Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 501
Alerts This Week
Warning Icon 1 501

openSUSE Leap 16.0 Critical go1.25-openssl Security Update 2026-21319-1

opensuse
Calendar Grey July 15, 2026
Dist Opensuse Esm H88
An important update for openSUSE addressing 30 issues in go1.25-openssl requiring immediate attention and installation.
An update that solves 30 vulnerabilities and has 34 bug fixes can now be installed.

Description

This update for go1.25-openssl fixes the following issues

- Update to version go1.25.12 (bsc#1244485).

- CVE-2025-61732: cmd/cgo: discrepancy between Go and C/C++ comment parsing allows for C code smuggling (bsc#1257692).

- CVE-2025-68121: crypto/tls: Config.Clone copies automatically generated session ticket keys, session resumption does not account for the expiration of full certificate chain (bsc#1256818).

- CVE-2026-25679: net/url: reject IPv6 literal not at start of host (bsc#1259264).

- CVE-2026-27139: os: FileInfo can escape from a Root (bsc#1259268).

- CVE-2026-27140: cmd/go: trust layer bypass when using cgo and SWIG (bsc#1261653).

- CVE-2026-27142: html/template: URLs in meta content attribute actions are not escaped (bsc#1259265).

- CVE-2026-27143: cmd/compile: possible memory corruption after bound check elimination (bsc#1261654).

- CVE-2026-27144: cmd/compile: no-op interface conversion bypasses overlap checking (bsc#1261655).

- CVE-2026-27145: crypto/x509: split...

Read the Full Advisory

Patch

Package List

- openSUSE Leap 16.0:

go1.25-openssl-1.25.12-160000.1.1

go1.25-openssl-doc-1.25.12-160000.1.1

go1.25-openssl-race-1.25.12-160000.1.1

References

* bsc#1170826

* bsc#1244485

* bsc#1245878

* bsc#1256818

* bsc#1257692

* bsc#1259264

* bsc#1259265

* bsc#1259268

* bsc#1261653

* bsc#1261654

* bsc#1261655

* bsc#1261656

* bsc#1261657

* bsc#1261658

* bsc#1261659

* bsc#1261660

* bsc#1261661

* bsc#1264394

* bsc#1264499

* bsc#1264500

* bsc#1264501

* bsc#1264502

* bsc#1264503

* bsc#1264504

* bsc#1264505

* bsc#1264506

* bsc#1264507

* bsc#1264508

* bsc#1264509

* bsc#1267442

* bsc#1267444

* bsc#1267450

* bsc#1271014

* bsc#1271015

References:

* https://www.suse.com/security/cve/CVE-2025-61732.html

* https://www.suse.com/security/cve/CVE-2025-68121.html

* https://www.suse.com/security/cve/CVE-2026-25679.html

* https://www.suse.com/security/cve/CVE-2026-27139.html

* https://www.suse.com/security/cve/CVE-2026-27140.html

* https://www.suse.com/security/cve/CVE-2026-27142.html

* https://www.suse.com/security/cve/CVE-2026-27143.html

* https://www.suse.com/security/cve/CVE-2026-27144.html

* https://www.suse.com/security/cve/CVE-2026-27145.html

*...

Read the Full Advisory

Severity
critical
Lowest
Low
Medium
High
Critical

Announcement ID: openSUSE-SU-2026:21319-1
Rating: critical
Affected Products: openSUSE Leap 16.0 -------------------------------------------------------------

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.