SUSE 2026 1862-1 Go1.25 Important Security Updates DoS CVE-2026-33811

suse

May 15, 2026

An update that solves 11 vulnerabilities and has two security fixes can now be installed.

Summary

## This update for go1.25 fixes the following issues Security issues: * CVE-2026-33811: net: crash when handling long CNAME response (bsc#1264508). * CVE-2026-33814: net/http: infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE (bsc#1264506). * CVE-2026-39817: cmd/go: "go tool pack" does not sanitize output paths (bsc#1264505). * CVE-2026-39819: cmd/go: "go bug" follows symlinks in predictable temporary filenames (bsc#1264504). * CVE-2026-39820: net/mail: quadratic string concatentation in consumeComment (bsc#1264503). * CVE-2026-39823: html/template: bypass of meta content URL escaping causes XSS (bsc#1264509). * CVE-2026-39825: net/http/httputil: ReverseProxy forwards queries with more than urlmaxqueryparams parameters (bsc#1264500).

Topics Covered

security advisory security issue SuSE DoS important Go

References

* bsc#1170826

* bsc#1244485

* bsc#1264499

* bsc#1264500

* bsc#1264501

* bsc#1264502

* bsc#1264503

* bsc#1264504

* bsc#1264505

* bsc#1264506

* bsc#1264507

* bsc#1264508

* bsc#1264509

Cross-

* CVE-2026-33811

* CVE-2026-33814

* CVE-2026-39817

* CVE-2026-39819

* CVE-2026-39820

* CVE-2026-39823

* CVE-2026-39825

* CVE-2026-39826

* CVE-2026-39836

* CVE-2026-42499

* CVE-2026-42501

CVSS scores:

* CVE-2026-33811 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

* CVE-2026-33811 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

* CVE-2026-33814 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

* CVE-2026-33814 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Severity

important

Lowest

Low

Medium

High

Critical

Announcement ID: SUSE-SU-2026:1862-1

Release Date: 2026-05-14T22:34:21Z

Rating: important

Topics Covered

security advisory security issue SuSE DoS important Go

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Like staying secure? So do we.
Sign up for updates, tips, and alerts!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

SUSE 2026 1862-1 Go1.25 Important Security Updates DoS CVE-2026-33811

Summary

Topics Covered

References

Topics Covered

Get the latest News and Insights

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

SUSE 2026 1862-1 Go1.25 Important Security Updates DoS CVE-2026-33811

Summary

Topics Covered

References

Topics Covered

Get the latest News and Insights

Related Articles

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!