Explore top 10 tips to secure your open-source projects now. Read More
×
## This update for go1.26 fixes the following issues * Update to version go1.26.5 (bsc#1255111) * CVE-2026-39822: os: Root escape via symlink plus trailing slash (bsc#1271014). * CVE-2026-42505: crypto/tls: omit PSK in ECH outer client hello (bsc#1271015). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-2818=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-2818=1 * SUSE Linux Enterprise Server 15 SP4 LTSS
* bsc#1245878
* bsc#1255111
* bsc#1264395
* bsc#1271014
* bsc#1271015
* jsc#PED-1962
Cross-
* CVE-2026-39822
* CVE-2026-42505
CVSS scores:
* CVE-2026-39822 ( SUSE ): 7.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
* CVE-2026-39822 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-42505 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
* CVE-2026-42505 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Affected Products:
* Development Tools Module 15-SP7
* SUSE Linux Enterprise Desktop 15 SP7
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
Get the latest Linux and open source security news straight to your inbox.