Alerts This Week
Warning Icon 1 764
Alerts This Week
Warning Icon 1 764

SUSE: Important Patch for CVE-2025-47906 and 2025:03115-1 Vulnerabilities

suse
Calendar Grey September 9, 2025
Dist Suse Esm H88
Important revision for version 1.25 of OpenSSL tackling significant vulnerabilities and reinforcing system security dated 2025-09-09.
* bsc#1244485 * bsc#1246118 * bsc#1247719 * bsc#1247720 * bsc#1247816

Summary

## This update for go1.25-openssl fixes the following issues: Update to version 1.25.0 cut from the go1.25-fips-release branch at the revision tagged go1.25.0-1-openssl-fips. ( jsc#SLE-18320 ) * Rebase to 1.25.0 * Fix HKDF-Extract The latest OpenSSL in c9s/c10s requires nil salt to be passed as a hash length buffer of zeros. go1.25 (released 2025-08-12) is a major release of Go. go1.25.x minor releases will be provided through August 2026. https://github.com/golang/go/wiki/ Release-Cycle go1.25 arrives six months after Go 1.24. Most of its changes are in the implementation of the toolchain, runtime, and libraries. As always, the release maintains the Go 1 promise of compatibility. We expect almost all Go programs to continue to compile and run as before. ( bsc#1244485 go1.25 release tracking )

Topics%20covered

Topics Covered

security advisory security issue SuSE OpenSSL important threat mitigation

References

* bsc#1244485

* bsc#1246118

* bsc#1247719

* bsc#1247720

* bsc#1247816

* bsc#1248082

* jsc#SLE-18320

Cross-

* CVE-2025-4674

* CVE-2025-47906

* CVE-2025-47907

CVSS scores:

* CVE-2025-4674 ( SUSE ): 9.3

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

* CVE-2025-4674 ( SUSE ): 8.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

* CVE-2025-4674 ( NVD ): 8.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

* CVE-2025-47906 ( SUSE ): 2.1

CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

* CVE-2025-47906 ( SUSE ): 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

* CVE-2025-47907 ( SUSE ): 2.1

CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

* CVE-2025-47907 ( SUSE ): 5.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2025:03115-1
Release Date: 2025-09-09T10:37:53Z
Rating: important

Topics%20covered

Topics Covered

security advisory security issue SuSE OpenSSL important threat mitigation

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here