Alerts This Week
Warning Icon 1 916
Alerts This Week
Warning Icon 1 916

SUSE 2026 0977-1 go1.25-openssl Important Security Update Released

suse
Calendar Grey March 24, 2026
Dist Suse Esm H88
SUSE announces critical update for go1.25-openssl addressing five vulnerabilities and enhancing security features.
An update that solves five vulnerabilities, contains one feature and has one security fix can now be installed.

Summary

## This update for go1.25-openssl fixes the following issues: Update to go 1.25.8 (bsc#1244485, jsc#SLE-18320): * CVE-2025-61732: cmd/cgo: discrepancy between Go and C/C++ comment parsing allows for C code smuggling (bsc#1257692). * CVE-2025-68121: crypto/tls: Config.Clone copies automatically generated session ticket keys, session resumption does not account for the expiration of full certificate chain (bsc#1256818). * CVE-2026-25679: net/url: reject IPv6 literal not at start of host (bsc#1259264). * CVE-2026-27139: os: FileInfo can escape from a Root (bsc#1259268). * CVE-2026-27142: html/template: URLs in meta content attribute actions are not escaped (bsc#1259265). Changelog: * go#77253 cmd/compile: miscompile of global array initialization

Topics%20covered

Topics Covered

security advisory security issue critical SuSE DoS OpenSSL

References

* bsc#1244485

* bsc#1256818

* bsc#1257692

* bsc#1259264

* bsc#1259265

* bsc#1259268

* jsc#SLE-18320

Cross-

* CVE-2025-61732

* CVE-2025-68121

* CVE-2026-25679

* CVE-2026-27139

* CVE-2026-27142

CVSS scores:

* CVE-2025-61732 ( SUSE ): 9.4

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

* CVE-2025-61732 ( SUSE ): 9.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

* CVE-2025-61732 ( NVD ): 8.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

* CVE-2025-68121 ( SUSE ): 7.6

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

* CVE-2025-68121 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

* CVE-2025-68121 ( NVD ): 10.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

* CVE-2025-68121 ( NVD ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

Severity
critical
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2026:0977-1
Release Date: 2026-03-23T16:35:18Z
Rating: critical

Topics%20covered

Topics Covered

security advisory security issue critical SuSE DoS OpenSSL

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here