Alerts This Week
Warning Icon 1 1,153
Alerts This Week
Warning Icon 1 1,153

openSUSE Leap 16.0 gosec Important Update CVE-2025-22891 Advisory 20579-1

opensuse
Calendar Grey April 21, 2026
Dist Opensuse Esm H88
Important update for openSUSE Leap 16.0 addressing security advancements in gosec, ensuring robust protection.
An update that solves one vulnerability can now be installed.

Description

This update for gosec fixes the following issues:

Changes in gosec:

- Update to version 2.25.0:

* chore(deps): bump google.golang.org/grpc from 1.75.0 to 1.79.3 (#1617)

* fix: allow barry action to access secrets on fork PRs (#1616)

* fix: reduce G117 false positives for custom marshalers and transformed values (#1614) (#1615)

* Add barry security scanner as a step in the CI (#1612)

* chore(deps): update all dependencies (#1611)

* fix: prevent taint analysis hang on packages with many CHA call graph edges (#1608) (#1610)

* Add some skills for claude code to automate some tasks (#1609)

* Add G701-G706 rule-to-CWE mappings and CWE-117, CWE-918 entries (#1606)

* fix: skip SSA analysis on ill-typed packages to prevent panic (#1607)

* Port G120 from SSA-based to taint analysis (fixes #1600, #1603) (#1605)

* fix(G118): eliminate false positive for package-level cancel variables (#1602)

* feat: add G124 rule for insecure HTTP cookie configuration (#1599)

* feat:...

Read the Full Advisory

Patch

Package List

- openSUSE Leap 16.0:

gosec-2.25.0-bp160.1.1

References

* https://www.suse.com/security/cve/CVE-2025-22891.html

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: openSUSE-SU-2026:20579-1
Rating: important
Affected Products: openSUSE Leap 16.0 -------------------------------------------------------------

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here