Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 573
Alerts This Week
Warning Icon 1 573

openSUSE Leap Important go1.26-openssl Vulnerabilities Fixed 2026-21254-1

opensuse
Calendar Grey July 8, 2026
Dist Opensuse Esm H88
Update fixes 24 issues in go1.26-openssl on openSUSE Leap, enhancing security and stability.
An update that solves 24 vulnerabilities and has 28 bug fixes can now be installed.

Description

This update for go1.26-openssl fixes the following issues:

Update to go1.26.4 (bsc#1255111).

Security issues fixed:

- CVE-2026-27140: cmd/go: trust layer bypass when using cgo and SWIG (bsc#1261653).

- CVE-2026-27143: cmd/compile: possible memory corruption after bound check elimination (bsc#1261654).

- CVE-2026-27144: cmd/compile: no-op interface conversion bypasses overlap checking (bsc#1261655).

- CVE-2026-27145: crypto/x509: split candidate hostname only once (bsc#1267450).

- CVE-2026-32280: crypto/x509: unexpected work during chain building (bsc#1261656).

- CVE-2026-32281: crypto/x509: inefficient policy validation (bsc#1261657).

- CVE-2026-32282: os: `Root.Chmod` can follow symlinks out of the root on Linux (bsc#1261658).

- CVE-2026-32283: crypto/tls: multiple key update handshake messages can cause connection to deadlock (bsc#1261659).

- CVE-2026-32288: archive/tar: unbounded allocation when parsing old format GNU sparse map (bsc#1261660).

- CVE-2026-32289: html/template:...

Read the Full Advisory

Patch

Package List

- openSUSE Leap 16.0:

go1.26-openssl-1.26.4-160000.1.1

go1.26-openssl-doc-1.26.4-160000.1.1

go1.26-openssl-race-1.26.4-160000.1.1

References

* bsc#1170826

* bsc#1245878

* bsc#1255111

* bsc#1261653

* bsc#1261654

* bsc#1261655

* bsc#1261656

* bsc#1261657

* bsc#1261658

* bsc#1261659

* bsc#1261660

* bsc#1261661

* bsc#1261662

* bsc#1264395

* bsc#1264499

* bsc#1264500

* bsc#1264501

* bsc#1264502

* bsc#1264503

* bsc#1264504

* bsc#1264505

* bsc#1264506

* bsc#1264507

* bsc#1264508

* bsc#1264509

* bsc#1267442

* bsc#1267444

* bsc#1267450

References:

* https://www.suse.com/security/cve/CVE-2026-27140.html

* https://www.suse.com/security/cve/CVE-2026-27143.html

* https://www.suse.com/security/cve/CVE-2026-27144.html

* https://www.suse.com/security/cve/CVE-2026-27145.html

* https://www.suse.com/security/cve/CVE-2026-32280.html

* https://www.suse.com/security/cve/CVE-2026-32281.html

* https://www.suse.com/security/cve/CVE-2026-32282.html

* https://www.suse.com/security/cve/CVE-2026-32283.html

* https://www.suse.com/security/cve/CVE-2026-32288.html

* https://www.suse.com/security/cve/CVE-2026-32289.html

* https://www.suse.com/security/cve/CVE-2026-33810.html

*...

Read the Full Advisory

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: openSUSE-SU-2026:21254-1
Rating: important
Affected Products: openSUSE Leap 16.0 -------------------------------------------------------------

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.