Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 528
Alerts This Week
Warning Icon 1 528

SUSE go1.25 Important Security Update Patch 2026-2817-1

suse
Calendar Grey July 10, 2026
Dist Suse Esm H88
Install the important security update for Go 1.25 which addresses five issues with new features and fixes.
An update that solves five vulnerabilities, contains one feature and has three security fixes can now be installed.

Summary

## This update for go1.25 fixes the following issues * Update to version go1.25.12 (bsc#1244485). * CVE-2026-25679: net/url: reject IPv6 literal not at start of host (bsc#1259264). * CVE-2026-27139: os: FileInfo can escape from a Root (bsc#1259268). * CVE-2026-27142: html/template: URLs in meta content attribute actions are not escaped (bsc#1259265). * CVE-2026-39822: os: Root escape via symlink plus trailing slash (bsc#1271014). * CVE-2026-42505: crypto/tls: omit PSK in ECH outer client hello (bsc#1271015). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server for SAP Applications 15 SP4

References

* bsc#1244485

* bsc#1245878

* bsc#1259264

* bsc#1259265

* bsc#1259268

* bsc#1264394

* bsc#1271014

* bsc#1271015

* jsc#PED-1962

Cross-

* CVE-2026-25679

* CVE-2026-27139

* CVE-2026-27142

* CVE-2026-39822

* CVE-2026-42505

CVSS scores:

* CVE-2026-25679 ( SUSE ): 4.6

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

* CVE-2026-25679 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

* CVE-2026-25679 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

* CVE-2026-25679 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

* CVE-2026-27139 ( SUSE ): 4.8

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

* CVE-2026-27139 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2026:2817-1
Release Date: 2026-07-09T17:08:22Z
Rating: important

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.