Alerts This Week
Warning Icon 1 485
Alerts This Week
Warning Icon 1 485

SUSE 15 SP6: Important Security Update for go1.24-openssl Issues Fixed

suse
Calendar Grey September 11, 2025
Dist Suse Esm H88
An urgent security patch for version go1.24-openssl addresses serious vulnerabilities in SUSE platforms and necessitates immediate implementation.
* bsc#1236217 * bsc#1244156 * bsc#1244157 * bsc#1244158 * bsc#1246118

Summary

## This security update of go1.24-openssl fixes the following issues: Update to version 1.24.6 cut from the go1.24-fips-release branch at the revision tagged go1.24.6-1-openssl-fips. Refs jsc#SLE-18320 * Fix HKDF-Extract The latest OpenSSL in c9s/c10s requires nil salt to be passed as a hash length buffer of zeros. go1.24.6 (released 2025-08-06) includes security fixes to the database/sql and os/exec packages, as well as bug fixes to the runtime. ( boo#1236217 go1.24 release tracking) CVE-2025-47906 CVE-2025-47907: * go#74804 go#74466 boo#1247719 security: fix CVE-2025-47906 os/exec: LookPath bug: incorrect expansion of "", "." and ".." in some PATH configurations * go#74833 go#74831 boo#1247720 security: fix CVE-2025-47907 database/sql: incorrect results returned from Rows.Scan

References

* bsc#1236217

* bsc#1244156

* bsc#1244157

* bsc#1244158

* bsc#1246118

* bsc#1247719

* bsc#1247720

* jsc#SLE-18320

Cross-

* CVE-2025-0913

* CVE-2025-22874

* CVE-2025-4673

* CVE-2025-4674

* CVE-2025-47906

* CVE-2025-47907

CVSS scores:

* CVE-2025-0913 ( SUSE ): 6.8

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

* CVE-2025-0913 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

* CVE-2025-0913 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

* CVE-2025-22874 ( SUSE ): 8.2

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

* CVE-2025-22874 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

* CVE-2025-22874 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

* CVE-2025-4673 ( SUSE ): 8.9

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2025:03158-1
Release Date: 2025-09-11T03:04:54Z
Rating: important

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here