Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 510
Alerts This Week
Warning Icon 1 510

SUSE go1.24 Critical Security Update for Execution Risks 2026-20429-1

suse
Calendar Grey February 18, 2026
Dist Suse Esm H88
Critical update for SUSE fixes three major issues in go1.24 ensuring better security and stability.
An update that solves three vulnerabilities and has one fix can now be installed.

Summary

## This update for go1.24 fixes the following issues: Update to version 1.24.13. Security issues fixed: * CVE-2025-61732: cmd/go: discrepancy between Go and C/C++ comment parsing allows for C code smuggling (bsc#1257692). * CVE-2025-68121: crypto/tls: Config.Clone copies automatically generated session ticket keys, session resumption does not account for the expiration of full certificate chain (bsc#1256818). * CVE-2025-68119: cmd/go: unexpected code execution when invoking toolchain (bsc1256820). Other updates and bugfixes: * version update to 1.24.13: * go#77323 crypto/x509: single-label excluded DNS name constraints incorrectly match all wildcard SANs * go#77424 crypto/tls: CL 737700 broke session resumption on macOS ## Patch Instructions:

References

* bsc#1236217

* bsc#1256818

* bsc#1256820

* bsc#1257692

Cross-

* CVE-2025-61732

* CVE-2025-68119

* CVE-2025-68121

CVSS scores:

* CVE-2025-61732 ( SUSE ): 9.4

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

* CVE-2025-61732 ( SUSE ): 9.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

* CVE-2025-61732 ( NVD ): 8.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

* CVE-2025-68119 ( SUSE ): 7.1

CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

* CVE-2025-68119 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

* CVE-2025-68119 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

* CVE-2025-68121 ( SUSE ): 7.6

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

Severity
critical
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2026:20429-1
Release Date: 2026-02-13T11:53:30Z
Rating: critical

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.