Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 498
Alerts This Week
Warning Icon 1 498

openSUSE Leap 16.0 Advisory 2026-21324-1 Go1.25 Important Security Fix

opensuse
Calendar Grey July 15, 2026
Dist Opensuse Esm H88
An important update for openSUSE addresses 5 vulnerabilities in go1.25 with 8 bug fixes available for installation.
An update that solves 5 vulnerabilities and has 8 bug fixes can now be installed.

Description

This update for go1.25 fixes the following issues

- Update to version go1.25.12 (bsc#1244485).

- CVE-2026-25679: net/url: reject IPv6 literal not at start of host (bsc#1259264).

- CVE-2026-27139: os: FileInfo can escape from a Root (bsc#1259268).

- CVE-2026-27142: html/template: URLs in meta content attribute actions are not escaped (bsc#1259265).

- CVE-2026-39822: os: Root escape via symlink plus trailing slash (bsc#1271014).

- CVE-2026-42505: crypto/tls: omit PSK in ECH outer client hello (bsc#1271015).

Patch instructions:

To install this openSUSE security update use the suse recommended installation methods

like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 16.0

zypper in -t patch openSUSE-Leap-16.0-1228=1

Patch

Package List

- openSUSE Leap 16.0:

go1.25-1.25.12-160000.1.1

go1.25-doc-1.25.12-160000.1.1

go1.25-race-1.25.12-160000.1.1

References

* bsc#1244485

* bsc#1245878

* bsc#1259264

* bsc#1259265

* bsc#1259268

* bsc#1264394

* bsc#1271014

* bsc#1271015

References:

* https://www.suse.com/security/cve/CVE-2026-25679.html

* https://www.suse.com/security/cve/CVE-2026-27139.html

* https://www.suse.com/security/cve/CVE-2026-27142.html

* https://www.suse.com/security/cve/CVE-2026-39822.html

* https://www.suse.com/security/cve/CVE-2026-42505.html

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: openSUSE-SU-2026:21324-1
Rating: important
Affected Products: openSUSE Leap 16.0 -------------------------------------------------------------

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.