Alerts This Week
Warning Icon 1 1,154
Alerts This Week
Warning Icon 1 1,154

openSUSE Leap 16.0 go1.25 Important Memory Issues Fix 2026-20570-1

opensuse
Calendar Grey April 21, 2026
Dist Opensuse Esm H88
This article details the important security update for go1.25 in openSUSE addressing critical vulnerabilities and patches.
An update that solves 9 vulnerabilities and has 10 bug fixes can now be installed.

Description

This update for go1.25 fixes the following issues:

- Update to version go1.25.9 (bsc#1244485).

- CVE-2026-27140: cmd/go: trust layer bypass when using cgo and SWIG (bsc#1261653).

- CVE-2026-27143: cmd/compile: possible memory corruption after bound check elimination (bsc#1261654).

- CVE-2026-27144: cmd/compile: no-op interface conversion bypasses overlap checking (bsc#1261655).

- CVE-2026-32280: crypto/x509: unexpected work during chain building (bsc#1261656).

- CVE-2026-32281: crypto/x509: inefficient policy validation (bsc#1261657).

- CVE-2026-32282: os: Root.Chmod can follow symlinks out of the root on Linux (bsc#1261658).

- CVE-2026-32283: crypto/tls: multiple key update handshake messages can cause connection to deadlock (bsc#1261659).

- CVE-2026-32288: archive/tar: unbounded allocation when parsing old format GNU sparse map (bsc#1261660).

- CVE-2026-32289: html/template: JS template literal context incorrectly tracked (bsc#1261661).

Patch instructions:

To install this...

Read the Full Advisory

Patch

Package List

- openSUSE Leap 16.0:

go1.25-1.25.9-160000.1.1

go1.25-doc-1.25.9-160000.1.1

go1.25-libstd-1.25.9-160000.1.1

go1.25-race-1.25.9-160000.1.1

References

* bsc#1244485

* bsc#1261653

* bsc#1261654

* bsc#1261655

* bsc#1261656

* bsc#1261657

* bsc#1261658

* bsc#1261659

* bsc#1261660

* bsc#1261661

References:

* https://www.suse.com/security/cve/CVE-2026-27140.html

* https://www.suse.com/security/cve/CVE-2026-27143.html

* https://www.suse.com/security/cve/CVE-2026-27144.html

* https://www.suse.com/security/cve/CVE-2026-32280.html

* https://www.suse.com/security/cve/CVE-2026-32281.html

* https://www.suse.com/security/cve/CVE-2026-32282.html

* https://www.suse.com/security/cve/CVE-2026-32283.html

* https://www.suse.com/security/cve/CVE-2026-32288.html

* https://www.suse.com/security/cve/CVE-2026-32289.html

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: openSUSE-SU-2026:20570-1
Rating: important
Affected Products: openSUSE Leap 16.0 -------------------------------------------------------------

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here