc64le.rpm", "golang-bin-0:1.26.4-1.el10_2.s390x.rpm", "golang-misc-0:1.26.4-1.el10_2.noarch.rpm", "golang-docs-0:1.26.4-1.el10_2.noarch.rpm", "golang-0:1.26.4-1.el10_2.s390x.rpm", "golang-bin-0:1.26.4-1.el10_2.aarch64.rpm","go-toolset-0:1.26.4-1.el10_2.s390x.rpm", "golang-0:1.26.4-1.el10_2.aarch64.rpm", "golang-0:1.26.4-1.el10_2.x86_64.rpm", "golang-0:1.26.4-1.el10_2.ppc64le.rpm", "golang-bin-0:1.26.4-1.el10_2.x86_64.rpm", "golang-tests-0:1.26.4-1.el10_2.noarch.rpm", "go-toolset-0:1.26.4-1.el10_2.x86_64.rpm", "golang-race-0:1.26.4-1.el10_2.s390x.rpm", "golang-src-0:1.26.4-1.el10_2.noarch.rpm", "golang-0:1.26.4-1.el10_2.src.rpm"]}}, "rebootSuggested": false, "buildReferences": []}. Update available for golang on Rocky Linux 10 addressing a moderate bug fix related to input injection identified in CVE-2026-42507.. Rocky Linux, golang update, security advisory, input injection, bug fix. . Severity: moderate. LinuxSecurity.com Team
Moderate: golang security, bug fix, and enhancement update. {"type": "TYPE_SECURITY", "shortCode": "RL", "name": "RLSA-2026:29981", "synopsis": "Moderate: golang security, bug fix, and enhancement update", "severity": "SEVERITY_MODERATE", "topic": "An update is available for golang.\nThis update affects Rocky Linux 9.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list", "description": "The golang packages provide the Go programming language compiler.\n\nSecurity Fix(es):\n\n* net/textproto: golang: Golang net/textproto: Misleading error messages via input injection (CVE-2026-42507)\n\nBug Fix(es) and Enhancement(s):\n\n* Update Go to version 1.26.4+1 [rhel-9.8.z] (JIRA:Rocky Linux-183350)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "solution": null, "affectedProducts": ["Rocky Linux 9"], "fixes": [{"ticket": "2484205", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2484205", "description": ""}], "cves": [{"name": "CVE-2026-42507", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42507", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "cvss3BaseScore": "5.3", "cwe": "CWE-117"}], "references": [], "publishedAt": "2026-06-26T12:03:13.137376Z", "rpms": {"Rocky Linux 9": {"nvras": ["golang-0:1.26.4-1.el9_8.aarch64.rpm", "golang-0:1.26.4-1.el9_8.ppc64le.rpm", "golang-0:1.26.4-1.el9_8.s390x.rpm", "golang-0:1.26.4-1.el9_8.src.rpm", "golang-0:1.26.4-1.el9_8.x86_64.rpm", "golang-bin-0:1.26.4-1.el9_8.aarch64.rpm", "golang-bin-0:1.26.4-1.el9_8.ppc64le.rpm", "golang-bin-0:1.26.4-1.el9_8.s390x.rpm", "golang-bin-0:1.26.4-1.el9_8.x86_64.rpm", "golang-docs-0:1.26.4-1.el9_8.noarch.rpm", "golang-misc-0:1.26.4-1.el9_8.noarch.rpm", "golang-race-0:1.26.4-1.el9_8.aarch64.rpm","golang-race-0:1.26.4-1.el9_8.ppc64le.rpm", "golang-race-0:1.26.4-1.el9_8.s390x.rpm", "golang-race-0:1.26.4-1.el9_8.x86_64.rpm", "golang-src-0:1.26.4-1.el9_8.noarch.rpm", "golang-tests-0:1.26.4-1.el9_8.noarch.rpm", "go-toolset-0:1.26.4-1.el9_8.aarch64.rpm", "go-toolset-0:1.26.4-1.el9_8.ppc64le.rpm", "go-toolset-0:1.26.4-1.el9_8.s390x.rpm", "go-toolset-0:1.26.4-1.el9_8.x86_64.rpm"]}}, "rebootSuggested": false, "buildReferences": []}. Update for golang available in Rocky Linux 9. Fixes misleading error messages due to input injection vulnerability.. Rocky Linux bug fix golang update. . Severity: moderate. LinuxSecurity.com Team
The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:. Oracle Linux Security Advisory ELSA-2026-22121 http://linux.oracle.com/errata/ELSA-2026-22121.html The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network: x86_64: go-toolset-1.26.3-1.0.1.el9_8.x86_64.rpm golang-1.26.3-1.0.1.el9_8.x86_64.rpm golang-bin-1.26.3-1.0.1.el9_8.x86_64.rpm golang-docs-1.26.3-1.0.1.el9_8.noarch.rpm golang-misc-1.26.3-1.0.1.el9_8.noarch.rpm golang-race-1.26.3-1.0.1.el9_8.x86_64.rpm golang-src-1.26.3-1.0.1.el9_8.noarch.rpm golang-tests-1.26.3-1.0.1.el9_8.noarch.rpm aarch64: go-toolset-1.26.3-1.0.1.el9_8.aarch64.rpm golang-1.26.3-1.0.1.el9_8.aarch64.rpm golang-bin-1.26.3-1.0.1.el9_8.aarch64.rpm golang-docs-1.26.3-1.0.1.el9_8.noarch.rpm golang-misc-1.26.3-1.0.1.el9_8.noarch.rpm golang-race-1.26.3-1.0.1.el9_8.aarch64.rpm golang-src-1.26.3-1.0.1.el9_8.noarch.rpm golang-tests-1.26.3-1.0.1.el9_8.noarch.rpm SRPMS: http://oss.oracle.com/ol9/SRPMS-updates/golang-1.26.3-1.0.1.el9_8.src.rpm Related CVEs: CVE-2026-33811 CVE-2026-33814 CVE-2026-39817 CVE-2026-39819 CVE-2026-39820 CVE-2026-39823 CVE-2026-39825 CVE-2026-39826 CVE-2026-39836 CVE-2026-42499 CVE-2026-42501 Description of changes: [1.26.3-1.0.1] - EXPERIMENTAL: Introduce fipsnoenforceems GODEBUG var [1.26.3-1] - Update to Go 1.26.3 (fips-1) - Resolves: RHEL-175607 _______________________________________________ El-errata mailing list
Moderate: golang-github-openprinting-ipp-usb security update. {"type": "TYPE_SECURITY", "shortCode": "RL", "name": "RLSA-2026:27740", "synopsis": "Moderate: golang-github-openprinting-ipp-usb security update", "severity": "SEVERITY_MODERATE", "topic": "An update is available for golang-github-openprinting-ipp-usb.\nThis update affects Rocky Linux 10.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list", "description": "HTTP reverse proxy, backed by IPP-over-USB connection to device. It enables\n driverless support for USB devices capable of using IPP-over-USB protocol.\n\nSecurity Fix(es):\n\n* crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation (CVE-2026-32281)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "solution": null, "affectedProducts": ["Rocky Linux 10"], "fixes": [{"ticket": "2456333", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2456333", "description": ""}], "cves": [{"name": "CVE-2026-32281", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32281", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss3BaseScore": "5.9", "cwe": "CWE-1050"}], "references": [], "publishedAt": "2026-06-24T12:05:09.232192Z", "rpms": {"Rocky Linux 10": {"nvras": ["golang-github-openprinting-ipp-usb-debugsource-0:0.9.27-7.el10_2.1.x86_64.rpm", "ipp-usb-0:0.9.27-7.el10_2.1.ppc64le.rpm", "ipp-usb-debuginfo-0:0.9.27-7.el10_2.1.x86_64.rpm", "golang-github-openprinting-ipp-usb-debugsource-0:0.9.27-7.el10_2.1.ppc64le.rpm", "ipp-usb-debuginfo-0:0.9.27-7.el10_2.1.s390x.rpm", "ipp-usb-debuginfo-0:0.9.27-7.el10_2.1.aarch64.rpm", "golang-github-openprinting-ipp-usb-debugsource-0:0.9.27-7.el10_2.1.s390x.rpm","ipp-usb-debuginfo-0:0.9.27-7.el10_2.1.ppc64le.rpm", "golang-github-openprinting-ipp-usb-debugsource-0:0.9.27-7.el10_2.1.aarch64.rpm", "ipp-usb-0:0.9.27-7.el10_2.1.x86_64.rpm", "ipp-usb-0:0.9.27-7.el10_2.1.aarch64.rpm", "ipp-usb-0:0.9.27-7.el10_2.1.s390x.rpm", "golang-github-openprinting-ipp-usb-0:0.9.27-7.el10_2.1.src.rpm"]}}, "rebootSuggested": false, "buildReferences": []}. Moderate security update available for golang-github-openprinting-ipp-usb in Rocky Linux 10 addressing denial of service threats.. Golang Security Update, Rocky Linux 10, IPP-USB Protocol, Denial of Service, OpenPrinting. . Severity: moderate. LinuxSecurity.com Team
Get the latest Linux and open source security news straight to your inbox.