Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
7.5
Red Hat Go Toolset for RHEL 8: Security Flaw in Go Packages
RHSA-2026:3489
Summary
A security update is available for the Go toolset on Red Hat Enterprise Linux 8. It affects several Go packages and could allow an attacker to execute arbitrary code. This update fixes the issue by updating the affected packages and is recommended for all users to install.
What to do
- Update redhat delve to version 0:1.7.2-1.module+el8.6.0+12972+ebab5911.
- Update redhat delve-debuginfo to version 0:1.7.2-1.module+el8.6.0+12972+ebab5911.
- Update redhat delve-debugsource to version 0:1.7.2-1.module+el8.6.0+12972+ebab5911.
- Update redhat go-toolset to version 0:1.17.13-2.module+el8.6.0+22782+bd95fb4c.
- Update redhat golang to version 0:1.17.13-14.module+el8.6.0+24037+9dec91ea.
- Update redhat golang-bin to version 0:1.17.13-14.module+el8.6.0+24037+9dec91ea.
- Update redhat golang-docs to version 0:1.17.13-14.module+el8.6.0+24037+9dec91ea.
- Update redhat golang-misc to version 0:1.17.13-14.module+el8.6.0+24037+9dec91ea.
- Update redhat golang-race to version 0:1.17.13-14.module+el8.6.0+24037+9dec91ea.
- Update redhat golang-src to version 0:1.17.13-14.module+el8.6.0+24037+9dec91ea.
- Update redhat golang-tests to version 0:1.17.13-14.module+el8.6.0+24037+9dec91ea.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| redhat | delve | <= 0:1.7.2-1.module+el8.6.0+12972+ebab5911 | 0:1.7.2-1.module+el8.6.0+12972+ebab5911 |
| redhat | delve-debuginfo | <= 0:1.7.2-1.module+el8.6.0+12972+ebab5911 | 0:1.7.2-1.module+el8.6.0+12972+ebab5911 |
| redhat | delve-debugsource | <= 0:1.7.2-1.module+el8.6.0+12972+ebab5911 | 0:1.7.2-1.module+el8.6.0+12972+ebab5911 |
| redhat | go-toolset | <= 0:1.17.13-2.module+el8.6.0+22782+bd95fb4c | 0:1.17.13-2.module+el8.6.0+22782+bd95fb4c |
| redhat | golang | <= 0:1.17.13-14.module+el8.6.0+24037+9dec91ea | 0:1.17.13-14.module+el8.6.0+24037+9dec91ea |
| redhat | golang-bin | <= 0:1.17.13-14.module+el8.6.0+24037+9dec91ea | 0:1.17.13-14.module+el8.6.0+24037+9dec91ea |
| redhat | golang-docs | <= 0:1.17.13-14.module+el8.6.0+24037+9dec91ea | 0:1.17.13-14.module+el8.6.0+24037+9dec91ea |
| redhat | golang-misc | <= 0:1.17.13-14.module+el8.6.0+24037+9dec91ea | 0:1.17.13-14.module+el8.6.0+24037+9dec91ea |
| redhat | golang-race | <= 0:1.17.13-14.module+el8.6.0+24037+9dec91ea | 0:1.17.13-14.module+el8.6.0+24037+9dec91ea |
| redhat | golang-src | <= 0:1.17.13-14.module+el8.6.0+24037+9dec91ea | 0:1.17.13-14.module+el8.6.0+24037+9dec91ea |
| redhat | golang-tests | <= 0:1.17.13-14.module+el8.6.0+24037+9dec91ea | 0:1.17.13-14.module+el8.6.0+24037+9dec91ea |
| redhat | delve | <= 0:1.7.2-1.module+el8.6.0+12972+ebab5911 | 0:1.7.2-1.module+el8.6.0+12972+ebab5911 |
| redhat | delve-debuginfo | <= 0:1.7.2-1.module+el8.6.0+12972+ebab5911 | 0:1.7.2-1.module+el8.6.0+12972+ebab5911 |
| redhat | delve-debugsource | <= 0:1.7.2-1.module+el8.6.0+12972+ebab5911 | 0:1.7.2-1.module+el8.6.0+12972+ebab5911 |
| redhat | go-toolset | <= 0:1.17.13-2.module+el8.6.0+22782+bd95fb4c | 0:1.17.13-2.module+el8.6.0+22782+bd95fb4c |
| redhat | golang | <= 0:1.17.13-14.module+el8.6.0+24037+9dec91ea | 0:1.17.13-14.module+el8.6.0+24037+9dec91ea |
| redhat | golang-bin | <= 0:1.17.13-14.module+el8.6.0+24037+9dec91ea | 0:1.17.13-14.module+el8.6.0+24037+9dec91ea |
| redhat | golang-docs | <= 0:1.17.13-14.module+el8.6.0+24037+9dec91ea | 0:1.17.13-14.module+el8.6.0+24037+9dec91ea |
| redhat | golang-misc | <= 0:1.17.13-14.module+el8.6.0+24037+9dec91ea | 0:1.17.13-14.module+el8.6.0+24037+9dec91ea |
| redhat | golang-race | <= 0:1.17.13-14.module+el8.6.0+24037+9dec91ea | 0:1.17.13-14.module+el8.6.0+24037+9dec91ea |
| redhat | golang-src | <= 0:1.17.13-14.module+el8.6.0+24037+9dec91ea | 0:1.17.13-14.module+el8.6.0+24037+9dec91ea |
| redhat | golang-tests | <= 0:1.17.13-14.module+el8.6.0+24037+9dec91ea | 0:1.17.13-14.module+el8.6.0+24037+9dec91ea |
| redhat | delve | <= 0:1.7.2-1.module+el8.6.0+12972+ebab5911 | 0:1.7.2-1.module+el8.6.0+12972+ebab5911 |
| redhat | delve-debuginfo | <= 0:1.7.2-1.module+el8.6.0+12972+ebab5911 | 0:1.7.2-1.module+el8.6.0+12972+ebab5911 |
| redhat | delve-debugsource | <= 0:1.7.2-1.module+el8.6.0+12972+ebab5911 | 0:1.7.2-1.module+el8.6.0+12972+ebab5911 |
| redhat | go-toolset | <= 0:1.17.13-2.module+el8.6.0+22782+bd95fb4c | 0:1.17.13-2.module+el8.6.0+22782+bd95fb4c |
| redhat | golang | <= 0:1.17.13-14.module+el8.6.0+24037+9dec91ea | 0:1.17.13-14.module+el8.6.0+24037+9dec91ea |
| redhat | golang-bin | <= 0:1.17.13-14.module+el8.6.0+24037+9dec91ea | 0:1.17.13-14.module+el8.6.0+24037+9dec91ea |
| redhat | golang-docs | <= 0:1.17.13-14.module+el8.6.0+24037+9dec91ea | 0:1.17.13-14.module+el8.6.0+24037+9dec91ea |
| redhat | golang-misc | <= 0:1.17.13-14.module+el8.6.0+24037+9dec91ea | 0:1.17.13-14.module+el8.6.0+24037+9dec91ea |
| redhat | golang-race | <= 0:1.17.13-14.module+el8.6.0+24037+9dec91ea | 0:1.17.13-14.module+el8.6.0+24037+9dec91ea |
| redhat | golang-src | <= 0:1.17.13-14.module+el8.6.0+24037+9dec91ea | 0:1.17.13-14.module+el8.6.0+24037+9dec91ea |
| redhat | golang-tests | <= 0:1.17.13-14.module+el8.6.0+24037+9dec91ea | 0:1.17.13-14.module+el8.6.0+24037+9dec91ea |
Original title
Red Hat Security Advisory: go-toolset:rhel8 security update
osv CVSS3.1
7.5
- https://access.redhat.com/errata/RHSA-2026:3489 Vendor Advisory
- https://access.redhat.com/security/updates/classification/#important Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2434431 Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2434432 Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2437016 Third Party Advisory
- https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_3489.j... Vendor Advisory
- https://access.redhat.com/security/cve/CVE-2025-61726 Third Party Advisory
- https://www.cve.org/CVERecord?id=CVE-2025-61726 Vendor Advisory
- https://nvd.nist.gov/vuln/detail/CVE-2025-61726 Vendor Advisory
- https://go.dev/cl/736712 Third Party Advisory
- https://go.dev/issue/77101 Third Party Advisory
- https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc Third Party Advisory
- https://pkg.go.dev/vuln/GO-2026-4341 Vendor Advisory
- https://access.redhat.com/security/cve/CVE-2025-61728 Third Party Advisory
- https://www.cve.org/CVERecord?id=CVE-2025-61728 Vendor Advisory
- https://nvd.nist.gov/vuln/detail/CVE-2025-61728 Vendor Advisory
- https://go.dev/cl/736713 Third Party Advisory
- https://go.dev/issue/77102 Third Party Advisory
- https://pkg.go.dev/vuln/GO-2026-4342 Vendor Advisory
- https://access.redhat.com/security/cve/CVE-2025-61732 Third Party Advisory
- https://www.cve.org/CVERecord?id=CVE-2025-61732 Vendor Advisory
- https://nvd.nist.gov/vuln/detail/CVE-2025-61732 Vendor Advisory
- https://go.dev/cl/734220 Third Party Advisory
- https://go.dev/issue/76697 Third Party Advisory
- https://groups.google.com/g/golang-announce/c/K09ubi9FQFk Third Party Advisory
- https://pkg.go.dev/vuln/GO-2026-4433 Vendor Advisory
Published: 2 Mar 2026 · Updated: 7 Mar 2026 · First seen: 6 Mar 2026