[CLSA-2026:1781178389] golang: Fix of CVE-2026-39820
Type:
security
Severity:
Important
Release date:
2026-06-11 11:46:49 UTC
Description:
- CVE-2026-39820: fix quadratic complexity in consumeComment in net/mail by replacing repeated string concatenation with a strings.Builder, reducing the function from O(n^2) to O(n) in nested comment depth
CVEs fixed:
Updated packages:
  • go-toolset-1.25.7-1.el9_6.tuxcare.els9.x86_64.rpm
    sha:9cc547770f24ee80d953cb5b847192d2bfc1ac210aa58699a88092fb0d545fa7
  • golang-1.25.7-1.el9_6.tuxcare.els9.x86_64.rpm
    sha:5be0fa5619457cd763337a329ff96f21ac5acf2478f2bf2e4115c27b3c16d664
  • golang-bin-1.25.7-1.el9_6.tuxcare.els9.x86_64.rpm
    sha:08f631414ae7ca24433557e62106aab5cfc6f8106200ce14622e7ed2cbabaa95
  • golang-docs-1.25.7-1.el9_6.tuxcare.els9.noarch.rpm
    sha:dd09163c0adda469a8a8449a54cc3200e57fe6842e73fffa008215a253157f0a
  • golang-misc-1.25.7-1.el9_6.tuxcare.els9.noarch.rpm
    sha:85517748da4252def96a4305e950679596e5bc0e9aea4721a926e3ff583c4c3c
  • golang-race-1.25.7-1.el9_6.tuxcare.els9.x86_64.rpm
    sha:17d16dac7df88b5ad7145c9b090fb752f9dbb582dbaa811400f8ab46c45f39cb
  • golang-src-1.25.7-1.el9_6.tuxcare.els9.noarch.rpm
    sha:0681beba1d6b9a369f4e90794cbcddc933c02a06291c7d3800f34add91bacab9
  • golang-tests-1.25.7-1.el9_6.tuxcare.els9.noarch.rpm
    sha:26124fc3af86fcb1eb83ee77c27a0b4ca5293e3f2566ee1f3d7a00f6415e9680
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.