Red Hat Product Errata RHSA-2026:16024 - Security Advisory Issued: 2026-05-11 Updated: 2026-05-11 RHSA-2026:16024 - Security Advisory Overview Updated Packages Synopsis Important: golang security update Type/Severity Security Advisory: Important Red Hat Lightspeed patch analysis Identify and remediate systems affected by this advisory. View affected systems Topic An update for golang is now available for Red Hat Enterprise Linux 10.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description The golang packages provide the Go programming language compiler. Security Fix(es): golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root (CVE-2026-32282) crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages (CVE-2026-32283) crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building (CVE-2026-32280) golang: cmd/compile: no-op interface conversion bypasses overlap checking (CVE-2026-27144) cmd/go: golang: Go (golang) and cmd/go: Arbitrary Code Execution via malicious SWIG file names (CVE-2026-27140) golang: cmd/compile: possible memory corruption after bound check elimination (CVE-2026-27143) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 Affected Products Red Hat Enterprise Linux for x86_64 - Extended Update Support 10.0 x86_64 Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 10.0 s390x Red Hat Enterprise Linux for Power, little endian - Extended Update Support 10.0 ppc64le Red Hat Enterprise Linux for ARM 64 - Extended Update Support 10.0 aarch64 Red Hat Enterprise Linux for ARM 64 - 4 years of updates 10.0 aarch64 Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 10.0 s390x Red Hat Enterprise Linux for Power, little endian - 4 years of support 10.0 ppc64le Red Hat Enterprise Linux for x86_64 - 4 years of updates 10.0 x86_64 Fixes BZ - 2456336 - CVE-2026-32282 golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root BZ - 2456338 - CVE-2026-32283 crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages BZ - 2456339 - CVE-2026-32280 crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building BZ - 2456340 - CVE-2026-27144 golang: cmd/compile: no-op interface conversion bypasses overlap checking BZ - 2456341 - CVE-2026-27140 cmd/go: golang: Go (golang) and cmd/go: Arbitrary Code Execution via malicious SWIG file names BZ - 2456342 - CVE-2026-27143 golang: cmd/compile: possible memory corruption after bound check elimination CVEs CVE-2026-27140 CVE-2026-27143 CVE-2026-27144 CVE-2026-32280 CVE-2026-32282 CVE-2026-32283 References https://access.redhat.com/security/updates/classification/#important Note: More recent versions of these packages may be available. Click a package name for more details. Red Hat Enterprise Linux for x86_64 - Extended Update Support 10.0 SRPM golang-1.25.9-1.el10_0.src.rpm SHA-256: 3a249f1ffa0a2dd5c7d7989d71a2a844579e0618a9e06d8a0febcf827735b436 x86_64 go-toolset-1.25.9-1.el10_0.x86_64.rpm SHA-256: 8e7f21c050f9bc42b392a3b0b35f9c0e9b73763da0c9857c8a60be4443e6f0cc golang-1.25.9-1.el10_0.x86_64.rpm SHA-256: 5e0dd33f1ce8d4d36772ad38be4c8969d779194549f87bffb7e5ebd85c349dc0 golang-bin-1.25.9-1.el10_0.x86_64.rpm SHA-256: 676a7ecc409e38e27f33eb93b1366798afafd2d1b2f91bfe0060421869fffeb2 golang-docs-1.25.9-1.el10_0.noarch.rpm SHA-256: bfddd713a277767d2e64e7b1d9f042c20325984f1b2ad694a948dd2af631f56b golang-misc-1.25.9-1.el10_0.noarch.rpm SHA-256: 8baa07ef58a9adc2fecc3fd412b2ad28032605cf12c75c38dae26de5cc7c1e8e golang-race-1.25.9-1.el10_0.x86_64.rpm SHA-256: 62f49e025e2889e8a345eea7d5637ce97e5eea57c1be0e71911df3a42a37e031 golang-src-1.25.9-1.el10_0.noarch.rpm SHA-256: b7816bbdb261e50edda6e08809b8515e1c27805e32c5993598e9be12bf99332b golang-tests-1.25.9-1.el10_0.noarch.rpm SHA-256: 433fb2122ebd0d9622491aca26b48da462e3b0e3fd05526c777a395f5bd7ca35 Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 10.0 SRPM golang-1.25.9-1.el10_0.src.rpm SHA-256: 3a249f1ffa0a2dd5c7d7989d71a2a844579e0618a9e06d8a0febcf827735b436 s390x go-toolset-1.25.9-1.el10_0.s390x.rpm SHA-256: a7909c5e394c939807abafff3fd44c2d7d6c58ba0cd3db4858bdb8a07793d662 golang-1.25.9-1.el10_0.s390x.rpm SHA-256: 7208bd63d6970e55f5df9f80c16db89b26e6098ce4d32c5cd33981f070816b9d golang-bin-1.25.9-1.el10_0.s390x.rpm SHA-256: f71149c6d4dc7cf1e719774911b8f830a572e622c506adbd2233664d30b3ed95 golang-docs-1.25.9-1.el10_0.noarch.rpm SHA-256: bfddd713a277767d2e64e7b1d9f042c20325984f1b2ad694a948dd2af631f56b golang-misc-1.25.9-1.el10_0.noarch.rpm SHA-256: 8baa07ef58a9adc2fecc3fd412b2ad28032605cf12c75c38dae26de5cc7c1e8e golang-race-1.25.9-1.el10_0.s390x.rpm SHA-256: c6490ec131d5ac924b6ec23bf2475c14d5147a34e64d810ea63651905f53c247 golang-src-1.25.9-1.el10_0.noarch.rpm SHA-256: b7816bbdb261e50edda6e08809b8515e1c27805e32c5993598e9be12bf99332b golang-tests-1.25.9-1.el10_0.noarch.rpm SHA-256: 433fb2122ebd0d9622491aca26b48da462e3b0e3fd05526c777a395f5bd7ca35 Red Hat Enterprise Linux for Power, little endian - Extended Update Support 10.0 SRPM golang-1.25.9-1.el10_0.src.rpm SHA-256: 3a249f1ffa0a2dd5c7d7989d71a2a844579e0618a9e06d8a0febcf827735b436 ppc64le go-toolset-1.25.9-1.el10_0.ppc64le.rpm SHA-256: 8d983db0d7f8eebcf67b2e4f4829891cbaac93a79c6979a915fcfd7088b131ef golang-1.25.9-1.el10_0.ppc64le.rpm SHA-256: 50947ecd66386d2aa5551a501cdab38b53e502c77c7a6ce5546cf560728d53e7 golang-bin-1.25.9-1.el10_0.ppc64le.rpm SHA-256: 53e073ed1ab14eadfb246f2472d1b394f1d66b069d0ca5a9f6b5f8289d0d3320 golang-docs-1.25.9-1.el10_0.noarch.rpm SHA-256: bfddd713a277767d2e64e7b1d9f042c20325984f1b2ad694a948dd2af631f56b golang-misc-1.25.9-1.el10_0.noarch.rpm SHA-256: 8baa07ef58a9adc2fecc3fd412b2ad28032605cf12c75c38dae26de5cc7c1e8e golang-race-1.25.9-1.el10_0.ppc64le.rpm SHA-256: 33d893b084bf6184bca301cbf873946fb4d68cbb8a2a2289626b900f038cffd5 golang-src-1.25.9-1.el10_0.noarch.rpm SHA-256: b7816bbdb261e50edda6e08809b8515e1c27805e32c5993598e9be12bf99332b golang-tests-1.25.9-1.el10_0.noarch.rpm SHA-256: 433fb2122ebd0d9622491aca26b48da462e3b0e3fd05526c777a395f5bd7ca35 Red Hat Enterprise Linux for ARM 64 - Extended Update Support 10.0 SRPM golang-1.25.9-1.el10_0.src.rpm SHA-256: 3a249f1ffa0a2dd5c7d7989d71a2a844579e0618a9e06d8a0febcf827735b436 aarch64 go-toolset-1.25.9-1.el10_0.aarch64.rpm SHA-256: 2ab86de945d6b763db9cf92a2a8f77630d96b50ea36d9f598b66c3d9adac6c82 golang-1.25.9-1.el10_0.aarch64.rpm SHA-256: 0bd7e0f05226a1e3b5b3ed013271b4e160d885fa8f266eedb8affcab1082e8de golang-bin-1.25.9-1.el10_0.aarch64.rpm SHA-256: 5e8dbd7a68c6edcd42144b77e7fe8196c04395df191ca1d2a7b9ba9aa3735b57 golang-docs-1.25.9-1.el10_0.noarch.rpm SHA-256: bfddd713a277767d2e64e7b1d9f042c20325984f1b2ad694a948dd2af631f56b golang-misc-1.25.9-1.el10_0.noarch.rpm SHA-256: 8baa07ef58a9adc2fecc3fd412b2ad28032605cf12c75c38dae26de5cc7c1e8e golang-race-1.25.9-1.el10_0.aarch64.rpm SHA-256: 19f37c531606ed6db9b39a8f1a9ff40934df9789790118d70c8b894bd3eb6230 golang-src-1.25.9-1.el10_0.noarch.rpm SHA-256: b7816bbdb261e50edda6e08809b8515e1c27805e32c5993598e9be12bf99332b golang-tests-1.25.9-1.el10_0.noarch.rpm SHA-256: 433fb2122ebd0d9622491aca26b48da462e3b0e3fd05526c777a395f5bd7ca35 Red Hat Enterprise Linux for ARM 64 - 4 years of updates 10.0 SRPM golang-1.25.9-1.el10_0.src.rpm SHA-256: 3a249f1ffa0a2dd5c7d7989d71a2a844579e0618a9e06d8a0febcf827735b436 aarch64 go-toolset-1.25.9-1.el10_0.aarch64.rpm SHA-256: 2ab86de945d6b763db9cf92a2a8f77630d96b50ea36d9f598b66c3d9adac6c82 golang-1.25.9-1.el10_0.aarch64.rpm SHA-256: 0bd7e0f05226a1e3b5b3ed013271b4e160d885fa8f266eedb8affcab1082e8de golang-bin-1.25.9-1.el10_0.aarch64.rpm SHA-256: 5e8dbd7a68c6edcd42144b77e7fe8196c04395df191ca1d2a7b9ba9aa3735b57 golang-docs-1.25.9-1.el10_0.noarch.rpm SHA-256: bfddd713a277767d2e64e7b1d9f042c20325984f1b2ad694a948dd2af631f56b golang-misc-1.25.9-1.el10_0.noarch.rpm SHA-256: 8baa07ef58a9adc2fecc3fd412b2ad28032605cf12c75c38dae26de5cc7c1e8e golang-race-1.25.9-1.el10_0.aarch64.rpm SHA-256: 19f37c531606ed6db9b39a8f1a9ff40934df9789790118d70c8b894bd3eb6230 golang-src-1.25.9-1.el10_0.noarch.rpm SHA-256: b7816bbdb261e50edda6e08809b8515e1c27805e32c5993598e9be12bf99332b golang-tests-1.25.9-1.el10_0.noarch.rpm SHA-256: 433fb2122ebd0d9622491aca26b48da462e3b0e3fd05526c777a395f5bd7ca35 Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 10.0 SRPM golang-1.25.9-1.el10_0.src.rpm SHA-256: 3a249f1ffa0a2dd5c7d7989d71a2a844579e0618a9e06d8a0febcf827735b436 s390x go-toolset-1.25.9-1.el10_0.s390x.rpm SHA-256: a7909c5e394c939807abafff3fd44c2d7d6c58ba0cd3db4858bdb8a07793d662 golang-1.25.9-1.el10_0.s390x.rpm SHA-256: 7208bd63d6970e55f5df9f80c16db89b26e6098ce4d32c5cd33981f070816b9d golang-bin-1.25.9-1.el10_0.s390x.rpm SHA-256: f71149c6d4dc7cf1e719774911b8f830a572e622c506adbd2233664d30b3ed95 golang-docs-1.25.9-1.el10_0.noarch.rpm SHA-256: bfddd713a277767d2e64e7b1d9f042c20325984f1b2ad694a948dd2af631f56b golang-misc-1.25.9-1.el10_0.noarch.rpm SHA-256: 8baa07ef58a9adc2fecc3fd412b2ad28032605cf12c75c38dae26de5cc7c1e8e golang-race-1.25.9-1.el10_0.s390x.rpm SHA-256: c6490ec131d5ac924b6ec23bf2475c14d5147a34e64d810ea63651905f53c247 golang-src-1.25.9-1.el10_0.noarch.rpm SHA-256: b7816bbdb261e50edda6e08809b8515e1c27805e32c5993598e9be12bf99332b golang-tests-1.25.9-1.el10_0.noarch.rpm SHA-256: 433fb2122ebd0d9622491aca26b48da462e3b0e3fd05526c777a395f5bd7ca35 Red Hat Enterprise Linux for Power, little endian - 4 years of support 10.0 SRPM g