openSUSE Leap 16.0 go1.25 Critical C Code Vulnerabilities 2026-20214-1
opensuse
February 14, 2026
An update that solves 2 vulnerabilities and has 3 bug fixes can now be installed.
Description
This update for go1.25 fixes the following issues:
Update to version 1.25.7.
Security issues fixed:
- CVE-2025-61732: cmd/go: discrepancy between Go and C/C++ comment parsing allows for C code smuggling (bsc#1257692).
- CVE-2025-68121: crypto/tls: Config.Clone copies automatically generated session ticket keys, session resumption does
not account for the expiration of full certificate chain (bsc#1256818).
Other updates and bugfixes:
- version update to 1.25.7:
* go#75844 cmd/compile: OOM killed on linux/arm64
* go#77323 crypto/x509: single-label excluded DNS name constraints incorrectly match all wildcard SANs
* go#77425 crypto/tls: CL 737700 broke session resumption on macOS
Patch instructions:
To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 16.0
zypper in -t patch openSUSE-Leap-16.0-269=1
Patch
Package List
- openSUSE Leap 16.0:
go1.25-1.25.7-160000.1.1
go1.25-doc-1.25.7-160000.1.1
go1.25-libstd-1.25.7-160000.1.1
go1.25-race-1.25.7-160000.1.1
References
* bsc#1244485
* bsc#1256818
* bsc#1257692
References:
* https://www.suse.com/security/cve/CVE-2025-61732.html
* https://www.suse.com/security/cve/CVE-2025-68121.html
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Announcement ID: openSUSE-SU-2026:20214-1
Rating: critical
Affected Products:
openSUSE Leap 16.0
-------------------------------------------------------------
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!