Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -2 articles for you...
203
security advisorycriticalsoftware updateMageia 9 Advisory 2025-0065 Critical: Golang Timing Sidechannel Fix
Timing sidechannel for P-256 on ppc64le in crypto/internal/nistec. (CVE-2025-22866) References: - https://bugs.mageia.org/show_bug.cgi?id=34009 . MGASA-2025-0065 - Updated golang packages fix security vulnerability Publication date: 14 Feb 2025 URL: https://advisories.mageia.org/MGASA-2025-0065.html Type: security Affected Mageia releases: 9 CVE: CVE-2025-22866 Timing sidechannel for P-256 on ppc64le in crypto/internal/nistec. (CVE-2025-22866) References: - https://bugs.mageia.org/show_bug.cgi?id=34009 - - https://www.cve.org/CVERecord?id=CVE-2025-22866 SRPMS: - 9/core/golang-1.22.12-1.mga9 . Recent updates to golang libraries in Mageia 9 have successfully mitigated a significant timing side-channel vulnerability. Discover more about the resolution.. timing Sidechannel,Mageia,golang,security update,ppc64le. . Severity: Critical. LinuxSecurity.com Team
Feb 14, 2025
•Critical
Mageia
202
security advisorymoderatecode executionopenSUSE 15.6: SUSE-SU-2025:0431-1 moderate: go1.24 code execution issue
An update that solves two vulnerabilities and has one security fix can now be installed.. # Security update for go1.24 Announcement ID: SUSE-SU-2025:0431-1 Release Date: 2025-02-11T14:13:49Z Rating: moderate References: * bsc#1236217 * bsc#1236801 * bsc#1236839 Cross-References: * CVE-2025-22866 * CVE-2025-22867 CVSS scores: * CVE-2025-22866 ( SUSE ): 6.0 CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2025-22866 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2025-22866 ( NVD ): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2025-22867 ( SUSE ): 6.8 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N * CVE-2025-22867 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Affected Products: * Development Tools Module 15-SP6 * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP6 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 An update that solves two vulnerabilities and has one security fix can now be installed. ## Description: This update for go1.24 fixes the following issues: * CVE-2025-22866: Fixed timing sidechannel for P-256 on ppc64le (bsc#1236801). * CVE-2025-22867: Fixed arbitrary code execution during build on darwin (bsc#1236839). Other fixes: * go1.2r42 release tracking (bsc#1236217) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2025-431=1 * Development Tools Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP6-2025-431=1 ## Package List: * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64) * go1.24-doc-1.24rc3-150000.1.6.1 * go1.24-race-1.24rc3-150000.1.6.1 * go1.24-1.24rc3-150000.1.6.1 * Development ToolsModule 15-SP6 (aarch64 ppc64le s390x x86_64) * go1.24-doc-1.24rc3-150000.1.6.1 * go1.24-race-1.24rc3-150000.1.6.1 * go1.24-1.24rc3-150000.1.6.1 ## References: * https://www.suse.com/security/cve/CVE-2025-22866.html * https://www.suse.com/security/cve/CVE-2025-22867.html * https://bugzilla.suse.com/show_bug.cgi?id=1236217 * https://bugzilla.suse.com/show_bug.cgi?id=1236801 * https://bugzilla.suse.com/show_bug.cgi?id=1236839 . Keep your openSUSE system secure by promptly updating for two critical vulnerabilities found in go1.24. Act now to enhance your system's security!. Linux Security Updates, OpenSUSE Advisory, Installation Instructions. . LinuxSecurity.com Team
Feb 11, 2025
OpenSUSE
100
security advisorymoderatearbitrary code executionSUSE: 2025:0431-1 moderate: go1.24 code execution and timing issues
* bsc#1236217 * bsc#1236801 * bsc#1236839 Cross-References: . # Security update for go1.24 Announcement ID: SUSE-SU-2025:0431-1 Release Date: 2025-02-11T14:13:49Z Rating: moderate References: * bsc#1236217 * bsc#1236801 * bsc#1236839 Cross-References: * CVE-2025-22866 * CVE-2025-22867 CVSS scores: * CVE-2025-22866 ( SUSE ): 6.0 CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2025-22866 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2025-22866 ( NVD ): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2025-22867 ( SUSE ): 6.8 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N * CVE-2025-22867 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Affected Products: * Development Tools Module 15-SP6 * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP6 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 An update that solves two vulnerabilities and has one security fix can now be installed. ## Description: This update for go1.24 fixes the following issues: * CVE-2025-22866: Fixed timing sidechannel for P-256 on ppc64le (bsc#1236801). * CVE-2025-22867: Fixed arbitrary code execution during build on darwin (bsc#1236839). Other fixes: * go1.2r42 release tracking (bsc#1236217) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2025-431=1 * Development Tools Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP6-2025-431=1 ## Package List: * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64) * go1.24-doc-1.24rc3-150000.1.6.1 * go1.24-race-1.24rc3-150000.1.6.1 * go1.24-1.24rc3-150000.1.6.1 * Development Tools Module 15-SP6 (aarch64ppc64le s390x x86_64) * go1.24-doc-1.24rc3-150000.1.6.1 * go1.24-race-1.24rc3-150000.1.6.1 * go1.24-1.24rc3-150000.1.6.1 ## References: * https://www.suse.com/security/cve/CVE-2025-22866.html * https://www.suse.com/security/cve/CVE-2025-22867.html * https://bugzilla.suse.com/show_bug.cgi?id=1236217 * https://bugzilla.suse.com/show_bug.cgi?id=1236801 * https://bugzilla.suse.com/show_bug.cgi?id=1236839 . The latest security patch for go1.24 resolves significant vulnerabilities in SUSE that impact multiple products. Ensure you apply the suggested updates promptly.. go security update, SUSE advisory 2025, development tools patch, openSUSE security. . LinuxSecurity.com Team
Feb 11, 2025
SuSE
202
security advisorymoderatesoftware updateopenSUSE Leap 15.6: SUSE-SU-2025:0392-1 moderate: go1.22 sidechannel
An update that solves one vulnerability and has one security fix can now be installed.. # Security update for go1.22 Announcement ID: SUSE-SU-2025:0392-1 Release Date: 2025-02-10T07:34:22Z Rating: moderate References: * bsc#1218424 * bsc#1236801 Cross-References: * CVE-2025-22866 CVSS scores: * CVE-2025-22866 ( SUSE ): 6.0 CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2025-22866 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N Affected Products: * Development Tools Module 15-SP6 * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP6 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 An update that solves one vulnerability and has one security fix can now be installed. ## Description: This update for go1.22 fixes the following issues: * CVE-2025-22866: Fixed timing sidechannel for P-256 on ppc64le (bsc#1236801). Bug fixes: * go1.22 release tracking (bsc#1218424) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2025-392=1 * Development Tools Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP6-2025-392=1 ## Package List: * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64) * go1.22-1.22.12-150000.1.42.1 * go1.22-race-1.22.12-150000.1.42.1 * go1.22-doc-1.22.12-150000.1.42.1 * Development Tools Module 15-SP6 (aarch64 ppc64le s390x x86_64) * go1.22-1.22.12-150000.1.42.1 * go1.22-race-1.22.12-150000.1.42.1 * go1.22-doc-1.22.12-150000.1.42.1 ## References: * https://www.suse.com/security/cve/CVE-2025-22866.html * https://bugzilla.suse.com/show_bug.cgi?id=1218424 * https://bugzilla.suse.com/show_bug.cgi?id=1236801 . This notice details animportant security enhancement for go1.22 on openSUSE, targeting a crucial side-channel vulnerability.. openSUSE security advisory, go1.22 update, SUSE patch management, moderate security fix. . LinuxSecurity.com Team
Feb 10, 2025
OpenSUSE
100
security advisorymoderatesoftware updateSUSE: 2025:0392-1 moderate: go1.22 timing sidechannel issue
* bsc#1218424 * bsc#1236801 Cross-References: * CVE-2025-22866 . # Security update for go1.22 Announcement ID: SUSE-SU-2025:0392-1 Release Date: 2025-02-10T07:34:22Z Rating: moderate References: * bsc#1218424 * bsc#1236801 Cross-References: * CVE-2025-22866 CVSS scores: * CVE-2025-22866 ( SUSE ): 6.0 CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2025-22866 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N Affected Products: * Development Tools Module 15-SP6 * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP6 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 An update that solves one vulnerability and has one security fix can now be installed. ## Description: This update for go1.22 fixes the following issues: * CVE-2025-22866: Fixed timing sidechannel for P-256 on ppc64le (bsc#1236801). Bug fixes: * go1.22 release tracking (bsc#1218424) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2025-392=1 * Development Tools Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP6-2025-392=1 ## Package List: * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64) * go1.22-1.22.12-150000.1.42.1 * go1.22-race-1.22.12-150000.1.42.1 * go1.22-doc-1.22.12-150000.1.42.1 * Development Tools Module 15-SP6 (aarch64 ppc64le s390x x86_64) * go1.22-1.22.12-150000.1.42.1 * go1.22-race-1.22.12-150000.1.42.1 * go1.22-doc-1.22.12-150000.1.42.1 ## References: * https://www.suse.com/security/cve/CVE-2025-22866.html * https://bugzilla.suse.com/show_bug.cgi?id=1218424 * https://bugzilla.suse.com/show_bug.cgi?id=1236801 . SUSE updates for go1.22 address timingsidechannel issue; severe impact and patch instructions included.. go1.22 security update,SUSE software advisory,timing sidechannel fix,openSUSE patch. . LinuxSecurity.com Team
Feb 10, 2025
SuSE
100
security advisorymoderateupdateSUSE 15 SP6 Update: 2025:0393-1 moderate: go1.23 timing sidechannel
* bsc#1229122 * bsc#1236801 Cross-References: * CVE-2025-22866 . # Security update for go1.23 Announcement ID: SUSE-SU-2025:0393-1 Release Date: 2025-02-10T07:34:35Z Rating: moderate References: * bsc#1229122 * bsc#1236801 Cross-References: * CVE-2025-22866 CVSS scores: * CVE-2025-22866 ( SUSE ): 6.0 CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2025-22866 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N Affected Products: * Development Tools Module 15-SP6 * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP6 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 An update that solves one vulnerability and has one security fix can now be installed. ## Description: This update for go1.23 fixes the following issues: * CVE-2025-22866: Fixed timing sidechannel for P-256 on ppc64le (bsc#1236801). Bug fixes: * go1.23 release tracking (bsc#1229122) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Development Tools Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP6-2025-393=1 * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2025-393=1 ## Package List: * Development Tools Module 15-SP6 (aarch64 ppc64le s390x x86_64) * go1.23-doc-1.23.6-150000.1.21.1 * go1.23-1.23.6-150000.1.21.1 * go1.23-race-1.23.6-150000.1.21.1 * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64) * go1.23-doc-1.23.6-150000.1.21.1 * go1.23-1.23.6-150000.1.21.1 * go1.23-race-1.23.6-150000.1.21.1 ## References: * https://www.suse.com/security/cve/CVE-2025-22866.html * https://bugzilla.suse.com/show_bug.cgi?id=1229122 * https://bugzilla.suse.com/show_bug.cgi?id=1236801 . The release of go1.23 tackles timing-basedsidechannel vulnerabilities, enhancing overall security measures. Discover further details regarding the resolution.. Linux Security Updates, SUSE Vulnerabilities, Security Fixes for Go, Open Source Security Patches. . LinuxSecurity.com Team
Feb 10, 2025
SuSE
202
security advisorymoderateopenSUSEopenSUSE 15.6: SUSE-SU-2025:0393-1 moderate: go1.23 timing issue
An update that solves one vulnerability and has one security fix can now be installed.. # Security update for go1.23 Announcement ID: SUSE-SU-2025:0393-1 Release Date: 2025-02-10T07:34:35Z Rating: moderate References: * bsc#1229122 * bsc#1236801 Cross-References: * CVE-2025-22866 CVSS scores: * CVE-2025-22866 ( SUSE ): 6.0 CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2025-22866 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N Affected Products: * Development Tools Module 15-SP6 * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP6 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 An update that solves one vulnerability and has one security fix can now be installed. ## Description: This update for go1.23 fixes the following issues: * CVE-2025-22866: Fixed timing sidechannel for P-256 on ppc64le (bsc#1236801). Bug fixes: * go1.23 release tracking (bsc#1229122) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Development Tools Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP6-2025-393=1 * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2025-393=1 ## Package List: * Development Tools Module 15-SP6 (aarch64 ppc64le s390x x86_64) * go1.23-doc-1.23.6-150000.1.21.1 * go1.23-1.23.6-150000.1.21.1 * go1.23-race-1.23.6-150000.1.21.1 * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64) * go1.23-doc-1.23.6-150000.1.21.1 * go1.23-1.23.6-150000.1.21.1 * go1.23-race-1.23.6-150000.1.21.1 ## References: * https://www.suse.com/security/cve/CVE-2025-22866.html * https://bugzilla.suse.com/show_bug.cgi?id=1229122 * https://bugzilla.suse.com/show_bug.cgi?id=1236801 . Critical security patch forgo1.23: essential update addressing timing side-channel vulnerabilities in openSUSE's Development Tools Module.. go1.23 security, openSUSE update, sidechannel fix, SUSE security update. . LinuxSecurity.com Team
Feb 10, 2025
OpenSUSE
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!