Alerts This Week
Warning Icon 1 758
Alerts This Week
Warning Icon 1 758

openSUSE Go1.26 Important Security Update Advisory 2026-20762-1

opensuse
Calendar Grey May 19, 2026
Dist Opensuse Esm H88
An update for openSUSE addressing 11 vulnerabilities and 13 bug fixes is now available for installation.
An update that solves 11 vulnerabilities and has 13 bug fixes can now be installed.

Description

This update for go1.26 fixes the following issues

Security issues:

- CVE-2026-33811: net: crash when handling long CNAME response (bsc#1264508).

- CVE-2026-33814: net/http: infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE (bsc#1264506).

- CVE-2026-39817: cmd/go: "go tool pack" does not sanitize output paths (bsc#1264505).

- CVE-2026-39819: cmd/go: "go bug" follows symlinks in predictable temporary filenames (bsc#1264504).

- CVE-2026-39820: net/mail: quadratic string concatentation in consumeComment (bsc#1264503).

- CVE-2026-39823: html/template: bypass of meta content URL escaping causes XSS (bsc#1264509).

- CVE-2026-39825: net/http/httputil: ReverseProxy forwards queries with more than urlmaxqueryparams parameters

(bsc#1264500).

- CVE-2026-39826: html/template: escaper bypass leads to XSS (bsc#1264507).

- CVE-2026-39836: net: panic in Dial and LookupPort when handling NUL byte on Windows (bsc#1264501).

- CVE-2026-42499: net/mail: quadratic string...

Read the Full Advisory

Patch

Package List

- openSUSE Leap 16.0:

go1.26-1.26.3-160000.1.1

go1.26-doc-1.26.3-160000.1.1

go1.26-libstd-1.26.3-160000.1.1

go1.26-race-1.26.3-160000.1.1

References

* bsc#1170826

* bsc#1255111

* bsc#1264499

* bsc#1264500

* bsc#1264501

* bsc#1264502

* bsc#1264503

* bsc#1264504

* bsc#1264505

* bsc#1264506

* bsc#1264507

* bsc#1264508

* bsc#1264509

References:

* https://www.suse.com/security/cve/CVE-2026-33811.html

* https://www.suse.com/security/cve/CVE-2026-33814.html

* https://www.suse.com/security/cve/CVE-2026-39817.html

* https://www.suse.com/security/cve/CVE-2026-39819.html

* https://www.suse.com/security/cve/CVE-2026-39820.html

* https://www.suse.com/security/cve/CVE-2026-39823.html

* https://www.suse.com/security/cve/CVE-2026-39825.html

* https://www.suse.com/security/cve/CVE-2026-39826.html

* https://www.suse.com/security/cve/CVE-2026-39836.html

* https://www.suse.com/security/cve/CVE-2026-42499.html

* https://www.suse.com/security/cve/CVE-2026-42501.html

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: openSUSE-SU-2026:20762-1
Rating: important
Affected Products: openSUSE Leap 16.0 -------------------------------------------------------------

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here