Red Hat Security Advisory: golang security update
This Red Hat security advisory addresses multiple vulnerabilities in the golang packages used in Red Hat Enterprise Linux 9. 4 Extended Update Support. The issues include excessive CPU consumption during archive index building in archive/zip (CVE-2025-61728), memory exhaustion in query parameter parsing in net/url (CVE-2025-61726), and potential code smuggling via doc comments in cmd/cgo (CVE-2025-61732). These vulnerabilities have been rated with an important security impact by Red Hat. Updated golang packages are available to fix these issues. Users of affected Red Hat Enterprise Linux versions should apply the provided updates to remediate these vulnerabilities.
AI Analysis
Technical Summary
The golang packages in Red Hat Enterprise Linux 9.4 Extended Update Support contain three security vulnerabilities: CVE-2025-61728 causes excessive CPU consumption when building archive indexes in the archive/zip package; CVE-2025-61726 leads to memory exhaustion during query parameter parsing in the net/url package; and CVE-2025-61732 allows potential code smuggling via doc comments in the cmd/cgo tool. Red Hat has released updated golang packages addressing these issues. The advisory covers multiple architectures including x86_64, aarch64, s390x, and ppc64le. The vendor rates the update as important and provides detailed instructions for applying the patches.
Potential Impact
The vulnerabilities may allow an attacker to cause denial of service conditions through excessive CPU or memory consumption or potentially introduce malicious code via doc comments in cgo. These issues could impact the stability and security of systems running vulnerable golang packages. No known exploits in the wild have been reported. The impact is rated as important by Red Hat.
Mitigation Recommendations
Red Hat has released updated golang packages for Red Hat Enterprise Linux 9.4 Extended Update Support that address these vulnerabilities. Users should apply these official updates as described in the Red Hat advisory (RHSA-2026:3469) and the referenced article https://access.redhat.com/articles/11258. No additional mitigation steps are indicated beyond applying the vendor-provided patches.
Red Hat Security Advisory: golang security update
Description
This Red Hat security advisory addresses multiple vulnerabilities in the golang packages used in Red Hat Enterprise Linux 9. 4 Extended Update Support. The issues include excessive CPU consumption during archive index building in archive/zip (CVE-2025-61728), memory exhaustion in query parameter parsing in net/url (CVE-2025-61726), and potential code smuggling via doc comments in cmd/cgo (CVE-2025-61732). These vulnerabilities have been rated with an important security impact by Red Hat. Updated golang packages are available to fix these issues. Users of affected Red Hat Enterprise Linux versions should apply the provided updates to remediate these vulnerabilities.
Weaknesses
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The golang packages in Red Hat Enterprise Linux 9.4 Extended Update Support contain three security vulnerabilities: CVE-2025-61728 causes excessive CPU consumption when building archive indexes in the archive/zip package; CVE-2025-61726 leads to memory exhaustion during query parameter parsing in the net/url package; and CVE-2025-61732 allows potential code smuggling via doc comments in the cmd/cgo tool. Red Hat has released updated golang packages addressing these issues. The advisory covers multiple architectures including x86_64, aarch64, s390x, and ppc64le. The vendor rates the update as important and provides detailed instructions for applying the patches.
Potential Impact
The vulnerabilities may allow an attacker to cause denial of service conditions through excessive CPU or memory consumption or potentially introduce malicious code via doc comments in cgo. These issues could impact the stability and security of systems running vulnerable golang packages. No known exploits in the wild have been reported. The impact is rated as important by Red Hat.
Mitigation Recommendations
Red Hat has released updated golang packages for Red Hat Enterprise Linux 9.4 Extended Update Support that address these vulnerabilities. Users should apply these official updates as described in the Red Hat advisory (RHSA-2026:3469) and the referenced article https://access.redhat.com/articles/11258. No additional mitigation steps are indicated beyond applying the vendor-provided patches.
Technical Details
- Gcve Source
- db.gcve.eu
- Csaf Category
- csaf_security_advisory
- Csaf Version
- 2.0
- Publisher
- Red Hat Product Security
- Advisory Id
- RHSA-2026:3469
- Cve Count
- 3
- Additional Cves
- ["CVE-2025-61728","CVE-2025-61732"]
- Cvss Version
- null
Threat ID: 6a16096ae29bf47b50630270
Added to database: 5/26/2026, 8:58:18 PM
Last enriched: 5/26/2026, 9:43:09 PM
Last updated: 5/27/2026, 4:55:14 AM
Views: 2
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.