Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 61 articles for you...
89
security advisoryfedoraimportantFedora 43 docker-buildx Important Improper Certificate Valid CVE-2026-39984
Update to release v0.34.0 Resolves: rhbz#2467576 Resolves CVE-2026-39984: rhbz#2458930 Upstream new features and fixes. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-6d1dd77956 2026-05-23 15:47:52.432901+00:00 -------------------------------------------------------------------------------- Name : docker-buildx Product : Fedora 43 Version : 0.34.0 Release : 1.fc43 URL : https://github.com/docker/buildx Summary : Docker CLI plugin for extended build capabilities with BuildKit Description : Docker CLI plugin for extended build capabilities with BuildKit. -------------------------------------------------------------------------------- Update Information: Update to release v0.34.0 Resolves: rhbz#2467576 Resolves CVE-2026-39984: rhbz#2458930 Upstream new features and fixes -------------------------------------------------------------------------------- ChangeLog: * Wed May 13 2026 Bradley G Smith - 0.34.0-1 - Update to release v0.34.0 - Resolves: rhbz#2467576 - Resolves CVE-2026-39984: rhbz#2458930 - Upstream new features and fixes * Thu Apr 2 2026 Bradley G Smith - 0.33.0-2 - Update to new spec file - Regenerate spec file using go2rpm - Use gocheck2. Current v0.33.0 release will sometimes fail during check phase with an https related test. No obvious pattern related to architecture. gocheck2 will allow for test to be skipped if needed -------------------------------------------------------------------------------- References: [ 1 ] Bug #2458930 - CVE-2026-39984 docker-buildx: improper certificate validation in verifier [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2458930 [ 2 ] Bug #2467576 - docker-buildx-0.34.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2467576 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su-c 'dnf upgrade --advisory FEDORA-2026-6d1dd77956' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
May 23, 2026
•Important
Fedora
89
security advisoryfedoracriticalFedora 43 rust-rustls-webpki Urgent Patch RUSTSEC-2026-0050
Update to version 0.103.10. Addresses RUSTSEC-2026-0049. Update to version 0.103.9.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-efe3ef6f55 2026-04-02 01:05:52.796839+00:00 -------------------------------------------------------------------------------- Name : rust-rustls-webpki Product : Fedora 43 Version : 0.103.10 Release : 1.fc43 URL : https://crates.io/crates/rustls-webpki Summary : Web PKI X.509 Certificate Verification Description : Web PKI X.509 Certificate Verification. -------------------------------------------------------------------------------- Update Information: Update to version 0.103.10. Addresses RUSTSEC-2026-0049. Update to version 0.103.9. -------------------------------------------------------------------------------- ChangeLog: * Tue Mar 24 2026 Fabio Valentini - 0.103.10-1 - Update to version 0.103.10; Fixes RHBZ#2449815 * Wed Mar 18 2026 Fabio Valentini - 0.103.9-1 - Update to version 0.103.9; Fixes RHBZ#2430422 * Sat Jan 17 2026 Fedora Release Engineering - 0.103.8-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-efe3ef6f55' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Apr 02, 2026
•Critical
Fedora
89
security advisoryfedoraapplication updateFedora 44 rust-reqsign 0.20.0 Update Networking Changes 2026-b8b59dcf44
Update uv and python-uv-build to 0.11.2. Version 0.11 includes changes to the networking stack used by uv. While its developers think that breakage will be rare, it is possible that these changes will result in the rejection of certificates previously trusted by uv so, they have marked the change as breaking out of an abundance of caution. The changes are largely driven by the. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-b8b59dcf44 2026-03-28 00:15:26.019955+00:00 -------------------------------------------------------------------------------- Name : rust-reqsign Product : Fedora 44 Version : 0.20.0 Release : 1.fc44 URL : https://crates.io/crates/reqsign Summary : Signing HTTP requests for popular cloud services Description : Signing HTTP requests for AWS, Azure, Google, Huawei, Aliyun, Tencent and Oracle services. -------------------------------------------------------------------------------- Update Information: Update uv and python-uv-build to 0.11.2. Version 0.11 includes changes to the networking stack used by uv. While its developers think that breakage will be rare, it is possible that these changes will result in the rejection of certificates previously trusted by uv so, they have marked the change as breaking out of an abundance of caution. The changes are largely driven by the upgrade of reqwest, which powers uv's HTTP clients, to v0.13, which included some breaking changes to TLS certificate verification. This update also includes updates for several of uv\u2019s Rust library dependencies. Update rust-openssl-probe to 0.2.1, including breaking changes introduced in 0.2.0, and introduce a new rust-openssl-probe0.1 compat package. Update rust-rustls-native-certs to 0.8.3, now using openssl-probe 0.2. Update rust-native-tls to 0.2.18. Version 0.2.16 added TLS 1.3 as an option, added stack_from_pem, and upgraded openssl-probe to 0.2. Version 0.2.17 added support for ALPN on the server side.Version 0.2.18 fixed min/max protocol selection fallback for very old OpenSSL versions. Add an initial package for rust-webpki-root-certs. -------------------------------------------------------------------------------- ChangeLog: * Tue Mar 24 2026 Benjamin A. Beasley - 0.20.0-1 - Update to version 0.20.0; Fixes RHBZ#2432770 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2425802 - rust-openssl-probe-0.2.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=2425802 [ 2 ] Bug #2425819 - rust-rustls-native-certs-0.8.3 is available https://bugzilla.redhat.com/show_bug.cgi?id=2425819 [ 3 ] Bug #2432768 - rust-reqsign-aliyun-oss-3.0.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2432768 [ 4 ] Bug #2432769 - rust-reqsign-core-3.0.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2432769 [ 5 ] Bug #2432770 - rust-reqsign-0.20.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2432770 [ 6 ] Bug #2432771 - rust-reqsign-azure-storage-3.0.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2432771 [ 7 ] Bug #2432772 - rust-reqsign-http-send-reqwest-4.0.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2432772 [ 8 ] Bug #2432773 - rust-reqsign-google-3.0.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2432773 [ 9 ] Bug #2432774 - rust-reqsign-file-read-tokio-3.0.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2432774 [ 10 ] Bug #2432775 - rust-reqsign-command-execute-tokio-3.0.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2432775 [ 11 ] Bug #2432776 - rust-reqsign-aws-v4-3.0.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2432776 [ 12 ] Bug #2432777 - rust-reqsign-huaweicloud-obs-3.0.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2432777 [ 13 ] Bug #2432779 - rust-reqsign-tencent-cos-3.0.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2432779 [ 14 ] Bug #2436289 - rust-ambient-id-0.0.11 is available https://bugzilla.redhat.com/show_bug.cgi?id=2436289 [ 15 ] Bug #2437941 - rust-astral-reqwest-middleware-0.5.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=2437941 [ 16 ] Bug #2437942 - rust-astral-reqwest-retry-0.9.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=2437942 [ 17 ] Bug #2437976 - rust-astral_async_http_range_reader-0.10.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2437976 [ 18 ] Bug #2439752 - rust-native-tls-0.2.18 is available https://bugzilla.redhat.com/show_bug.cgi?id=2439752 [ 19 ] Bug #2450541 - python-uv-build-0.11.2 is available https://bugzilla.redhat.com/show_bug.cgi?id=2450541 [ 20 ] Bug #2450582 - uv-0.11.2 is available https://bugzilla.redhat.com/show_bug.cgi?id=2450582 [ 21 ] Bug #2451103 - Review Request: rust-webpki-root-certs - Mozilla trusted certificate authorities in self-signed X.509 format https://bugzilla.redhat.com/show_bug.cgi?id=2451103 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-b8b59dcf44' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- . Update announcement for Fedora's rust-reqsign addressing networking adjustments affecting certificate validation.. Fedora update, rust-reqsign, certificate validation, application security, networking. . Severity: Important. LinuxSecurity.com Team
Mar 28, 2026
•Important
Fedora
87
security advisoryimportantman-in-the-middleDebian Trixie OpenJDK Important Man-in-the-Middle Attacks DSA-6119-1
Several vulnerabilities have been discovered in the OpenJDK Java runtime, which may result in incorrect certificate validation, CRLF injection or man-in-the-middle attacks. For the stable distribution (trixie), these problems have been fixed in version 25.0.2+10-1~deb13u2. This version of OpenJDK now also requires. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6119-1
Feb 05, 2026
•Important
Debian
87
security advisoryman-in-the-middlecrlf injectionCritical Issues with Debian Trixie OpenJDK-21 DSA-6112-1 Announcement
Several vulnerabilities have been discovered in the OpenJDK Java runtime, which may result in incorrect certificate validation, CRLF injection or man-in-the-middle attacks. For the stable distribution (trixie), these problems have been fixed in version 21.0.10+7-1~deb13u1.. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6112-1
Jan 27, 2026
•Critical
Debian
197
security advisorydebianimportantDebian 11 OpenJDK Important Security Update DLA-4456-1 CVE-2026-21925
Several vulnerabilities have been discovered in the OpenJDK Java runtime, which may result in incorrect certificate validation, CRLF injection or man-in-the-middle attacks. For Debian 11 bullseye, these problems have been fixed in version 17.0.18+8-1~deb11u1.. Debian LTS Advisory DLA-4456-1
Jan 26, 2026
•Important
Debian LTS
202
security advisoryimportantcryptoopenSUSE: Addressing go1.25 Resource Issues and Crypto Vulnerabilities
An update that solves two vulnerabilities and has three security fixes can now be installed.. # Security update for go1.25 Announcement ID: SUSE-SU-2025:4336-1 Release Date: 2025-12-09T23:50:46Z Rating: important References: * bsc#1244485 * bsc#1245878 * bsc#1254227 * bsc#1254430 * bsc#1254431 Cross-References: * CVE-2025-61727 * CVE-2025-61729 CVSS scores: * CVE-2025-61727 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-61727 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-61727 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2025-61729 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-61729 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-61729 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * Development Tools Module 15-SP6 * Development Tools Module 15-SP7 * openSUSE Leap 15.6 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Desktop 15 SP6 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP5 LTSS * SUSE Linux Enterprise Server 15 SP6 * SUSELinux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves two vulnerabilities and has three security fixes can now be installed. ## Description: This update for go1.25 fixes the following issues: go1.25.5 (released 2025-12-02) includes two security fixes to the crypto/x509 package, as well as bug fixes to the mime and os packages. (bsc#1244485) CVE-2025-61729 CVE-2025-61727: * go#76461 go#76445 bsc#1254431 security: fix CVE-2025-61729 crypto/x509: excessive resource consumption in printing error string for host certificate validation * go#76464 go#76442 bsc#1254430 security: fix CVE-2025-61727 crypto/x509: excluded subdomain constraint doesn't preclude wildcard SAN * go#76245 mime: FormatMediaType and ParseMediaType not compatible across 1.24 to 1.25 * go#76360 os: on windows RemoveAll removing directories containing read-only files errors with unlinkat ... Access is denied, ReOpenFile error handling followup * Packaging: Migrate from update-alternatives to libalternatives (bsc#1245878) * This is an optional migration controlled via prjconf definition with_libalternatives * If with_libalternatives is not defined packaging continues to use update- alternatives go1.25.4 (released 2025-11-05) includes fixes to the compiler, the runtime, and the crypto/subtle, encoding/pem, net/url, and os packages. (bsc#1244485) * go#75480 cmd/link: linker panic and relocation errors with complex generics inlining * go#75775 runtime: build fails when run via QEMU for linux/amd64 running on linux/arm64 * go#75790 crypto/internal/fips140/subtle: Go 1.25 subtle.xorBytes panic on MIPS * go#75832 net/url: ipv4 mapped ipv6 addresses should be valid in square brackets * go#75952 encoding/pem: regression when decoding blocks with leading garbage * go#75989 os: on windows RemoveAll removing directories containing read-only files errors with unlinkat ... Access is denied * go#76010 cmd/compile: any(func(){})==any(func(){}) does not panic but should * go#76029 pem/encoding: malformed line endings can cause panics ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Development Tools Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP7-2025-4336=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2025-4336=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2025-4336=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2025-4336=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2025-4336=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2025-4336=1 * SUSE Linux Enterprise Server 15 SP3 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2025-4336=1 * SUSE Linux Enterprise Server 15 SP4 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-4336=1 * SUSE Linux Enterprise Server 15 SP5 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2025-4336=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2025-4336=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2025-4336=1 * SUSE Linux Enterprise Server for SAP Applications 15SP5 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2025-4336=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2025-4336=1 * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2025-4336=1 * Development Tools Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP6-2025-4336=1 ## Package List: * Development Tools Module 15-SP7 (aarch64 ppc64le s390x x86_64) * go1.25-1.25.5-150000.1.23.1 * go1.25-doc-1.25.5-150000.1.23.1 * go1.25-race-1.25.5-150000.1.23.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * go1.25-1.25.5-150000.1.23.1 * go1.25-doc-1.25.5-150000.1.23.1 * go1.25-race-1.25.5-150000.1.23.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 x86_64) * go1.25-1.25.5-150000.1.23.1 * go1.25-doc-1.25.5-150000.1.23.1 * go1.25-race-1.25.5-150000.1.23.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 x86_64) * go1.25-1.25.5-150000.1.23.1 * go1.25-doc-1.25.5-150000.1.23.1 * go1.25-race-1.25.5-150000.1.23.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64 x86_64) * go1.25-1.25.5-150000.1.23.1 * go1.25-doc-1.25.5-150000.1.23.1 * go1.25-race-1.25.5-150000.1.23.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64 x86_64) * go1.25-1.25.5-150000.1.23.1 * go1.25-doc-1.25.5-150000.1.23.1 * go1.25-race-1.25.5-150000.1.23.1 * SUSE Linux Enterprise Server 15 SP3 LTSS (aarch64 ppc64le s390x x86_64) * go1.25-1.25.5-150000.1.23.1 * go1.25-doc-1.25.5-150000.1.23.1 * go1.25-race-1.25.5-150000.1.23.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64) * go1.25-1.25.5-150000.1.23.1 * go1.25-doc-1.25.5-150000.1.23.1 * go1.25-race-1.25.5-150000.1.23.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64) * go1.25-1.25.5-150000.1.23.1 *go1.25-doc-1.25.5-150000.1.23.1 * go1.25-race-1.25.5-150000.1.23.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * go1.25-1.25.5-150000.1.23.1 * go1.25-doc-1.25.5-150000.1.23.1 * go1.25-race-1.25.5-150000.1.23.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64) * go1.25-1.25.5-150000.1.23.1 * go1.25-doc-1.25.5-150000.1.23.1 * go1.25-race-1.25.5-150000.1.23.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64) * go1.25-1.25.5-150000.1.23.1 * go1.25-doc-1.25.5-150000.1.23.1 * go1.25-race-1.25.5-150000.1.23.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * go1.25-1.25.5-150000.1.23.1 * go1.25-doc-1.25.5-150000.1.23.1 * go1.25-race-1.25.5-150000.1.23.1 * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64) * go1.25-1.25.5-150000.1.23.1 * go1.25-doc-1.25.5-150000.1.23.1 * go1.25-race-1.25.5-150000.1.23.1 * Development Tools Module 15-SP6 (aarch64 ppc64le s390x x86_64) * go1.25-1.25.5-150000.1.23.1 * go1.25-doc-1.25.5-150000.1.23.1 * go1.25-race-1.25.5-150000.1.23.1 ## References: * https://www.suse.com/security/cve/CVE-2025-61727.html * https://www.suse.com/security/cve/CVE-2025-61729.html * https://bugzilla.suse.com/show_bug.cgi?id=1244485 * https://bugzilla.suse.com/show_bug.cgi?id=1245878 * https://bugzilla.suse.com/show_bug.cgi?id=1254227 * https://bugzilla.suse.com/show_bug.cgi?id=1254430 * https://bugzilla.suse.com/show_bug.cgi?id=1254431 . Update for go1.25 on openSUSE addresses important vulnerabilities with a focus on crypto and resource issues.. openSUSE security update, go1.25 vulnerabilities, SUSE patch management. . Severity: Important. LinuxSecurity.com Team
Dec 10, 2025
•Important
OpenSUSE
100
security advisorySuSEimportantSUSE: go1.24 Vital Security Updates for Resources CVE-2025-61727, 61729
* bsc#1236217 * bsc#1245878 * bsc#1254430 * bsc#1254431 . # Security update for go1.24 Announcement ID: SUSE-SU-2025:4337-1 Release Date: 2025-12-09T23:52:03Z Rating: important References: * bsc#1236217 * bsc#1245878 * bsc#1254430 * bsc#1254431 Cross-References: * CVE-2025-61727 * CVE-2025-61729 CVSS scores: * CVE-2025-61727 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-61727 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-61727 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2025-61729 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-61729 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-61729 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * Development Tools Module 15-SP6 * Development Tools Module 15-SP7 * openSUSE Leap 15.6 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Desktop 15 SP6 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP5 LTSS * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP7 * SUSE LinuxEnterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves two vulnerabilities and has two security fixes can now be installed. ## Description: This update for go1.24 fixes the following issues: go1.24.11 (released 2025-12-02) includes two security fixes to the crypto/x509 package, as well as bug fixes to the runtime. (bsc#1236217) CVE-2025-61727 CVE-2025-61729: * go#76460 go#76445 bsc#1254431 security: fix CVE-2025-61729 crypto/x509: excessive resource consumption in printing error string for host certificate validation * go#76463 go#76442 bsc#1254430 security: fix CVE-2025-61727 crypto/x509: excluded subdomain constraint doesn't preclude wildcard SAN * go#76378 internal/cpu: incorrect CPU features bit parsing on loong64 cause illegal instruction core dumps on LA364 cores * Packaging: Migrate from update-alternatives to libalternatives (bsc#1245878) * This is an optional migration controlled via prjconf definition with_libalternatives * If with_libalternatives is not defined packaging continues to use update- alternatives ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2025-4337=1 * Development Tools Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP6-2025-4337=1 * Development Tools Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP7-2025-4337=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2025-4337=1 * SUSE Linux Enterprise High PerformanceComputing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2025-4337=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2025-4337=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2025-4337=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2025-4337=1 * SUSE Linux Enterprise Server 15 SP3 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2025-4337=1 * SUSE Linux Enterprise Server 15 SP4 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-4337=1 * SUSE Linux Enterprise Server 15 SP5 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2025-4337=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2025-4337=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2025-4337=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2025-4337=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2025-4337=1 ## Package List: * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64) * go1.24-1.24.11-150000.1.50.1 * go1.24-race-1.24.11-150000.1.50.1 * go1.24-doc-1.24.11-150000.1.50.1 * Development Tools Module 15-SP6 (aarch64 ppc64le s390x x86_64) * go1.24-1.24.11-150000.1.50.1 * go1.24-race-1.24.11-150000.1.50.1 * go1.24-doc-1.24.11-150000.1.50.1 * Development Tools Module 15-SP7 (aarch64 ppc64le s390x x86_64) * go1.24-1.24.11-150000.1.50.1 * go1.24-race-1.24.11-150000.1.50.1 * go1.24-doc-1.24.11-150000.1.50.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * go1.24-1.24.11-150000.1.50.1 *go1.24-race-1.24.11-150000.1.50.1 * go1.24-doc-1.24.11-150000.1.50.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 x86_64) * go1.24-1.24.11-150000.1.50.1 * go1.24-race-1.24.11-150000.1.50.1 * go1.24-doc-1.24.11-150000.1.50.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 x86_64) * go1.24-1.24.11-150000.1.50.1 * go1.24-race-1.24.11-150000.1.50.1 * go1.24-doc-1.24.11-150000.1.50.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64 x86_64) * go1.24-1.24.11-150000.1.50.1 * go1.24-race-1.24.11-150000.1.50.1 * go1.24-doc-1.24.11-150000.1.50.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64 x86_64) * go1.24-1.24.11-150000.1.50.1 * go1.24-race-1.24.11-150000.1.50.1 * go1.24-doc-1.24.11-150000.1.50.1 * SUSE Linux Enterprise Server 15 SP3 LTSS (aarch64 ppc64le s390x x86_64) * go1.24-1.24.11-150000.1.50.1 * go1.24-race-1.24.11-150000.1.50.1 * go1.24-doc-1.24.11-150000.1.50.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64) * go1.24-1.24.11-150000.1.50.1 * go1.24-race-1.24.11-150000.1.50.1 * go1.24-doc-1.24.11-150000.1.50.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64) * go1.24-1.24.11-150000.1.50.1 * go1.24-race-1.24.11-150000.1.50.1 * go1.24-doc-1.24.11-150000.1.50.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * go1.24-1.24.11-150000.1.50.1 * go1.24-race-1.24.11-150000.1.50.1 * go1.24-doc-1.24.11-150000.1.50.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64) * go1.24-1.24.11-150000.1.50.1 * go1.24-race-1.24.11-150000.1.50.1 * go1.24-doc-1.24.11-150000.1.50.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64) * go1.24-1.24.11-150000.1.50.1 * go1.24-race-1.24.11-150000.1.50.1 * go1.24-doc-1.24.11-150000.1.50.1 * SUSE EnterpriseStorage 7.1 (aarch64 x86_64) * go1.24-1.24.11-150000.1.50.1 * go1.24-race-1.24.11-150000.1.50.1 * go1.24-doc-1.24.11-150000.1.50.1 ## References: * https://www.suse.com/security/cve/CVE-2025-61727.html * https://www.suse.com/security/cve/CVE-2025-61729.html * https://bugzilla.suse.com/show_bug.cgi?id=1236217 * https://bugzilla.suse.com/show_bug.cgi?id=1245878 * https://bugzilla.suse.com/show_bug.cgi?id=1254430 * https://bugzilla.suse.com/show_bug.cgi?id=1254431 . SUSE Security Update for go1.24 fixes critical issues and ensures system safety with important vulnerabilities addressed.. SUSE Linux, go1.24 updates, security issues, software patching. . Severity: Important. LinuxSecurity.com Team
Dec 10, 2025
•Important
SuSE
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!