Explore top 10 tips to secure your open-source projects now. Read More
×
This update for go1.26-openssl fixes the following issues
- Update to version go1.26.5 (bsc#1255111).
- CVE-2026-39822: os: Root escape via symlink plus trailing slash (bsc#1271014).
- CVE-2026-42505: crypto/tls: omit PSK in ECH outer client hello (bsc#1271015).
Patch instructions:
To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 16.0
zypper in -t patch openSUSE-Leap-16.0-1225=1
- openSUSE Leap 16.0:
go1.26-openssl-1.26.5-160000.1.1
go1.26-openssl-doc-1.26.5-160000.1.1
go1.26-openssl-race-1.26.5-160000.1.1
* bsc#1245878
* bsc#1255111
* bsc#1264395
* bsc#1271014
* bsc#1271015
References:
* https://www.suse.com/security/cve/CVE-2026-39822.html
* https://www.suse.com/security/cve/CVE-2026-42505.html
Get the latest Linux and open source security news straight to your inbox.