Alerts This Week
Warning Icon 1 876
Alerts This Week
Warning Icon 1 876

SUSE go1.24 Critical Security Flaws and Fixes Advisory 2026-0426-1

suse
Calendar Grey February 11, 2026
Dist Suse Esm H88
Critical go1.24 security update addresses three significant flaws with potential for code execution and session issues.
An update that solves three vulnerabilities and has one security fix can now be installed.

Summary

## This update for go1.24 fixes the following issues: Update to version 1.24.13. Security issues fixed: * CVE-2025-61732: cmd/go: discrepancy between Go and C/C++ comment parsing allows for C code smuggling (bsc#1257692). * CVE-2025-68121: crypto/tls: Config.Clone copies automatically generated session ticket keys, session resumption does not account for the expiration of full certificate chain (bsc#1256818). * CVE-2025-68119: cmd/go: unexpected code execution when invoking toolchain (bsc1256820). Other updates and bugfixes: * version update to 1.24.13: * go#77323 crypto/x509: single-label excluded DNS name constraints incorrectly match all wildcard SANs * go#77424 crypto/tls: CL 737700 broke session resumption on macOS ## Patch Instructions:

Topics%20covered

Topics Covered

security advisory critical SuSE code execution session ticket Go

References

* bsc#1236217

* bsc#1256818

* bsc#1256820

* bsc#1257692

Cross-

* CVE-2025-61732

* CVE-2025-68119

* CVE-2025-68121

CVSS scores:

* CVE-2025-61732 ( SUSE ): 9.4

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

* CVE-2025-61732 ( SUSE ): 9.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

* CVE-2025-61732 ( NVD ): 8.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

* CVE-2025-68119 ( SUSE ): 7.1

CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

* CVE-2025-68119 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

* CVE-2025-68119 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

* CVE-2025-68121 ( SUSE ): 7.6

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

Severity
critical
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2026:0426-1
Release Date: 2026-02-11T08:31:19Z
Rating: critical

Topics%20covered

Topics Covered

security advisory critical SuSE code execution session ticket Go

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here