Explore top 10 tips to secure your open-source projects now. Read More
×
This update for go1.26-openssl fixes the following issues
* Update to version go1.26.5 (bsc#1255111).
* CVE-2026-27145: crypto/x509: split candidate hostname only once
(bsc#1267450).
* CVE-2026-39822: os: Root escape via symlink plus trailing slash
(bsc#1271014).
* CVE-2026-42504: mime: quadratic complexity in WordDecoder.DecodeHeader
(bsc#1267442).
* CVE-2026-42505: crypto/tls: omit PSK in ECH outer client hello
(bsc#1271015).
* CVE-2026-42507: net/textproto: arbitrary input are included in errors
without any escaping (bsc#1267444).
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.6
zypper in -t patch SUSE-2026-3102=1
* Development Tools Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP7-2026-3102=1
* SUSE Linux Enterprise Server 15 SP6 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-3102=1
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-3102=1
* Development Tools Module 15-SP7 (aarch64 ppc64le s390x x86_64)
* go1.26-openssl-doc-1.26.5-150600.13.9.1
* go1.26-openssl-1.26.5-150600.13.9.1
* go1.26-openssl-race-1.26.5-150600.13.9.1
* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64)
* go1.26-openssl-race-1.26.5-150600.13.9.1
* openSUSE Leap 15.6 (aarch64 i586 ppc64le s390x x86_64)
* go1.26-openssl-doc-1.26.5-150600.13.9.1
* go1.26-openssl-1.26.5-150600.13.9.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64)
* go1.26-openssl-doc-1.26.5-150600.13.9.1
* go1.26-openssl-1.26.5-150600.13.9.1
* go1.26-openssl-race-1.26.5-150600.13.9.1
* SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64)
* go1.26-openssl-doc-1.26.5-150600.13.9.1
* go1.26-openssl-1.26.5-150600.13.9.1
* go1.26-openssl-race-1.26.5-150600.13.9.1
* bsc#1245878
* bsc#1255111
* bsc#1264395
* bsc#1267442
* bsc#1267444
* bsc#1267450
* bsc#1271014
* bsc#1271015
* jsc#PED-1962
* jsc#SLE-18320
## References:
* https://www.suse.com/security/cve/CVE-2026-27145.html
* https://www.suse.com/security/cve/CVE-2026-39822.html
* https://www.suse.com/security/cve/CVE-2026-42504.html
* https://www.suse.com/security/cve/CVE-2026-42505.html
* https://www.suse.com/security/cve/CVE-2026-42507.html
* https://bugzilla.suse.com/show_bug.cgi?id=1245878
* https://bugzilla.suse.com/show_bug.cgi?id=1255111
* https://bugzilla.suse.com/show_bug.cgi?id=1264395
* https://bugzilla.suse.com/show_bug.cgi?id=1267442
* https://bugzilla.suse.com/show_bug.cgi?id=1267444
* https://bugzilla.suse.com/show_bug.cgi?id=1267450
* https://bugzilla.suse.com/show_bug.cgi?id=1271014
* https://bugzilla.suse.com/show_bug.cgi?id=1271015
* https://jira.suse.com/browse/PED-1962
* https://jira.suse.com/browse/SLE-18320
Get the latest Linux and open source security news straight to your inbox.