Release date:
2026-06-08 19:21:50 UTC
Description:
- CVE-2026-42499: replace the quadratic string concatenation in net/mail
consumePhrase with a strings.Builder so phrases containing many adjacent
RFC 2047 encoded-words are coalesced in linear time, preventing a denial
of service from pathological RFC 5322 address inputs
- CVE-2026-42501: reject a checksum database (sumdb) /lookup/ response that
lacks a hash for the requested module in cmd/go checkSumDB instead of
silently treating it as verified, preventing a malicious module proxy from
bypassing checksum database validation and serving a corrupted module
Updated packages:
-
go-toolset-1.22.9-1.el9_2.tuxcare.els13.x86_64.rpm
sha:fd930bb8ed5b76fca1720cac886c07b9ccfaeb42859bb2b86d7a5ef16b66958f
-
golang-1.22.9-1.el9_2.tuxcare.els13.x86_64.rpm
sha:beb866ce943518cdafff58b14b7efd1f22d2ebf9deb19a1e7c6af39c89c9ff69
-
golang-bin-1.22.9-1.el9_2.tuxcare.els13.x86_64.rpm
sha:45562a02de0056bd1300303e0fc450aa57798e19e8ead9f37361ef5d56eebc65
-
golang-docs-1.22.9-1.el9_2.tuxcare.els13.noarch.rpm
sha:32f3f29a63340cc3692041c886091ede55771e3d00dd064f81a3a78352ff9cca
-
golang-misc-1.22.9-1.el9_2.tuxcare.els13.noarch.rpm
sha:839dae456a70a722830355dc7f5332cc31ae79c17388ed171581ddab350b6fb3
-
golang-src-1.22.9-1.el9_2.tuxcare.els13.noarch.rpm
sha:7c971a8042240bcf4576e5a695a786e5cfa6a31774c95c7cc874c7f6f2ac8e9e
-
golang-tests-1.22.9-1.el9_2.tuxcare.els13.noarch.rpm
sha:5859d0b6c0cbdb9afa5fcc02261e4b21e968310432bb90ba3c59687b207aef6a
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.
