openSUSE go1.25-openssl Important Prot Issue 2026-0298-1

opensuse

January 27, 2026

An update that solves 22 vulnerabilities, contains one feature and has six security fixes can now be installed.

Description

This update for go1.25-openssl fixes the following issues:

Update to version 1.25.6 (released 2026-01-15) (jsc#SLE-18320, bsc#1244485):

Security fixes:

* CVE-2025-4674 cmd/go: disable support for multiple vcs in one module

(bsc#1246118).

* CVE-2025-47906 os/exec: LookPath bug: incorrect expansion of "", "." and

".." in some PATH configurations (bsc#1247719).

* CVE-2025-47907 database/sql: incorrect results returned from Rows.Scan

(bsc#1247720).

* CVE-2025-47910 net/http: CrossOriginProtection insecure bypass patterns not

limited to exact matches (bsc#1249141).

* CVE-2025-47912 net/url: insufficient validation of bracketed IPv6 hostnames

(bsc#1251257).

* CVE-2025-58183 archive/tar: unbounded allocation when parsing GNU sparse map

(bsc#1251261).

* CVE-2025-58185 encoding/asn1: pre-allocating memory when parsing DER payload

can cause memory exhaustion (bsc#1251258).

* CVE-2025-58186 net/http: lack of limit when parsing cookies can cause...

Read the Full Advisory

Topics Covered

security advisory security issue DoS important OpenSUSE go1.25-openssl

Patch

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like

YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

* openSUSE Leap 15.6

zypper in -t patch SUSE-2026-298=1 openSUSE-SLE-15.6-2026-298=1

* Development Tools Module 15-SP7

zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP7-2026-298=1

* SUSE Linux Enterprise Server 15 SP6 LTSS

zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-298=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP6

zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-298=1

Package List

* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586)

* go1.25-openssl-debuginfo-1.25.6-150600.13.9.1

* go1.25-openssl-1.25.6-150600.13.9.1

* go1.25-openssl-doc-1.25.6-150600.13.9.1

* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64)

* go1.25-openssl-race-1.25.6-150600.13.9.1

* Development Tools Module 15-SP7 (aarch64 ppc64le s390x x86_64)

* go1.25-openssl-debuginfo-1.25.6-150600.13.9.1

* go1.25-openssl-1.25.6-150600.13.9.1

* go1.25-openssl-doc-1.25.6-150600.13.9.1

* go1.25-openssl-race-1.25.6-150600.13.9.1

* SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64)

* go1.25-openssl-debuginfo-1.25.6-150600.13.9.1

* go1.25-openssl-1.25.6-150600.13.9.1

* go1.25-openssl-doc-1.25.6-150600.13.9.1

* go1.25-openssl-race-1.25.6-150600.13.9.1

* SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64)

* go1.25-openssl-debuginfo-1.25.6-150600.13.9.1

* go1.25-openssl-1.25.6-150600.13.9.1

* go1.25-openssl-doc-1.25.6-150600.13.9.1

* go1.25-openssl-race-1.25.6-150600.13.9.1

References

* bsc#1244485

* bsc#1245878

* bsc#1246118

* bsc#1247719

* bsc#1247720

* bsc#1247816

* bsc#1248082

* bsc#1249141

* bsc#1249985

* bsc#1251253

* bsc#1251254

* bsc#1251255

* bsc#1251256

* bsc#1251257

* bsc#1251258

* bsc#1251259

* bsc#1251260

* bsc#1251261

* bsc#1251262

* bsc#1254227

* bsc#1254430

* bsc#1254431

* bsc#1256816

* bsc#1256817

* bsc#1256818

* bsc#1256819

* bsc#1256820

* bsc#1256821

* jsc#SLE-18320

## References:

* https://www.suse.com/security/cve/CVE-2025-4674.html

* https://www.suse.com/security/cve/CVE-2025-47906.html

* https://www.suse.com/security/cve/CVE-2025-47907.html

* https://www.suse.com/security/cve/CVE-2025-47910.html

* https://www.suse.com/security/cve/CVE-2025-47912.html

* https://www.suse.com/security/cve/CVE-2025-58183.html

* https://www.suse.com/security/cve/CVE-2025-58185.html

* https://www.suse.com/security/cve/CVE-2025-58186.html

* https://www.suse.com/security/cve/CVE-2025-58187.html

* https://www.suse.com/security/cve/CVE-2025-58188.html

* https://www.suse.com/security/cve/CVE-2025-58189.html

*...

Read the Full Advisory

Severity

important

Lowest

Low

Medium

High

Critical

Announcement ID: SUSE-SU-2026:0298-1

Release Date: 2026-01-26T16:11:13Z

Affected Products: * Development Tools Module 15-SP7 * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP6 LTSS * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP7

Topics Covered

security advisory security issue DoS important OpenSUSE go1.25-openssl

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

openSUSE go1.25-openssl Important Prot Issue 2026-0298-1

Description

Topics Covered

Patch

Package List

References

Topics Covered

Get the latest News and Insights

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

openSUSE go1.25-openssl Important Prot Issue 2026-0298-1

Description

Topics Covered

Patch

Package List

References

Topics Covered

Get the latest News and Insights

Related Articles

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!