Alerts This Week
Warning Icon 1 1,149
Alerts This Week
Warning Icon 1 1,149

openSUSE 16.0 go1.26 Important Security Update 2026-20571-1 CVE-2026-27140

opensuse
Calendar Grey April 21, 2026
Dist Opensuse Esm H88
Install important update for openSUSE go1.26 to fix 10 security issues and 11 bugs effectively. Get the details here.
An update that solves 10 vulnerabilities and has 11 bug fixes can now be installed.

Description

This update for go1.26 fixes the following issues:

- Update to version go1.26.2 (bsc#1255111).

- CVE-2026-27140: cmd/go: trust layer bypass when using cgo and SWIG (bsc#1261653).

- CVE-2026-27143: cmd/compile: possible memory corruption after bound check elimination (bsc#1261654).

- CVE-2026-27144: cmd/compile: no-op interface conversion bypasses overlap checking (bsc#1261655).

- CVE-2026-32280: crypto/x509: unexpected work during chain building (bsc#1261656).

- CVE-2026-32281: crypto/x509: inefficient policy validation (bsc#1261657).

- CVE-2026-32282: os: Root.Chmod can follow symlinks out of the root on Linux (bsc#1261658).

- CVE-2026-32283: crypto/tls: multiple key update handshake messages can cause connection to deadlock (bsc#1261659).

- CVE-2026-32288: archive/tar: unbounded allocation when parsing old format GNU sparse map (bsc#1261660).

- CVE-2026-32289: html/template: JS template literal context incorrectly tracked (bsc#1261661).

- CVE-2026-33810: crypto/x509: excluded DNS...

Read the Full Advisory

Patch

Package List

- openSUSE Leap 16.0:

go1.26-1.26.2-160000.1.1

go1.26-doc-1.26.2-160000.1.1

go1.26-libstd-1.26.2-160000.1.1

go1.26-race-1.26.2-160000.1.1

References

* bsc#1255111

* bsc#1261653

* bsc#1261654

* bsc#1261655

* bsc#1261656

* bsc#1261657

* bsc#1261658

* bsc#1261659

* bsc#1261660

* bsc#1261661

* bsc#1261662

References:

* https://www.suse.com/security/cve/CVE-2026-27140.html

* https://www.suse.com/security/cve/CVE-2026-27143.html

* https://www.suse.com/security/cve/CVE-2026-27144.html

* https://www.suse.com/security/cve/CVE-2026-32280.html

* https://www.suse.com/security/cve/CVE-2026-32281.html

* https://www.suse.com/security/cve/CVE-2026-32282.html

* https://www.suse.com/security/cve/CVE-2026-32283.html

* https://www.suse.com/security/cve/CVE-2026-32288.html

* https://www.suse.com/security/cve/CVE-2026-32289.html

* https://www.suse.com/security/cve/CVE-2026-33810.html

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: openSUSE-SU-2026:20571-1
Rating: important
Affected Products: openSUSE Leap 16.0 -------------------------------------------------------------

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here