Alerts This Week
Warning Icon 1 640
Alerts This Week
Warning Icon 1 640

openSUSE 2026 gosec Moderate Update for CVE-2025-22891 Available Now

opensuse
Calendar Grey May 16, 2026
Dist Opensuse Esm H88
Update available for openSUSE fixing moderate severity issue in gosec software. Apply patch to secure your system.
An update that fixes one vulnerability is now available.

Description

This update for gosec fixes the following issues:

- Update to version 2.26.1:

* Update cosign to v3.0.6 (#1659)

* Sync taint rule docs and add missing CWE mappings for G113/G307 (#1658)

* Update all dependencies (#1657)

* Add G710 rule for open redirect via taint analysis (#1654)

* Fix formatting

* Update the default models use by autofix and phase out the older models

* Format and clean-up the README

* Add HTTP file-serving function to the skins of pathtraversal analyzer

(#1647)

* Skip flaging the TLS min version for go 1.18+ (#1646)

* chore(deps): bump go.opentelemetry.io/otel from 1.39.0 to 1.41.0

(#1645)

* Added filepath.Abs as a sanitizer (#1643)

* Allow rune to byte conversion (#1642)

* Allow platform specific conversions (#1641)

* chore(deps): update all dependencies (#1639)

* chore(deps): update all dependencies (#1634)

* chore(go): update supported Go versions to 1.25.9 and...

Read the Full Advisory

Patch

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods

like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Backports SLE-15-SP7:

zypper in -t patch openSUSE-2026-167=1

Package List

- openSUSE Backports SLE-15-SP7 (aarch64 i586 ppc64le s390x x86_64):

gosec-2.26.1-bp157.2.6.1

References

https://www.suse.com/security/cve/CVE-2025-22891.html

Announcement ID: openSUSE-SU-2026:0167-1
Rating: moderate
Affected Products: openSUSE Backports SLE-15-SP7

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here