Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2025-61731 (GCVE-0-2025-61731)
Vulnerability from cvelistv5 – Published: 2026-01-28 19:30 – Updated: 2026-07-01 12:05
VLAI
EPSS
Title
Arbitrary file write using cgo pkg-config directive in cmd/go
Summary
Building a malicious file with cmd/go can cause can cause a write to an attacker-controlled file with partial control of the file content. The "#cgo pkg-config:" directive in a Go source file provides command-line arguments to provide to the Go pkg-config command. An attacker can provide a "--log-file" argument to this directive, causing pkg-config to write to an attacker-controlled location.
Severity
7.8 (High)
8.6 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
References
38 references
Impacted products
33 products
Credits
RyotaK (https://ryotak.net) of GMO Flatt Security Inc.
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-61731",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-29T04:55:56.484332Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T15:04:45.375Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"affected": [
{
"cpes": [
"cpe:/o:redhat:enterprise_linux_eus:10.0"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux:10.1"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux AppStream (v. 10)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:enterprise_linux:8::appstream"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux AppStream (v. 8)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhel_aus:8.2::appstream"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhel_aus:8.4::appstream"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhel_eus_long_life:8.4::appstream"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhel_aus:8.6::appstream"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhel_e4s:8.6::appstream"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhel_tus:8.6::appstream"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux AppStream TUS (v.8.6)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhel_e4s:8.8::appstream"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux AppStream E4S (v.8.8)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhel_tus:8.8::appstream"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux AppStream TUS (v.8.8)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhel_e4s:9.0::appstream"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhel_e4s:9.2::appstream"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhel_eus:9.4::appstream"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhel_eus:9.6::appstream"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:enterprise_linux:9::appstream"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux AppStream (v. 9)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:hummingbird:1"
],
"defaultStatus": "affected",
"product": "Red Hat Hardened Images",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift:4.12::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Container Platform 4.12",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift:4.13::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Container Platform 4.13",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift:4.14::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Container Platform 4.14",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift:4.15::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Container Platform 4.15",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift:4.16::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Container Platform 4.16",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift:4.17::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Container Platform 4.17",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift:4.18::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Container Platform 4.18",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift:4.19::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Container Platform 4.19",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift:4.20::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Container Platform 4.20",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:service_mesh:2.6::el8"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Service Mesh 2.6",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:service_mesh:3.0::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Service Mesh 3.0",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:service_mesh:3.1::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Service Mesh 3.1",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:service_mesh:3.2::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Service Mesh 3.2",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:container_native_virtualization:4"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Virtualization 4",
"vendor": "Red Hat"
}
],
"datePublic": "2026-01-28T19:30:30.844Z",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in cmd/go. An attacker can exploit this by building a malicious Go source file that uses the \u0027#cgo pkg-config:\u0027 directive. This allows the attacker to write to an arbitrary file with partial control over its content, by providing a \u0027--log-file\u0027 argument to the pkg-config command. This vulnerability can lead to arbitrary file write."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Important"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-88",
"description": "Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-01T12:05:13.150Z",
"orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
"shortName": "redhat-SADP"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2025-61731"
},
{
"name": "RHBZ#2434433",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2434433"
},
{
"tags": [
"x_sadp-csaf-vex"
],
"url": "https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-61731.json"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:5943"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:5941"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:6949"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:7878"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:7879"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:7876"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:7877"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:7883"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:7833"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:7834"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:5944"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:5942"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:7385"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:7291"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:12282"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:14100"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:21691"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:15091"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:14774"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:20088"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:5907"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:12118"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:5133"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:13736"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:4434"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:3855"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:3559"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:3556"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:5948"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:5950"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:5952"
}
],
"solutions": [
{
"lang": "en",
"value": "RHSA-2026:5943: Red Hat Enterprise Linux AppStream EUS (v. 10.0)"
},
{
"lang": "en",
"value": "RHSA-2026:5941: Red Hat Enterprise Linux AppStream (v. 10)"
},
{
"lang": "en",
"value": "RHSA-2026:6949: Red Hat Enterprise Linux AppStream (v. 8)"
},
{
"lang": "en",
"value": "RHSA-2026:7878: Red Hat Enterprise Linux AppStream AUS (v. 8.2)"
},
{
"lang": "en",
"value": "RHSA-2026:7879: Red Hat Enterprise Linux AppStream AUS (v.8.4), Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)"
},
{
"lang": "en",
"value": "RHSA-2026:7876: Red Hat Enterprise Linux AppStream AUS (v.8.6), Red Hat Enterprise Linux AppStream E4S (v.8.6), Red Hat Enterprise Linux AppStream TUS (v.8.6)"
},
{
"lang": "en",
"value": "RHSA-2026:7877: Red Hat Enterprise Linux AppStream E4S (v.8.8), Red Hat Enterprise Linux AppStream TUS (v.8.8)"
},
{
"lang": "en",
"value": "RHSA-2026:7883: Red Hat Enterprise Linux AppStream E4S (v.9.0)"
},
{
"lang": "en",
"value": "RHSA-2026:7833: Red Hat Enterprise Linux AppStream E4S (v.9.2)"
},
{
"lang": "en",
"value": "RHSA-2026:7834: Red Hat Enterprise Linux AppStream EUS (v.9.4)"
},
{
"lang": "en",
"value": "RHSA-2026:5944: Red Hat Enterprise Linux AppStream EUS (v.9.6)"
},
{
"lang": "en",
"value": "RHSA-2026:5942: Red Hat Enterprise Linux AppStream (v. 9)"
},
{
"lang": "en",
"value": "RHSA-2026:7385: Red Hat Hardened Images"
},
{
"lang": "en",
"value": "RHSA-2026:7291: Red Hat Hardened Images"
},
{
"lang": "en",
"value": "RHSA-2026:12282: Red Hat OpenShift Container Platform 4.12"
},
{
"lang": "en",
"value": "RHSA-2026:14100: Red Hat OpenShift Container Platform 4.12"
},
{
"lang": "en",
"value": "RHSA-2026:21691: Red Hat OpenShift Container Platform 4.13"
},
{
"lang": "en",
"value": "RHSA-2026:15091: Red Hat OpenShift Container Platform 4.14"
},
{
"lang": "en",
"value": "RHSA-2026:14774: Red Hat OpenShift Container Platform 4.15"
},
{
"lang": "en",
"value": "RHSA-2026:20088: Red Hat OpenShift Container Platform 4.16"
},
{
"lang": "en",
"value": "RHSA-2026:5907: Red Hat OpenShift Container Platform 4.17"
},
{
"lang": "en",
"value": "RHSA-2026:12118: Red Hat OpenShift Container Platform 4.18"
},
{
"lang": "en",
"value": "RHSA-2026:5133: Red Hat OpenShift Container Platform 4.18"
},
{
"lang": "en",
"value": "RHSA-2026:13736: Red Hat OpenShift Container Platform 4.18"
},
{
"lang": "en",
"value": "RHSA-2026:4434: Red Hat OpenShift Container Platform 4.19"
},
{
"lang": "en",
"value": "RHSA-2026:3855: Red Hat OpenShift Container Platform 4.20"
},
{
"lang": "en",
"value": "RHSA-2026:3559: Red Hat OpenShift Service Mesh 2.6"
},
{
"lang": "en",
"value": "RHSA-2026:3556: Red Hat OpenShift Service Mesh 2.6"
},
{
"lang": "en",
"value": "RHSA-2026:5948: Red Hat OpenShift Service Mesh 3.0"
},
{
"lang": "en",
"value": "RHSA-2026:5950: Red Hat OpenShift Service Mesh 3.1"
},
{
"lang": "en",
"value": "RHSA-2026:5952: Red Hat OpenShift Service Mesh 3.2"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-01-28T20:01:45.587Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2026-01-28T19:30:30.844Z",
"value": "Made public."
}
],
"title": "cmd/go: cmd/go: Arbitrary file write via malicious pkg-config directive",
"workarounds": [
{
"lang": "en",
"value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
}
],
"x_adpType": "supplier",
"x_generator": {
"engine": "sadp-cli 1.0.0"
}
}
],
"cna": {
"affected": [
{
"collectionURL": "https://pkg.go.dev",
"defaultStatus": "unaffected",
"packageName": "cmd/go",
"product": "cmd/go",
"vendor": "Go toolchain",
"versions": [
{
"lessThan": "1.24.12",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "1.25.6",
"status": "affected",
"version": "1.25.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "RyotaK (https://ryotak.net) of GMO Flatt Security Inc."
}
],
"descriptions": [
{
"lang": "en",
"value": "Building a malicious file with cmd/go can cause can cause a write to an attacker-controlled file with partial control of the file content. The \"#cgo pkg-config:\" directive in a Go source file provides command-line arguments to provide to the Go pkg-config command. An attacker can provide a \"--log-file\" argument to this directive, causing pkg-config to write to an attacker-controlled location."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-28T19:30:30.844Z",
"orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
"shortName": "Go"
},
"references": [
{
"url": "https://go.dev/cl/736711"
},
{
"url": "https://go.dev/issue/77100"
},
{
"url": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc"
},
{
"url": "https://pkg.go.dev/vuln/GO-2026-4339"
}
],
"title": "Arbitrary file write using cgo pkg-config directive in cmd/go"
}
},
"cveMetadata": {
"assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
"assignerShortName": "Go",
"cveId": "CVE-2025-61731",
"datePublished": "2026-01-28T19:30:30.844Z",
"dateReserved": "2025-09-30T15:05:03.605Z",
"dateUpdated": "2026-07-01T12:05:13.150Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2025-61731",
"date": "2026-07-02",
"epss": "0.00532",
"percentile": "0.40974"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2025-61731\",\"sourceIdentifier\":\"security@golang.org\",\"published\":\"2026-01-28T20:16:10.073\",\"lastModified\":\"2026-06-30T03:16:56.140\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Building a malicious file with cmd/go can cause can cause a write to an attacker-controlled file with partial control of the file content. The \\\"#cgo pkg-config:\\\" directive in a Go source file provides command-line arguments to provide to the Go pkg-config command. An attacker can provide a \\\"--log-file\\\" argument to this directive, causing pkg-config to write to an attacker-controlled location.\"},{\"lang\":\"es\",\"value\":\"Construir un archivo malicioso con cmd/go puede causar puede causar una escritura a un archivo controlado por el atacante con control parcial del contenido del archivo. La directiva \u0027#cgo pkg-config:\u0027 en un archivo fuente de Go proporciona argumentos de l\u00ednea de comandos para proporcionar al comando Go pkg-config. Un atacante puede proporcionar un argumento \u0027--log-file\u0027 a esta directiva, causando que pkg-config escriba a una ubicaci\u00f3n controlada por el atacante.\"}],\"affected\":[{\"source\":\"security@golang.org\",\"affectedData\":[{\"vendor\":\"Go toolchain\",\"product\":\"cmd/go\",\"defaultStatus\":\"unaffected\",\"collectionURL\":\"https://pkg.go.dev\",\"packageName\":\"cmd/go\",\"versions\":[{\"version\":\"0\",\"lessThan\":\"1.24.12\",\"versionType\":\"semver\",\"status\":\"affected\"},{\"version\":\"1.25.0\",\"lessThan\":\"1.25.6\",\"versionType\":\"semver\",\"status\":\"affected\"}]}]},{\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\",\"affectedData\":[{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux AppStream EUS (v. 10.0)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/o:redhat:enterprise_linux_eus:10.0\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux AppStream (v. 10)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/o:redhat:enterprise_linux:10.1\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux AppStream (v. 8)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:enterprise_linux:8::appstream\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux AppStream AUS (v. 8.2)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:rhel_aus:8.2::appstream\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux AppStream AUS (v.8.4)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:rhel_aus:8.4::appstream\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:rhel_eus_long_life:8.4::appstream\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux AppStream AUS (v.8.6)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:rhel_aus:8.6::appstream\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux AppStream E4S (v.8.6)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:rhel_e4s:8.6::appstream\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux AppStream TUS (v.8.6)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:rhel_tus:8.6::appstream\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux AppStream E4S (v.8.8)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:rhel_e4s:8.8::appstream\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux AppStream TUS (v.8.8)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:rhel_tus:8.8::appstream\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux AppStream E4S (v.9.0)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:rhel_e4s:9.0::appstream\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux AppStream E4S (v.9.2)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:rhel_e4s:9.2::appstream\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux AppStream EUS (v.9.4)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:rhel_eus:9.4::appstream\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux AppStream EUS (v.9.6)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:rhel_eus:9.6::appstream\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux AppStream (v. 9)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:enterprise_linux:9::appstream\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Hardened Images\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:hummingbird:1\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift Container Platform 4.12\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openshift:4.12::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift Container Platform 4.13\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openshift:4.13::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift Container Platform 4.14\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openshift:4.14::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift Container Platform 4.15\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openshift:4.15::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift Container Platform 4.16\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openshift:4.16::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift Container Platform 4.17\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openshift:4.17::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift Container Platform 4.18\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openshift:4.18::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift Container Platform 4.19\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openshift:4.19::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift Container Platform 4.20\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openshift:4.20::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift Service Mesh 2.6\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:service_mesh:2.6::el8\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift Service Mesh 3.0\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:service_mesh:3.0::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift Service Mesh 3.1\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:service_mesh:3.1::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift Service Mesh 3.2\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:service_mesh:3.2::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux 8\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/o:redhat:enterprise_linux:8\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift Virtualization 4\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:container_native_virtualization:4\"]}]}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9},{\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\",\"baseScore\":8.6,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":6.0}],\"ssvcV203\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"ssvcData\":{\"timestamp\":\"2026-01-29T04:55:56.484332Z\",\"id\":\"CVE-2025-61731\",\"options\":[{\"exploitation\":\"none\"},{\"automatable\":\"no\"},{\"technicalImpact\":\"total\"}],\"role\":\"CISA Coordinator\",\"version\":\"2.0.3\"}}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]},{\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-88\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.24.12\",\"matchCriteriaId\":\"21FD9368-8AB3-404B-8599-BBF64EFE3C7B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.25.0\",\"versionEndExcluding\":\"1.25.6\",\"matchCriteriaId\":\"A547E844-78D2-4B17-B7A9-73E7B503D2CE\"}]}]}],\"references\":[{\"url\":\"https://go.dev/cl/736711\",\"source\":\"security@golang.org\",\"tags\":[\"Patch\"]},{\"url\":\"https://go.dev/issue/77100\",\"source\":\"security@golang.org\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc\",\"source\":\"security@golang.org\",\"tags\":[\"Mailing List\",\"Release Notes\"]},{\"url\":\"https://pkg.go.dev/vuln/GO-2026-4339\",\"source\":\"security@golang.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:12118\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:12282\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:13736\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:14100\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:14774\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:15091\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:20088\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:21691\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:3556\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:3559\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:3855\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:4434\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:5133\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:5907\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:5941\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:5942\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:5943\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:5944\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:5948\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:5950\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:5952\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:6949\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:7291\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:7385\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:7833\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:7834\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:7876\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:7877\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:7878\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:7879\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:7883\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/security/cve/CVE-2025-61731\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=2434433\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-61731.json\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"cmd/go: cmd/go: Arbitrary file write via malicious pkg-config directive\", \"metrics\": [{\"other\": {\"type\": \"Red Hat severity rating\", \"content\": {\"value\": \"Important\", \"namespace\": \"https://access.redhat.com/security/updates/classification/\"}}}, {\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"CHANGED\", \"version\": \"3.1\", \"baseScore\": 8.6, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"cpes\": [\"cpe:/o:redhat:enterprise_linux_eus:10.0\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux AppStream EUS (v. 10.0)\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/o:redhat:enterprise_linux:10.1\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux AppStream (v. 10)\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:enterprise_linux:8::appstream\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux AppStream (v. 8)\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:rhel_aus:8.2::appstream\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux AppStream AUS (v. 8.2)\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:rhel_aus:8.4::appstream\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux AppStream AUS (v.8.4)\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:rhel_eus_long_life:8.4::appstream\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:rhel_aus:8.6::appstream\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux AppStream AUS (v.8.6)\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:rhel_e4s:8.6::appstream\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux AppStream E4S (v.8.6)\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:rhel_tus:8.6::appstream\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux AppStream TUS (v.8.6)\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:rhel_e4s:8.8::appstream\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux AppStream E4S (v.8.8)\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:rhel_tus:8.8::appstream\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux AppStream TUS (v.8.8)\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:rhel_e4s:9.0::appstream\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux AppStream E4S (v.9.0)\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:rhel_e4s:9.2::appstream\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux AppStream E4S (v.9.2)\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:rhel_eus:9.4::appstream\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux AppStream EUS (v.9.4)\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:rhel_eus:9.6::appstream\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux AppStream EUS (v.9.6)\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:enterprise_linux:9::appstream\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux AppStream (v. 9)\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:hummingbird:1\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Hardened Images\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift:4.12::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift Container Platform 4.12\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift:4.13::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift Container Platform 4.13\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift:4.14::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift Container Platform 4.14\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift:4.15::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift Container Platform 4.15\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift:4.16::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift Container Platform 4.16\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift:4.17::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift Container Platform 4.17\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift:4.18::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift Container Platform 4.18\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift:4.19::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift Container Platform 4.19\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift:4.20::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift Container Platform 4.20\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:service_mesh:2.6::el8\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift Service Mesh 2.6\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:service_mesh:3.0::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift Service Mesh 3.0\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:service_mesh:3.1::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift Service Mesh 3.1\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:service_mesh:3.2::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift Service Mesh 3.2\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/o:redhat:enterprise_linux:8\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 8\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:container_native_virtualization:4\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift Virtualization 4\", \"defaultStatus\": \"affected\"}], \"timeline\": [{\"lang\": \"en\", \"time\": \"2026-01-28T20:01:45.587Z\", \"value\": \"Reported to Red Hat.\"}, {\"lang\": \"en\", \"time\": \"2026-01-28T19:30:30.844Z\", \"value\": \"Made public.\"}], \"solutions\": [{\"lang\": \"en\", \"value\": \"RHSA-2026:5943: Red Hat Enterprise Linux AppStream EUS (v. 10.0)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:5941: Red Hat Enterprise Linux AppStream (v. 10)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:6949: Red Hat Enterprise Linux AppStream (v. 8)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:7878: Red Hat Enterprise Linux AppStream AUS (v. 8.2)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:7879: Red Hat Enterprise Linux AppStream AUS (v.8.4), Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:7876: Red Hat Enterprise Linux AppStream AUS (v.8.6), Red Hat Enterprise Linux AppStream E4S (v.8.6), Red Hat Enterprise Linux AppStream TUS (v.8.6)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:7877: Red Hat Enterprise Linux AppStream E4S (v.8.8), Red Hat Enterprise Linux AppStream TUS (v.8.8)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:7883: Red Hat Enterprise Linux AppStream E4S (v.9.0)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:7833: Red Hat Enterprise Linux AppStream E4S (v.9.2)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:7834: Red Hat Enterprise Linux AppStream EUS (v.9.4)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:5944: Red Hat Enterprise Linux AppStream EUS (v.9.6)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:5942: Red Hat Enterprise Linux AppStream (v. 9)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:7385: Red Hat Hardened Images\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:7291: Red Hat Hardened Images\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:12282: Red Hat OpenShift Container Platform 4.12\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:14100: Red Hat OpenShift Container Platform 4.12\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:21691: Red Hat OpenShift Container Platform 4.13\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:15091: Red Hat OpenShift Container Platform 4.14\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:14774: Red Hat OpenShift Container Platform 4.15\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:20088: Red Hat OpenShift Container Platform 4.16\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:5907: Red Hat OpenShift Container Platform 4.17\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:12118: Red Hat OpenShift Container Platform 4.18\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:5133: Red Hat OpenShift Container Platform 4.18\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:13736: Red Hat OpenShift Container Platform 4.18\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:4434: Red Hat OpenShift Container Platform 4.19\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:3855: Red Hat OpenShift Container Platform 4.20\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:3559: Red Hat OpenShift Service Mesh 2.6\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:3556: Red Hat OpenShift Service Mesh 2.6\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:5948: Red Hat OpenShift Service Mesh 3.0\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:5950: Red Hat OpenShift Service Mesh 3.1\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:5952: Red Hat OpenShift Service Mesh 3.2\"}], \"x_adpType\": \"supplier\", \"datePublic\": \"2026-01-28T19:30:30.844Z\", \"references\": [{\"url\": \"https://access.redhat.com/security/cve/CVE-2025-61731\", \"tags\": [\"vdb-entry\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=2434433\", \"name\": \"RHBZ#2434433\", \"tags\": [\"issue-tracking\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-61731.json\", \"tags\": [\"x_sadp-csaf-vex\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:5943\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:5941\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:6949\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:7878\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:7879\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:7876\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:7877\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:7883\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:7833\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:7834\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:5944\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:5942\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:7385\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:7291\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:12282\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:14100\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:21691\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:15091\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:14774\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:20088\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:5907\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:12118\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:5133\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:13736\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:4434\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:3855\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:3559\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:3556\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:5948\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:5950\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:5952\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}], \"workarounds\": [{\"lang\": \"en\", \"value\": \"Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.\"}], \"x_generator\": {\"engine\": \"sadp-cli 1.0.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"A flaw was found in cmd/go. An attacker can exploit this by building a malicious Go source file that uses the \u0027#cgo pkg-config:\u0027 directive. This allows the attacker to write to an arbitrary file with partial control over its content, by providing a \u0027--log-file\u0027 argument to the pkg-config command. This vulnerability can lead to arbitrary file write.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-88\", \"description\": \"Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\", \"shortName\": \"redhat-SADP\", \"dateUpdated\": \"2026-06-30T12:07:16.852Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.8, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-61731\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-01-29T04:55:56.484332Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-01-29T16:17:20.484Z\"}}], \"cna\": {\"title\": \"Arbitrary file write using cgo pkg-config directive in cmd/go\", \"credits\": [{\"lang\": \"en\", \"value\": \"RyotaK (https://ryotak.net) of GMO Flatt Security Inc.\"}], \"affected\": [{\"vendor\": \"Go toolchain\", \"product\": \"cmd/go\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"1.24.12\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"1.25.0\", \"lessThan\": \"1.25.6\", \"versionType\": \"semver\"}], \"packageName\": \"cmd/go\", \"collectionURL\": \"https://pkg.go.dev\", \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://go.dev/cl/736711\"}, {\"url\": \"https://go.dev/issue/77100\"}, {\"url\": \"https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc\"}, {\"url\": \"https://pkg.go.dev/vuln/GO-2026-4339\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Building a malicious file with cmd/go can cause can cause a write to an attacker-controlled file with partial control of the file content. The \\\"#cgo pkg-config:\\\" directive in a Go source file provides command-line arguments to provide to the Go pkg-config command. An attacker can provide a \\\"--log-file\\\" argument to this directive, causing pkg-config to write to an attacker-controlled location.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"description\": \"CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"1bb62c36-49e3-4200-9d77-64a1400537cc\", \"shortName\": \"Go\", \"dateUpdated\": \"2026-01-28T19:30:30.844Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2025-61731\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-06-30T12:07:16.852Z\", \"dateReserved\": \"2025-09-30T15:05:03.605Z\", \"assignerOrgId\": \"1bb62c36-49e3-4200-9d77-64a1400537cc\", \"datePublished\": \"2026-01-28T19:30:30.844Z\", \"assignerShortName\": \"Go\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
Title
Google Go代码执行漏洞
Description
Google Go是美国谷歌(Google)公司的一种静态强类型、编译型、并发型,并具有垃圾回收功能的编程语言。
Google Go存在代码执行漏洞,该漏洞是由于CgoPkgConfig中编译器标志的不安全处理造成的。攻击者可利用该漏洞在系统上执行任意代码。
Severity
中
Patch Name
Google Go代码执行漏洞的补丁
Patch Description
Google Go是美国谷歌(Google)公司的一种静态强类型、编译型、并发型,并具有垃圾回收功能的编程语言。
Google Go存在代码执行漏洞,该漏洞是由于CgoPkgConfig中编译器标志的不安全处理造成的。攻击者可利用该漏洞在系统上执行任意代码。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
厂商已发布了漏洞修复程序,请及时关注更新: https://go.dev/dl/
Reference
https://nvd.nist.gov/vuln/detail/CVE-2025-61731
Impacted products
| Name | ['Google GO >=1.25.0,<1.25.6', 'Google GO <1.24.12'] |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2025-61731",
"cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2025-61731"
}
},
"description": "Google Go\u662f\u7f8e\u56fd\u8c37\u6b4c\uff08Google\uff09\u516c\u53f8\u7684\u4e00\u79cd\u9759\u6001\u5f3a\u7c7b\u578b\u3001\u7f16\u8bd1\u578b\u3001\u5e76\u53d1\u578b\uff0c\u5e76\u5177\u6709\u5783\u573e\u56de\u6536\u529f\u80fd\u7684\u7f16\u7a0b\u8bed\u8a00\u3002\n\nGoogle Go\u5b58\u5728\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u662f\u7531\u4e8eCgoPkgConfig\u4e2d\u7f16\u8bd1\u5668\u6807\u5fd7\u7684\u4e0d\u5b89\u5168\u5904\u7406\u9020\u6210\u7684\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5728\u7cfb\u7edf\u4e0a\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002",
"formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://go.dev/dl/",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2026-10648",
"openTime": "2026-02-09",
"patchDescription": "Google Go\u662f\u7f8e\u56fd\u8c37\u6b4c\uff08Google\uff09\u516c\u53f8\u7684\u4e00\u79cd\u9759\u6001\u5f3a\u7c7b\u578b\u3001\u7f16\u8bd1\u578b\u3001\u5e76\u53d1\u578b\uff0c\u5e76\u5177\u6709\u5783\u573e\u56de\u6536\u529f\u80fd\u7684\u7f16\u7a0b\u8bed\u8a00\u3002\r\n\r\nGoogle Go\u5b58\u5728\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u662f\u7531\u4e8eCgoPkgConfig\u4e2d\u7f16\u8bd1\u5668\u6807\u5fd7\u7684\u4e0d\u5b89\u5168\u5904\u7406\u9020\u6210\u7684\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5728\u7cfb\u7edf\u4e0a\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "Google Go\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\u7684\u8865\u4e01",
"products": {
"product": [
"Google GO \u003e=1.25.0\uff0c\u003c1.25.6",
"Google GO \u003c1.24.12"
]
},
"referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2025-61731",
"serverity": "\u4e2d",
"submitTime": "2026-02-05",
"title": "Google Go\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e"
}
FKIE_CVE-2025-61731
Vulnerability from fkie_nvd - Published: 2026-01-28 20:16 - Updated: 2026-06-30 03:16
Severity
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.6 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
8.6 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Summary
Building a malicious file with cmd/go can cause can cause a write to an attacker-controlled file with partial control of the file content. The "#cgo pkg-config:" directive in a Go source file provides command-line arguments to provide to the Go pkg-config command. An attacker can provide a "--log-file" argument to this directive, causing pkg-config to write to an attacker-controlled location.
References
{
"affected": [
{
"affectedData": [
{
"collectionURL": "https://pkg.go.dev",
"defaultStatus": "unaffected",
"packageName": "cmd/go",
"product": "cmd/go",
"vendor": "Go toolchain",
"versions": [
{
"lessThan": "1.24.12",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "1.25.6",
"status": "affected",
"version": "1.25.0",
"versionType": "semver"
}
]
}
],
"source": "security@golang.org"
},
{
"affectedData": [
{
"cpes": [
"cpe:/o:redhat:enterprise_linux_eus:10.0"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux:10.1"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux AppStream (v. 10)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:enterprise_linux:8::appstream"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux AppStream (v. 8)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhel_aus:8.2::appstream"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhel_aus:8.4::appstream"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhel_eus_long_life:8.4::appstream"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhel_aus:8.6::appstream"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhel_e4s:8.6::appstream"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhel_tus:8.6::appstream"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux AppStream TUS (v.8.6)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhel_e4s:8.8::appstream"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux AppStream E4S (v.8.8)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhel_tus:8.8::appstream"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux AppStream TUS (v.8.8)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhel_e4s:9.0::appstream"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhel_e4s:9.2::appstream"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhel_eus:9.4::appstream"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhel_eus:9.6::appstream"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:enterprise_linux:9::appstream"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux AppStream (v. 9)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:hummingbird:1"
],
"defaultStatus": "affected",
"product": "Red Hat Hardened Images",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift:4.12::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Container Platform 4.12",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift:4.13::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Container Platform 4.13",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift:4.14::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Container Platform 4.14",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift:4.15::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Container Platform 4.15",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift:4.16::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Container Platform 4.16",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift:4.17::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Container Platform 4.17",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift:4.18::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Container Platform 4.18",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift:4.19::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Container Platform 4.19",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift:4.20::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Container Platform 4.20",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:service_mesh:2.6::el8"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Service Mesh 2.6",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:service_mesh:3.0::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Service Mesh 3.0",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:service_mesh:3.1::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Service Mesh 3.1",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:service_mesh:3.2::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Service Mesh 3.2",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:container_native_virtualization:4"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Virtualization 4",
"vendor": "Red Hat"
}
],
"source": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c"
}
],
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*",
"matchCriteriaId": "21FD9368-8AB3-404B-8599-BBF64EFE3C7B",
"versionEndExcluding": "1.24.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A547E844-78D2-4B17-B7A9-73E7B503D2CE",
"versionEndExcluding": "1.25.6",
"versionStartIncluding": "1.25.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Building a malicious file with cmd/go can cause can cause a write to an attacker-controlled file with partial control of the file content. The \"#cgo pkg-config:\" directive in a Go source file provides command-line arguments to provide to the Go pkg-config command. An attacker can provide a \"--log-file\" argument to this directive, causing pkg-config to write to an attacker-controlled location."
},
{
"lang": "es",
"value": "Construir un archivo malicioso con cmd/go puede causar puede causar una escritura a un archivo controlado por el atacante con control parcial del contenido del archivo. La directiva \u0027#cgo pkg-config:\u0027 en un archivo fuente de Go proporciona argumentos de l\u00ednea de comandos para proporcionar al comando Go pkg-config. Un atacante puede proporcionar un argumento \u0027--log-file\u0027 a esta directiva, causando que pkg-config escriba a una ubicaci\u00f3n controlada por el atacante."
}
],
"id": "CVE-2025-61731",
"lastModified": "2026-06-30T03:16:56.140",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 6.0,
"source": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
"type": "Secondary"
}
],
"ssvcV203": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"ssvcData": {
"id": "CVE-2025-61731",
"options": [
{
"exploitation": "none"
},
{
"automatable": "no"
},
{
"technicalImpact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-29T04:55:56.484332Z",
"version": "2.0.3"
}
}
]
},
"published": "2026-01-28T20:16:10.073",
"references": [
{
"source": "security@golang.org",
"tags": [
"Patch"
],
"url": "https://go.dev/cl/736711"
},
{
"source": "security@golang.org",
"tags": [
"Issue Tracking"
],
"url": "https://go.dev/issue/77100"
},
{
"source": "security@golang.org",
"tags": [
"Mailing List",
"Release Notes"
],
"url": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc"
},
{
"source": "security@golang.org",
"tags": [
"Vendor Advisory"
],
"url": "https://pkg.go.dev/vuln/GO-2026-4339"
},
{
"source": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
"url": "https://access.redhat.com/errata/RHSA-2026:12118"
},
{
"source": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
"url": "https://access.redhat.com/errata/RHSA-2026:12282"
},
{
"source": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
"url": "https://access.redhat.com/errata/RHSA-2026:13736"
},
{
"source": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
"url": "https://access.redhat.com/errata/RHSA-2026:14100"
},
{
"source": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
"url": "https://access.redhat.com/errata/RHSA-2026:14774"
},
{
"source": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
"url": "https://access.redhat.com/errata/RHSA-2026:15091"
},
{
"source": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
"url": "https://access.redhat.com/errata/RHSA-2026:20088"
},
{
"source": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
"url": "https://access.redhat.com/errata/RHSA-2026:21691"
},
{
"source": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
"url": "https://access.redhat.com/errata/RHSA-2026:3556"
},
{
"source": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
"url": "https://access.redhat.com/errata/RHSA-2026:3559"
},
{
"source": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
"url": "https://access.redhat.com/errata/RHSA-2026:3855"
},
{
"source": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
"url": "https://access.redhat.com/errata/RHSA-2026:4434"
},
{
"source": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
"url": "https://access.redhat.com/errata/RHSA-2026:5133"
},
{
"source": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
"url": "https://access.redhat.com/errata/RHSA-2026:5907"
},
{
"source": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
"url": "https://access.redhat.com/errata/RHSA-2026:5941"
},
{
"source": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
"url": "https://access.redhat.com/errata/RHSA-2026:5942"
},
{
"source": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
"url": "https://access.redhat.com/errata/RHSA-2026:5943"
},
{
"source": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
"url": "https://access.redhat.com/errata/RHSA-2026:5944"
},
{
"source": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
"url": "https://access.redhat.com/errata/RHSA-2026:5948"
},
{
"source": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
"url": "https://access.redhat.com/errata/RHSA-2026:5950"
},
{
"source": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
"url": "https://access.redhat.com/errata/RHSA-2026:5952"
},
{
"source": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
"url": "https://access.redhat.com/errata/RHSA-2026:6949"
},
{
"source": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
"url": "https://access.redhat.com/errata/RHSA-2026:7291"
},
{
"source": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
"url": "https://access.redhat.com/errata/RHSA-2026:7385"
},
{
"source": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
"url": "https://access.redhat.com/errata/RHSA-2026:7833"
},
{
"source": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
"url": "https://access.redhat.com/errata/RHSA-2026:7834"
},
{
"source": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
"url": "https://access.redhat.com/errata/RHSA-2026:7876"
},
{
"source": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
"url": "https://access.redhat.com/errata/RHSA-2026:7877"
},
{
"source": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
"url": "https://access.redhat.com/errata/RHSA-2026:7878"
},
{
"source": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
"url": "https://access.redhat.com/errata/RHSA-2026:7879"
},
{
"source": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
"url": "https://access.redhat.com/errata/RHSA-2026:7883"
},
{
"source": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
"url": "https://access.redhat.com/security/cve/CVE-2025-61731"
},
{
"source": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2434433"
},
{
"source": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
"url": "https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-61731.json"
}
],
"sourceIdentifier": "security@golang.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-88"
}
],
"source": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
"type": "Secondary"
}
]
}
GHSA-XVQR-69V8-F3GV
Vulnerability from github – Published: 2026-01-28 21:31 – Updated: 2026-06-30 03:35
VLAI
Details
Building a malicious file with cmd/go can cause can cause a write to an attacker-controlled file with partial control of the file content. The "#cgo pkg-config:" directive in a Go source file provides command-line arguments to provide to the Go pkg-config command. An attacker can provide a "--log-file" argument to this directive, causing pkg-config to write to an attacker-controlled location.
Severity
7.8 (High)
{
"affected": [],
"aliases": [
"CVE-2025-61731"
],
"database_specific": {
"cwe_ids": [
"CWE-88"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-01-28T20:16:10Z",
"severity": "HIGH"
},
"details": "Building a malicious file with cmd/go can cause can cause a write to an attacker-controlled file with partial control of the file content. The \"#cgo pkg-config:\" directive in a Go source file provides command-line arguments to provide to the Go pkg-config command. An attacker can provide a \"--log-file\" argument to this directive, causing pkg-config to write to an attacker-controlled location.",
"id": "GHSA-xvqr-69v8-f3gv",
"modified": "2026-06-30T03:35:31Z",
"published": "2026-01-28T21:31:24Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61731"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:12118"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:5952"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:6949"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:7291"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:7385"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:7833"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:7834"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:7876"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:7877"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:7878"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:7879"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:7883"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2025-61731"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2434433"
},
{
"type": "WEB",
"url": "https://go.dev/cl/736711"
},
{
"type": "WEB",
"url": "https://go.dev/issue/77100"
},
{
"type": "WEB",
"url": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc"
},
{
"type": "WEB",
"url": "https://pkg.go.dev/vuln/GO-2026-4339"
},
{
"type": "WEB",
"url": "https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-61731.json"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:12282"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:13736"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:14100"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:14774"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:15091"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:20088"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:21691"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:3556"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:3559"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:3855"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:4434"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:5133"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:5907"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:5941"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:5942"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:5943"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:5944"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:5948"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:5950"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
OPENSUSE-SU-2026:10063-1
Vulnerability from csaf_opensuse - Published: 2026-01-18 00:00 - Updated: 2026-01-18 00:00Summary
go1.24-1.24.12-1.1 on GA media
Severity
Moderate
Notes
Title of the patch: go1.24-1.24.12-1.1 on GA media
Description of the patch: These are all security issues fixed in the go1.24-1.24.12-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2026-10063
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
6.5 (Medium)
Affected products
Recommended
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:go1.24-1.24.12-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.24-1.24.12-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.24-1.24.12-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.24-1.24.12-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.24-doc-1.24.12-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.24-doc-1.24.12-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.24-doc-1.24.12-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.24-doc-1.24.12-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.24-libstd-1.24.12-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.24-libstd-1.24.12-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.24-libstd-1.24.12-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.24-libstd-1.24.12-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.24-race-1.24.12-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.24-race-1.24.12-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.24-race-1.24.12-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.24-race-1.24.12-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.5 (Medium)
Affected products
Recommended
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:go1.24-1.24.12-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.24-1.24.12-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.24-1.24.12-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.24-1.24.12-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.24-doc-1.24.12-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.24-doc-1.24.12-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.24-doc-1.24.12-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.24-doc-1.24.12-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.24-libstd-1.24.12-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.24-libstd-1.24.12-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.24-libstd-1.24.12-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.24-libstd-1.24.12-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.24-race-1.24.12-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.24-race-1.24.12-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.24-race-1.24.12-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.24-race-1.24.12-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
Affected products
Recommended
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:go1.24-1.24.12-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.24-1.24.12-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.24-1.24.12-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.24-1.24.12-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.24-doc-1.24.12-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.24-doc-1.24.12-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.24-doc-1.24.12-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.24-doc-1.24.12-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.24-libstd-1.24.12-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.24-libstd-1.24.12-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.24-libstd-1.24.12-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.24-libstd-1.24.12-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.24-race-1.24.12-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.24-race-1.24.12-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.24-race-1.24.12-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.24-race-1.24.12-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
Affected products
Recommended
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:go1.24-1.24.12-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.24-1.24.12-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.24-1.24.12-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.24-1.24.12-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.24-doc-1.24.12-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.24-doc-1.24.12-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.24-doc-1.24.12-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.24-doc-1.24.12-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.24-libstd-1.24.12-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.24-libstd-1.24.12-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.24-libstd-1.24.12-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.24-libstd-1.24.12-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.24-race-1.24.12-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.24-race-1.24.12-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.24-race-1.24.12-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.24-race-1.24.12-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:go1.24-1.24.12-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.24-1.24.12-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.24-1.24.12-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.24-1.24.12-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.24-doc-1.24.12-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.24-doc-1.24.12-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.24-doc-1.24.12-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.24-doc-1.24.12-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.24-libstd-1.24.12-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.24-libstd-1.24.12-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.24-libstd-1.24.12-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.24-libstd-1.24.12-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.24-race-1.24.12-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.24-race-1.24.12-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.24-race-1.24.12-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.24-race-1.24.12-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.3 (Medium)
Affected products
Recommended
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:go1.24-1.24.12-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.24-1.24.12-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.24-1.24.12-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.24-1.24.12-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.24-doc-1.24.12-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.24-doc-1.24.12-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.24-doc-1.24.12-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.24-doc-1.24.12-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.24-libstd-1.24.12-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.24-libstd-1.24.12-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.24-libstd-1.24.12-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.24-libstd-1.24.12-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.24-race-1.24.12-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.24-race-1.24.12-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.24-race-1.24.12-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.24-race-1.24.12-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
20 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "go1.24-1.24.12-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the go1.24-1.24.12-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2026-10063",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2026_10063-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-61726 page",
"url": "https://www.suse.com/security/cve/CVE-2025-61726/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-61728 page",
"url": "https://www.suse.com/security/cve/CVE-2025-61728/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-61730 page",
"url": "https://www.suse.com/security/cve/CVE-2025-61730/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-61731 page",
"url": "https://www.suse.com/security/cve/CVE-2025-61731/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68119 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68119/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68121 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68121/"
}
],
"title": "go1.24-1.24.12-1.1 on GA media",
"tracking": {
"current_release_date": "2026-01-18T00:00:00Z",
"generator": {
"date": "2026-01-18T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2026:10063-1",
"initial_release_date": "2026-01-18T00:00:00Z",
"revision_history": [
{
"date": "2026-01-18T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "go1.24-1.24.12-1.1.aarch64",
"product": {
"name": "go1.24-1.24.12-1.1.aarch64",
"product_id": "go1.24-1.24.12-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "go1.24-doc-1.24.12-1.1.aarch64",
"product": {
"name": "go1.24-doc-1.24.12-1.1.aarch64",
"product_id": "go1.24-doc-1.24.12-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "go1.24-libstd-1.24.12-1.1.aarch64",
"product": {
"name": "go1.24-libstd-1.24.12-1.1.aarch64",
"product_id": "go1.24-libstd-1.24.12-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "go1.24-race-1.24.12-1.1.aarch64",
"product": {
"name": "go1.24-race-1.24.12-1.1.aarch64",
"product_id": "go1.24-race-1.24.12-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "go1.24-1.24.12-1.1.ppc64le",
"product": {
"name": "go1.24-1.24.12-1.1.ppc64le",
"product_id": "go1.24-1.24.12-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "go1.24-doc-1.24.12-1.1.ppc64le",
"product": {
"name": "go1.24-doc-1.24.12-1.1.ppc64le",
"product_id": "go1.24-doc-1.24.12-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "go1.24-libstd-1.24.12-1.1.ppc64le",
"product": {
"name": "go1.24-libstd-1.24.12-1.1.ppc64le",
"product_id": "go1.24-libstd-1.24.12-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "go1.24-race-1.24.12-1.1.ppc64le",
"product": {
"name": "go1.24-race-1.24.12-1.1.ppc64le",
"product_id": "go1.24-race-1.24.12-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "go1.24-1.24.12-1.1.s390x",
"product": {
"name": "go1.24-1.24.12-1.1.s390x",
"product_id": "go1.24-1.24.12-1.1.s390x"
}
},
{
"category": "product_version",
"name": "go1.24-doc-1.24.12-1.1.s390x",
"product": {
"name": "go1.24-doc-1.24.12-1.1.s390x",
"product_id": "go1.24-doc-1.24.12-1.1.s390x"
}
},
{
"category": "product_version",
"name": "go1.24-libstd-1.24.12-1.1.s390x",
"product": {
"name": "go1.24-libstd-1.24.12-1.1.s390x",
"product_id": "go1.24-libstd-1.24.12-1.1.s390x"
}
},
{
"category": "product_version",
"name": "go1.24-race-1.24.12-1.1.s390x",
"product": {
"name": "go1.24-race-1.24.12-1.1.s390x",
"product_id": "go1.24-race-1.24.12-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "go1.24-1.24.12-1.1.x86_64",
"product": {
"name": "go1.24-1.24.12-1.1.x86_64",
"product_id": "go1.24-1.24.12-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "go1.24-doc-1.24.12-1.1.x86_64",
"product": {
"name": "go1.24-doc-1.24.12-1.1.x86_64",
"product_id": "go1.24-doc-1.24.12-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "go1.24-libstd-1.24.12-1.1.x86_64",
"product": {
"name": "go1.24-libstd-1.24.12-1.1.x86_64",
"product_id": "go1.24-libstd-1.24.12-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "go1.24-race-1.24.12-1.1.x86_64",
"product": {
"name": "go1.24-race-1.24.12-1.1.x86_64",
"product_id": "go1.24-race-1.24.12-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.24-1.24.12-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.24-1.24.12-1.1.aarch64"
},
"product_reference": "go1.24-1.24.12-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.24-1.24.12-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.24-1.24.12-1.1.ppc64le"
},
"product_reference": "go1.24-1.24.12-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.24-1.24.12-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.24-1.24.12-1.1.s390x"
},
"product_reference": "go1.24-1.24.12-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.24-1.24.12-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.24-1.24.12-1.1.x86_64"
},
"product_reference": "go1.24-1.24.12-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.24-doc-1.24.12-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.24-doc-1.24.12-1.1.aarch64"
},
"product_reference": "go1.24-doc-1.24.12-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.24-doc-1.24.12-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.24-doc-1.24.12-1.1.ppc64le"
},
"product_reference": "go1.24-doc-1.24.12-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.24-doc-1.24.12-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.24-doc-1.24.12-1.1.s390x"
},
"product_reference": "go1.24-doc-1.24.12-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.24-doc-1.24.12-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.24-doc-1.24.12-1.1.x86_64"
},
"product_reference": "go1.24-doc-1.24.12-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.24-libstd-1.24.12-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.24-libstd-1.24.12-1.1.aarch64"
},
"product_reference": "go1.24-libstd-1.24.12-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.24-libstd-1.24.12-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.24-libstd-1.24.12-1.1.ppc64le"
},
"product_reference": "go1.24-libstd-1.24.12-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.24-libstd-1.24.12-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.24-libstd-1.24.12-1.1.s390x"
},
"product_reference": "go1.24-libstd-1.24.12-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.24-libstd-1.24.12-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.24-libstd-1.24.12-1.1.x86_64"
},
"product_reference": "go1.24-libstd-1.24.12-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.24-race-1.24.12-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.24-race-1.24.12-1.1.aarch64"
},
"product_reference": "go1.24-race-1.24.12-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.24-race-1.24.12-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.24-race-1.24.12-1.1.ppc64le"
},
"product_reference": "go1.24-race-1.24.12-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.24-race-1.24.12-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.24-race-1.24.12-1.1.s390x"
},
"product_reference": "go1.24-race-1.24.12-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.24-race-1.24.12-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.24-race-1.24.12-1.1.x86_64"
},
"product_reference": "go1.24-race-1.24.12-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-61726",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-61726"
}
],
"notes": [
{
"category": "general",
"text": "unknown",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:go1.24-1.24.12-1.1.aarch64",
"openSUSE Tumbleweed:go1.24-1.24.12-1.1.ppc64le",
"openSUSE Tumbleweed:go1.24-1.24.12-1.1.s390x",
"openSUSE Tumbleweed:go1.24-1.24.12-1.1.x86_64",
"openSUSE Tumbleweed:go1.24-doc-1.24.12-1.1.aarch64",
"openSUSE Tumbleweed:go1.24-doc-1.24.12-1.1.ppc64le",
"openSUSE Tumbleweed:go1.24-doc-1.24.12-1.1.s390x",
"openSUSE Tumbleweed:go1.24-doc-1.24.12-1.1.x86_64",
"openSUSE Tumbleweed:go1.24-libstd-1.24.12-1.1.aarch64",
"openSUSE Tumbleweed:go1.24-libstd-1.24.12-1.1.ppc64le",
"openSUSE Tumbleweed:go1.24-libstd-1.24.12-1.1.s390x",
"openSUSE Tumbleweed:go1.24-libstd-1.24.12-1.1.x86_64",
"openSUSE Tumbleweed:go1.24-race-1.24.12-1.1.aarch64",
"openSUSE Tumbleweed:go1.24-race-1.24.12-1.1.ppc64le",
"openSUSE Tumbleweed:go1.24-race-1.24.12-1.1.s390x",
"openSUSE Tumbleweed:go1.24-race-1.24.12-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-61726",
"url": "https://www.suse.com/security/cve/CVE-2025-61726"
},
{
"category": "external",
"summary": "SUSE Bug 1256817 for CVE-2025-61726",
"url": "https://bugzilla.suse.com/1256817"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:go1.24-1.24.12-1.1.aarch64",
"openSUSE Tumbleweed:go1.24-1.24.12-1.1.ppc64le",
"openSUSE Tumbleweed:go1.24-1.24.12-1.1.s390x",
"openSUSE Tumbleweed:go1.24-1.24.12-1.1.x86_64",
"openSUSE Tumbleweed:go1.24-doc-1.24.12-1.1.aarch64",
"openSUSE Tumbleweed:go1.24-doc-1.24.12-1.1.ppc64le",
"openSUSE Tumbleweed:go1.24-doc-1.24.12-1.1.s390x",
"openSUSE Tumbleweed:go1.24-doc-1.24.12-1.1.x86_64",
"openSUSE Tumbleweed:go1.24-libstd-1.24.12-1.1.aarch64",
"openSUSE Tumbleweed:go1.24-libstd-1.24.12-1.1.ppc64le",
"openSUSE Tumbleweed:go1.24-libstd-1.24.12-1.1.s390x",
"openSUSE Tumbleweed:go1.24-libstd-1.24.12-1.1.x86_64",
"openSUSE Tumbleweed:go1.24-race-1.24.12-1.1.aarch64",
"openSUSE Tumbleweed:go1.24-race-1.24.12-1.1.ppc64le",
"openSUSE Tumbleweed:go1.24-race-1.24.12-1.1.s390x",
"openSUSE Tumbleweed:go1.24-race-1.24.12-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:go1.24-1.24.12-1.1.aarch64",
"openSUSE Tumbleweed:go1.24-1.24.12-1.1.ppc64le",
"openSUSE Tumbleweed:go1.24-1.24.12-1.1.s390x",
"openSUSE Tumbleweed:go1.24-1.24.12-1.1.x86_64",
"openSUSE Tumbleweed:go1.24-doc-1.24.12-1.1.aarch64",
"openSUSE Tumbleweed:go1.24-doc-1.24.12-1.1.ppc64le",
"openSUSE Tumbleweed:go1.24-doc-1.24.12-1.1.s390x",
"openSUSE Tumbleweed:go1.24-doc-1.24.12-1.1.x86_64",
"openSUSE Tumbleweed:go1.24-libstd-1.24.12-1.1.aarch64",
"openSUSE Tumbleweed:go1.24-libstd-1.24.12-1.1.ppc64le",
"openSUSE Tumbleweed:go1.24-libstd-1.24.12-1.1.s390x",
"openSUSE Tumbleweed:go1.24-libstd-1.24.12-1.1.x86_64",
"openSUSE Tumbleweed:go1.24-race-1.24.12-1.1.aarch64",
"openSUSE Tumbleweed:go1.24-race-1.24.12-1.1.ppc64le",
"openSUSE Tumbleweed:go1.24-race-1.24.12-1.1.s390x",
"openSUSE Tumbleweed:go1.24-race-1.24.12-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-18T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-61726"
},
{
"cve": "CVE-2025-61728",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-61728"
}
],
"notes": [
{
"category": "general",
"text": "unknown",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:go1.24-1.24.12-1.1.aarch64",
"openSUSE Tumbleweed:go1.24-1.24.12-1.1.ppc64le",
"openSUSE Tumbleweed:go1.24-1.24.12-1.1.s390x",
"openSUSE Tumbleweed:go1.24-1.24.12-1.1.x86_64",
"openSUSE Tumbleweed:go1.24-doc-1.24.12-1.1.aarch64",
"openSUSE Tumbleweed:go1.24-doc-1.24.12-1.1.ppc64le",
"openSUSE Tumbleweed:go1.24-doc-1.24.12-1.1.s390x",
"openSUSE Tumbleweed:go1.24-doc-1.24.12-1.1.x86_64",
"openSUSE Tumbleweed:go1.24-libstd-1.24.12-1.1.aarch64",
"openSUSE Tumbleweed:go1.24-libstd-1.24.12-1.1.ppc64le",
"openSUSE Tumbleweed:go1.24-libstd-1.24.12-1.1.s390x",
"openSUSE Tumbleweed:go1.24-libstd-1.24.12-1.1.x86_64",
"openSUSE Tumbleweed:go1.24-race-1.24.12-1.1.aarch64",
"openSUSE Tumbleweed:go1.24-race-1.24.12-1.1.ppc64le",
"openSUSE Tumbleweed:go1.24-race-1.24.12-1.1.s390x",
"openSUSE Tumbleweed:go1.24-race-1.24.12-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-61728",
"url": "https://www.suse.com/security/cve/CVE-2025-61728"
},
{
"category": "external",
"summary": "SUSE Bug 1256816 for CVE-2025-61728",
"url": "https://bugzilla.suse.com/1256816"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:go1.24-1.24.12-1.1.aarch64",
"openSUSE Tumbleweed:go1.24-1.24.12-1.1.ppc64le",
"openSUSE Tumbleweed:go1.24-1.24.12-1.1.s390x",
"openSUSE Tumbleweed:go1.24-1.24.12-1.1.x86_64",
"openSUSE Tumbleweed:go1.24-doc-1.24.12-1.1.aarch64",
"openSUSE Tumbleweed:go1.24-doc-1.24.12-1.1.ppc64le",
"openSUSE Tumbleweed:go1.24-doc-1.24.12-1.1.s390x",
"openSUSE Tumbleweed:go1.24-doc-1.24.12-1.1.x86_64",
"openSUSE Tumbleweed:go1.24-libstd-1.24.12-1.1.aarch64",
"openSUSE Tumbleweed:go1.24-libstd-1.24.12-1.1.ppc64le",
"openSUSE Tumbleweed:go1.24-libstd-1.24.12-1.1.s390x",
"openSUSE Tumbleweed:go1.24-libstd-1.24.12-1.1.x86_64",
"openSUSE Tumbleweed:go1.24-race-1.24.12-1.1.aarch64",
"openSUSE Tumbleweed:go1.24-race-1.24.12-1.1.ppc64le",
"openSUSE Tumbleweed:go1.24-race-1.24.12-1.1.s390x",
"openSUSE Tumbleweed:go1.24-race-1.24.12-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:go1.24-1.24.12-1.1.aarch64",
"openSUSE Tumbleweed:go1.24-1.24.12-1.1.ppc64le",
"openSUSE Tumbleweed:go1.24-1.24.12-1.1.s390x",
"openSUSE Tumbleweed:go1.24-1.24.12-1.1.x86_64",
"openSUSE Tumbleweed:go1.24-doc-1.24.12-1.1.aarch64",
"openSUSE Tumbleweed:go1.24-doc-1.24.12-1.1.ppc64le",
"openSUSE Tumbleweed:go1.24-doc-1.24.12-1.1.s390x",
"openSUSE Tumbleweed:go1.24-doc-1.24.12-1.1.x86_64",
"openSUSE Tumbleweed:go1.24-libstd-1.24.12-1.1.aarch64",
"openSUSE Tumbleweed:go1.24-libstd-1.24.12-1.1.ppc64le",
"openSUSE Tumbleweed:go1.24-libstd-1.24.12-1.1.s390x",
"openSUSE Tumbleweed:go1.24-libstd-1.24.12-1.1.x86_64",
"openSUSE Tumbleweed:go1.24-race-1.24.12-1.1.aarch64",
"openSUSE Tumbleweed:go1.24-race-1.24.12-1.1.ppc64le",
"openSUSE Tumbleweed:go1.24-race-1.24.12-1.1.s390x",
"openSUSE Tumbleweed:go1.24-race-1.24.12-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-18T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-61728"
},
{
"cve": "CVE-2025-61730",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-61730"
}
],
"notes": [
{
"category": "general",
"text": "unknown",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:go1.24-1.24.12-1.1.aarch64",
"openSUSE Tumbleweed:go1.24-1.24.12-1.1.ppc64le",
"openSUSE Tumbleweed:go1.24-1.24.12-1.1.s390x",
"openSUSE Tumbleweed:go1.24-1.24.12-1.1.x86_64",
"openSUSE Tumbleweed:go1.24-doc-1.24.12-1.1.aarch64",
"openSUSE Tumbleweed:go1.24-doc-1.24.12-1.1.ppc64le",
"openSUSE Tumbleweed:go1.24-doc-1.24.12-1.1.s390x",
"openSUSE Tumbleweed:go1.24-doc-1.24.12-1.1.x86_64",
"openSUSE Tumbleweed:go1.24-libstd-1.24.12-1.1.aarch64",
"openSUSE Tumbleweed:go1.24-libstd-1.24.12-1.1.ppc64le",
"openSUSE Tumbleweed:go1.24-libstd-1.24.12-1.1.s390x",
"openSUSE Tumbleweed:go1.24-libstd-1.24.12-1.1.x86_64",
"openSUSE Tumbleweed:go1.24-race-1.24.12-1.1.aarch64",
"openSUSE Tumbleweed:go1.24-race-1.24.12-1.1.ppc64le",
"openSUSE Tumbleweed:go1.24-race-1.24.12-1.1.s390x",
"openSUSE Tumbleweed:go1.24-race-1.24.12-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-61730",
"url": "https://www.suse.com/security/cve/CVE-2025-61730"
},
{
"category": "external",
"summary": "SUSE Bug 1256821 for CVE-2025-61730",
"url": "https://bugzilla.suse.com/1256821"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:go1.24-1.24.12-1.1.aarch64",
"openSUSE Tumbleweed:go1.24-1.24.12-1.1.ppc64le",
"openSUSE Tumbleweed:go1.24-1.24.12-1.1.s390x",
"openSUSE Tumbleweed:go1.24-1.24.12-1.1.x86_64",
"openSUSE Tumbleweed:go1.24-doc-1.24.12-1.1.aarch64",
"openSUSE Tumbleweed:go1.24-doc-1.24.12-1.1.ppc64le",
"openSUSE Tumbleweed:go1.24-doc-1.24.12-1.1.s390x",
"openSUSE Tumbleweed:go1.24-doc-1.24.12-1.1.x86_64",
"openSUSE Tumbleweed:go1.24-libstd-1.24.12-1.1.aarch64",
"openSUSE Tumbleweed:go1.24-libstd-1.24.12-1.1.ppc64le",
"openSUSE Tumbleweed:go1.24-libstd-1.24.12-1.1.s390x",
"openSUSE Tumbleweed:go1.24-libstd-1.24.12-1.1.x86_64",
"openSUSE Tumbleweed:go1.24-race-1.24.12-1.1.aarch64",
"openSUSE Tumbleweed:go1.24-race-1.24.12-1.1.ppc64le",
"openSUSE Tumbleweed:go1.24-race-1.24.12-1.1.s390x",
"openSUSE Tumbleweed:go1.24-race-1.24.12-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.1,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:go1.24-1.24.12-1.1.aarch64",
"openSUSE Tumbleweed:go1.24-1.24.12-1.1.ppc64le",
"openSUSE Tumbleweed:go1.24-1.24.12-1.1.s390x",
"openSUSE Tumbleweed:go1.24-1.24.12-1.1.x86_64",
"openSUSE Tumbleweed:go1.24-doc-1.24.12-1.1.aarch64",
"openSUSE Tumbleweed:go1.24-doc-1.24.12-1.1.ppc64le",
"openSUSE Tumbleweed:go1.24-doc-1.24.12-1.1.s390x",
"openSUSE Tumbleweed:go1.24-doc-1.24.12-1.1.x86_64",
"openSUSE Tumbleweed:go1.24-libstd-1.24.12-1.1.aarch64",
"openSUSE Tumbleweed:go1.24-libstd-1.24.12-1.1.ppc64le",
"openSUSE Tumbleweed:go1.24-libstd-1.24.12-1.1.s390x",
"openSUSE Tumbleweed:go1.24-libstd-1.24.12-1.1.x86_64",
"openSUSE Tumbleweed:go1.24-race-1.24.12-1.1.aarch64",
"openSUSE Tumbleweed:go1.24-race-1.24.12-1.1.ppc64le",
"openSUSE Tumbleweed:go1.24-race-1.24.12-1.1.s390x",
"openSUSE Tumbleweed:go1.24-race-1.24.12-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-18T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-61730"
},
{
"cve": "CVE-2025-61731",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-61731"
}
],
"notes": [
{
"category": "general",
"text": "unknown",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:go1.24-1.24.12-1.1.aarch64",
"openSUSE Tumbleweed:go1.24-1.24.12-1.1.ppc64le",
"openSUSE Tumbleweed:go1.24-1.24.12-1.1.s390x",
"openSUSE Tumbleweed:go1.24-1.24.12-1.1.x86_64",
"openSUSE Tumbleweed:go1.24-doc-1.24.12-1.1.aarch64",
"openSUSE Tumbleweed:go1.24-doc-1.24.12-1.1.ppc64le",
"openSUSE Tumbleweed:go1.24-doc-1.24.12-1.1.s390x",
"openSUSE Tumbleweed:go1.24-doc-1.24.12-1.1.x86_64",
"openSUSE Tumbleweed:go1.24-libstd-1.24.12-1.1.aarch64",
"openSUSE Tumbleweed:go1.24-libstd-1.24.12-1.1.ppc64le",
"openSUSE Tumbleweed:go1.24-libstd-1.24.12-1.1.s390x",
"openSUSE Tumbleweed:go1.24-libstd-1.24.12-1.1.x86_64",
"openSUSE Tumbleweed:go1.24-race-1.24.12-1.1.aarch64",
"openSUSE Tumbleweed:go1.24-race-1.24.12-1.1.ppc64le",
"openSUSE Tumbleweed:go1.24-race-1.24.12-1.1.s390x",
"openSUSE Tumbleweed:go1.24-race-1.24.12-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-61731",
"url": "https://www.suse.com/security/cve/CVE-2025-61731"
},
{
"category": "external",
"summary": "SUSE Bug 1256819 for CVE-2025-61731",
"url": "https://bugzilla.suse.com/1256819"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:go1.24-1.24.12-1.1.aarch64",
"openSUSE Tumbleweed:go1.24-1.24.12-1.1.ppc64le",
"openSUSE Tumbleweed:go1.24-1.24.12-1.1.s390x",
"openSUSE Tumbleweed:go1.24-1.24.12-1.1.x86_64",
"openSUSE Tumbleweed:go1.24-doc-1.24.12-1.1.aarch64",
"openSUSE Tumbleweed:go1.24-doc-1.24.12-1.1.ppc64le",
"openSUSE Tumbleweed:go1.24-doc-1.24.12-1.1.s390x",
"openSUSE Tumbleweed:go1.24-doc-1.24.12-1.1.x86_64",
"openSUSE Tumbleweed:go1.24-libstd-1.24.12-1.1.aarch64",
"openSUSE Tumbleweed:go1.24-libstd-1.24.12-1.1.ppc64le",
"openSUSE Tumbleweed:go1.24-libstd-1.24.12-1.1.s390x",
"openSUSE Tumbleweed:go1.24-libstd-1.24.12-1.1.x86_64",
"openSUSE Tumbleweed:go1.24-race-1.24.12-1.1.aarch64",
"openSUSE Tumbleweed:go1.24-race-1.24.12-1.1.ppc64le",
"openSUSE Tumbleweed:go1.24-race-1.24.12-1.1.s390x",
"openSUSE Tumbleweed:go1.24-race-1.24.12-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:go1.24-1.24.12-1.1.aarch64",
"openSUSE Tumbleweed:go1.24-1.24.12-1.1.ppc64le",
"openSUSE Tumbleweed:go1.24-1.24.12-1.1.s390x",
"openSUSE Tumbleweed:go1.24-1.24.12-1.1.x86_64",
"openSUSE Tumbleweed:go1.24-doc-1.24.12-1.1.aarch64",
"openSUSE Tumbleweed:go1.24-doc-1.24.12-1.1.ppc64le",
"openSUSE Tumbleweed:go1.24-doc-1.24.12-1.1.s390x",
"openSUSE Tumbleweed:go1.24-doc-1.24.12-1.1.x86_64",
"openSUSE Tumbleweed:go1.24-libstd-1.24.12-1.1.aarch64",
"openSUSE Tumbleweed:go1.24-libstd-1.24.12-1.1.ppc64le",
"openSUSE Tumbleweed:go1.24-libstd-1.24.12-1.1.s390x",
"openSUSE Tumbleweed:go1.24-libstd-1.24.12-1.1.x86_64",
"openSUSE Tumbleweed:go1.24-race-1.24.12-1.1.aarch64",
"openSUSE Tumbleweed:go1.24-race-1.24.12-1.1.ppc64le",
"openSUSE Tumbleweed:go1.24-race-1.24.12-1.1.s390x",
"openSUSE Tumbleweed:go1.24-race-1.24.12-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-18T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2025-61731"
},
{
"cve": "CVE-2025-68119",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68119"
}
],
"notes": [
{
"category": "general",
"text": "unknown",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:go1.24-1.24.12-1.1.aarch64",
"openSUSE Tumbleweed:go1.24-1.24.12-1.1.ppc64le",
"openSUSE Tumbleweed:go1.24-1.24.12-1.1.s390x",
"openSUSE Tumbleweed:go1.24-1.24.12-1.1.x86_64",
"openSUSE Tumbleweed:go1.24-doc-1.24.12-1.1.aarch64",
"openSUSE Tumbleweed:go1.24-doc-1.24.12-1.1.ppc64le",
"openSUSE Tumbleweed:go1.24-doc-1.24.12-1.1.s390x",
"openSUSE Tumbleweed:go1.24-doc-1.24.12-1.1.x86_64",
"openSUSE Tumbleweed:go1.24-libstd-1.24.12-1.1.aarch64",
"openSUSE Tumbleweed:go1.24-libstd-1.24.12-1.1.ppc64le",
"openSUSE Tumbleweed:go1.24-libstd-1.24.12-1.1.s390x",
"openSUSE Tumbleweed:go1.24-libstd-1.24.12-1.1.x86_64",
"openSUSE Tumbleweed:go1.24-race-1.24.12-1.1.aarch64",
"openSUSE Tumbleweed:go1.24-race-1.24.12-1.1.ppc64le",
"openSUSE Tumbleweed:go1.24-race-1.24.12-1.1.s390x",
"openSUSE Tumbleweed:go1.24-race-1.24.12-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68119",
"url": "https://www.suse.com/security/cve/CVE-2025-68119"
},
{
"category": "external",
"summary": "SUSE Bug 1256820 for CVE-2025-68119",
"url": "https://bugzilla.suse.com/1256820"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:go1.24-1.24.12-1.1.aarch64",
"openSUSE Tumbleweed:go1.24-1.24.12-1.1.ppc64le",
"openSUSE Tumbleweed:go1.24-1.24.12-1.1.s390x",
"openSUSE Tumbleweed:go1.24-1.24.12-1.1.x86_64",
"openSUSE Tumbleweed:go1.24-doc-1.24.12-1.1.aarch64",
"openSUSE Tumbleweed:go1.24-doc-1.24.12-1.1.ppc64le",
"openSUSE Tumbleweed:go1.24-doc-1.24.12-1.1.s390x",
"openSUSE Tumbleweed:go1.24-doc-1.24.12-1.1.x86_64",
"openSUSE Tumbleweed:go1.24-libstd-1.24.12-1.1.aarch64",
"openSUSE Tumbleweed:go1.24-libstd-1.24.12-1.1.ppc64le",
"openSUSE Tumbleweed:go1.24-libstd-1.24.12-1.1.s390x",
"openSUSE Tumbleweed:go1.24-libstd-1.24.12-1.1.x86_64",
"openSUSE Tumbleweed:go1.24-race-1.24.12-1.1.aarch64",
"openSUSE Tumbleweed:go1.24-race-1.24.12-1.1.ppc64le",
"openSUSE Tumbleweed:go1.24-race-1.24.12-1.1.s390x",
"openSUSE Tumbleweed:go1.24-race-1.24.12-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:go1.24-1.24.12-1.1.aarch64",
"openSUSE Tumbleweed:go1.24-1.24.12-1.1.ppc64le",
"openSUSE Tumbleweed:go1.24-1.24.12-1.1.s390x",
"openSUSE Tumbleweed:go1.24-1.24.12-1.1.x86_64",
"openSUSE Tumbleweed:go1.24-doc-1.24.12-1.1.aarch64",
"openSUSE Tumbleweed:go1.24-doc-1.24.12-1.1.ppc64le",
"openSUSE Tumbleweed:go1.24-doc-1.24.12-1.1.s390x",
"openSUSE Tumbleweed:go1.24-doc-1.24.12-1.1.x86_64",
"openSUSE Tumbleweed:go1.24-libstd-1.24.12-1.1.aarch64",
"openSUSE Tumbleweed:go1.24-libstd-1.24.12-1.1.ppc64le",
"openSUSE Tumbleweed:go1.24-libstd-1.24.12-1.1.s390x",
"openSUSE Tumbleweed:go1.24-libstd-1.24.12-1.1.x86_64",
"openSUSE Tumbleweed:go1.24-race-1.24.12-1.1.aarch64",
"openSUSE Tumbleweed:go1.24-race-1.24.12-1.1.ppc64le",
"openSUSE Tumbleweed:go1.24-race-1.24.12-1.1.s390x",
"openSUSE Tumbleweed:go1.24-race-1.24.12-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-18T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2025-68119"
},
{
"cve": "CVE-2025-68121",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68121"
}
],
"notes": [
{
"category": "general",
"text": "unknown",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:go1.24-1.24.12-1.1.aarch64",
"openSUSE Tumbleweed:go1.24-1.24.12-1.1.ppc64le",
"openSUSE Tumbleweed:go1.24-1.24.12-1.1.s390x",
"openSUSE Tumbleweed:go1.24-1.24.12-1.1.x86_64",
"openSUSE Tumbleweed:go1.24-doc-1.24.12-1.1.aarch64",
"openSUSE Tumbleweed:go1.24-doc-1.24.12-1.1.ppc64le",
"openSUSE Tumbleweed:go1.24-doc-1.24.12-1.1.s390x",
"openSUSE Tumbleweed:go1.24-doc-1.24.12-1.1.x86_64",
"openSUSE Tumbleweed:go1.24-libstd-1.24.12-1.1.aarch64",
"openSUSE Tumbleweed:go1.24-libstd-1.24.12-1.1.ppc64le",
"openSUSE Tumbleweed:go1.24-libstd-1.24.12-1.1.s390x",
"openSUSE Tumbleweed:go1.24-libstd-1.24.12-1.1.x86_64",
"openSUSE Tumbleweed:go1.24-race-1.24.12-1.1.aarch64",
"openSUSE Tumbleweed:go1.24-race-1.24.12-1.1.ppc64le",
"openSUSE Tumbleweed:go1.24-race-1.24.12-1.1.s390x",
"openSUSE Tumbleweed:go1.24-race-1.24.12-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68121",
"url": "https://www.suse.com/security/cve/CVE-2025-68121"
},
{
"category": "external",
"summary": "SUSE Bug 1256818 for CVE-2025-68121",
"url": "https://bugzilla.suse.com/1256818"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:go1.24-1.24.12-1.1.aarch64",
"openSUSE Tumbleweed:go1.24-1.24.12-1.1.ppc64le",
"openSUSE Tumbleweed:go1.24-1.24.12-1.1.s390x",
"openSUSE Tumbleweed:go1.24-1.24.12-1.1.x86_64",
"openSUSE Tumbleweed:go1.24-doc-1.24.12-1.1.aarch64",
"openSUSE Tumbleweed:go1.24-doc-1.24.12-1.1.ppc64le",
"openSUSE Tumbleweed:go1.24-doc-1.24.12-1.1.s390x",
"openSUSE Tumbleweed:go1.24-doc-1.24.12-1.1.x86_64",
"openSUSE Tumbleweed:go1.24-libstd-1.24.12-1.1.aarch64",
"openSUSE Tumbleweed:go1.24-libstd-1.24.12-1.1.ppc64le",
"openSUSE Tumbleweed:go1.24-libstd-1.24.12-1.1.s390x",
"openSUSE Tumbleweed:go1.24-libstd-1.24.12-1.1.x86_64",
"openSUSE Tumbleweed:go1.24-race-1.24.12-1.1.aarch64",
"openSUSE Tumbleweed:go1.24-race-1.24.12-1.1.ppc64le",
"openSUSE Tumbleweed:go1.24-race-1.24.12-1.1.s390x",
"openSUSE Tumbleweed:go1.24-race-1.24.12-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:go1.24-1.24.12-1.1.aarch64",
"openSUSE Tumbleweed:go1.24-1.24.12-1.1.ppc64le",
"openSUSE Tumbleweed:go1.24-1.24.12-1.1.s390x",
"openSUSE Tumbleweed:go1.24-1.24.12-1.1.x86_64",
"openSUSE Tumbleweed:go1.24-doc-1.24.12-1.1.aarch64",
"openSUSE Tumbleweed:go1.24-doc-1.24.12-1.1.ppc64le",
"openSUSE Tumbleweed:go1.24-doc-1.24.12-1.1.s390x",
"openSUSE Tumbleweed:go1.24-doc-1.24.12-1.1.x86_64",
"openSUSE Tumbleweed:go1.24-libstd-1.24.12-1.1.aarch64",
"openSUSE Tumbleweed:go1.24-libstd-1.24.12-1.1.ppc64le",
"openSUSE Tumbleweed:go1.24-libstd-1.24.12-1.1.s390x",
"openSUSE Tumbleweed:go1.24-libstd-1.24.12-1.1.x86_64",
"openSUSE Tumbleweed:go1.24-race-1.24.12-1.1.aarch64",
"openSUSE Tumbleweed:go1.24-race-1.24.12-1.1.ppc64le",
"openSUSE Tumbleweed:go1.24-race-1.24.12-1.1.s390x",
"openSUSE Tumbleweed:go1.24-race-1.24.12-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-18T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-68121"
}
]
}
OPENSUSE-SU-2026:10064-1
Vulnerability from csaf_opensuse - Published: 2026-01-18 00:00 - Updated: 2026-01-18 00:00Summary
go1.25-1.25.6-1.1 on GA media
Severity
Moderate
Notes
Title of the patch: go1.25-1.25.6-1.1 on GA media
Description of the patch: These are all security issues fixed in the go1.25-1.25.6-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2026-10064
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
6.5 (Medium)
Affected products
Recommended
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:go1.25-1.25.6-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.25-1.25.6-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.25-1.25.6-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.25-1.25.6-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.25-doc-1.25.6-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.25-doc-1.25.6-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.25-doc-1.25.6-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.25-doc-1.25.6-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.25-libstd-1.25.6-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.25-libstd-1.25.6-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.25-libstd-1.25.6-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.25-libstd-1.25.6-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.25-race-1.25.6-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.25-race-1.25.6-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.25-race-1.25.6-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.25-race-1.25.6-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.5 (Medium)
Affected products
Recommended
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:go1.25-1.25.6-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.25-1.25.6-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.25-1.25.6-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.25-1.25.6-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.25-doc-1.25.6-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.25-doc-1.25.6-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.25-doc-1.25.6-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.25-doc-1.25.6-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.25-libstd-1.25.6-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.25-libstd-1.25.6-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.25-libstd-1.25.6-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.25-libstd-1.25.6-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.25-race-1.25.6-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.25-race-1.25.6-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.25-race-1.25.6-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.25-race-1.25.6-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
Affected products
Recommended
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:go1.25-1.25.6-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.25-1.25.6-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.25-1.25.6-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.25-1.25.6-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.25-doc-1.25.6-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.25-doc-1.25.6-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.25-doc-1.25.6-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.25-doc-1.25.6-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.25-libstd-1.25.6-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.25-libstd-1.25.6-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.25-libstd-1.25.6-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.25-libstd-1.25.6-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.25-race-1.25.6-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.25-race-1.25.6-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.25-race-1.25.6-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.25-race-1.25.6-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
Affected products
Recommended
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:go1.25-1.25.6-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.25-1.25.6-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.25-1.25.6-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.25-1.25.6-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.25-doc-1.25.6-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.25-doc-1.25.6-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.25-doc-1.25.6-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.25-doc-1.25.6-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.25-libstd-1.25.6-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.25-libstd-1.25.6-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.25-libstd-1.25.6-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.25-libstd-1.25.6-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.25-race-1.25.6-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.25-race-1.25.6-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.25-race-1.25.6-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.25-race-1.25.6-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:go1.25-1.25.6-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.25-1.25.6-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.25-1.25.6-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.25-1.25.6-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.25-doc-1.25.6-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.25-doc-1.25.6-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.25-doc-1.25.6-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.25-doc-1.25.6-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.25-libstd-1.25.6-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.25-libstd-1.25.6-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.25-libstd-1.25.6-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.25-libstd-1.25.6-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.25-race-1.25.6-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.25-race-1.25.6-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.25-race-1.25.6-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.25-race-1.25.6-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.3 (Medium)
Affected products
Recommended
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:go1.25-1.25.6-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.25-1.25.6-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.25-1.25.6-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.25-1.25.6-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.25-doc-1.25.6-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.25-doc-1.25.6-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.25-doc-1.25.6-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.25-doc-1.25.6-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.25-libstd-1.25.6-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.25-libstd-1.25.6-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.25-libstd-1.25.6-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.25-libstd-1.25.6-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.25-race-1.25.6-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.25-race-1.25.6-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.25-race-1.25.6-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.25-race-1.25.6-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
20 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "go1.25-1.25.6-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the go1.25-1.25.6-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2026-10064",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2026_10064-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-61726 page",
"url": "https://www.suse.com/security/cve/CVE-2025-61726/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-61728 page",
"url": "https://www.suse.com/security/cve/CVE-2025-61728/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-61730 page",
"url": "https://www.suse.com/security/cve/CVE-2025-61730/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-61731 page",
"url": "https://www.suse.com/security/cve/CVE-2025-61731/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68119 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68119/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68121 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68121/"
}
],
"title": "go1.25-1.25.6-1.1 on GA media",
"tracking": {
"current_release_date": "2026-01-18T00:00:00Z",
"generator": {
"date": "2026-01-18T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2026:10064-1",
"initial_release_date": "2026-01-18T00:00:00Z",
"revision_history": [
{
"date": "2026-01-18T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "go1.25-1.25.6-1.1.aarch64",
"product": {
"name": "go1.25-1.25.6-1.1.aarch64",
"product_id": "go1.25-1.25.6-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "go1.25-doc-1.25.6-1.1.aarch64",
"product": {
"name": "go1.25-doc-1.25.6-1.1.aarch64",
"product_id": "go1.25-doc-1.25.6-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "go1.25-libstd-1.25.6-1.1.aarch64",
"product": {
"name": "go1.25-libstd-1.25.6-1.1.aarch64",
"product_id": "go1.25-libstd-1.25.6-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "go1.25-race-1.25.6-1.1.aarch64",
"product": {
"name": "go1.25-race-1.25.6-1.1.aarch64",
"product_id": "go1.25-race-1.25.6-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "go1.25-1.25.6-1.1.ppc64le",
"product": {
"name": "go1.25-1.25.6-1.1.ppc64le",
"product_id": "go1.25-1.25.6-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "go1.25-doc-1.25.6-1.1.ppc64le",
"product": {
"name": "go1.25-doc-1.25.6-1.1.ppc64le",
"product_id": "go1.25-doc-1.25.6-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "go1.25-libstd-1.25.6-1.1.ppc64le",
"product": {
"name": "go1.25-libstd-1.25.6-1.1.ppc64le",
"product_id": "go1.25-libstd-1.25.6-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "go1.25-race-1.25.6-1.1.ppc64le",
"product": {
"name": "go1.25-race-1.25.6-1.1.ppc64le",
"product_id": "go1.25-race-1.25.6-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "go1.25-1.25.6-1.1.s390x",
"product": {
"name": "go1.25-1.25.6-1.1.s390x",
"product_id": "go1.25-1.25.6-1.1.s390x"
}
},
{
"category": "product_version",
"name": "go1.25-doc-1.25.6-1.1.s390x",
"product": {
"name": "go1.25-doc-1.25.6-1.1.s390x",
"product_id": "go1.25-doc-1.25.6-1.1.s390x"
}
},
{
"category": "product_version",
"name": "go1.25-libstd-1.25.6-1.1.s390x",
"product": {
"name": "go1.25-libstd-1.25.6-1.1.s390x",
"product_id": "go1.25-libstd-1.25.6-1.1.s390x"
}
},
{
"category": "product_version",
"name": "go1.25-race-1.25.6-1.1.s390x",
"product": {
"name": "go1.25-race-1.25.6-1.1.s390x",
"product_id": "go1.25-race-1.25.6-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "go1.25-1.25.6-1.1.x86_64",
"product": {
"name": "go1.25-1.25.6-1.1.x86_64",
"product_id": "go1.25-1.25.6-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "go1.25-doc-1.25.6-1.1.x86_64",
"product": {
"name": "go1.25-doc-1.25.6-1.1.x86_64",
"product_id": "go1.25-doc-1.25.6-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "go1.25-libstd-1.25.6-1.1.x86_64",
"product": {
"name": "go1.25-libstd-1.25.6-1.1.x86_64",
"product_id": "go1.25-libstd-1.25.6-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "go1.25-race-1.25.6-1.1.x86_64",
"product": {
"name": "go1.25-race-1.25.6-1.1.x86_64",
"product_id": "go1.25-race-1.25.6-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.25-1.25.6-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.25-1.25.6-1.1.aarch64"
},
"product_reference": "go1.25-1.25.6-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.25-1.25.6-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.25-1.25.6-1.1.ppc64le"
},
"product_reference": "go1.25-1.25.6-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.25-1.25.6-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.25-1.25.6-1.1.s390x"
},
"product_reference": "go1.25-1.25.6-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.25-1.25.6-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.25-1.25.6-1.1.x86_64"
},
"product_reference": "go1.25-1.25.6-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.25-doc-1.25.6-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.25-doc-1.25.6-1.1.aarch64"
},
"product_reference": "go1.25-doc-1.25.6-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.25-doc-1.25.6-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.25-doc-1.25.6-1.1.ppc64le"
},
"product_reference": "go1.25-doc-1.25.6-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.25-doc-1.25.6-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.25-doc-1.25.6-1.1.s390x"
},
"product_reference": "go1.25-doc-1.25.6-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.25-doc-1.25.6-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.25-doc-1.25.6-1.1.x86_64"
},
"product_reference": "go1.25-doc-1.25.6-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.25-libstd-1.25.6-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.25-libstd-1.25.6-1.1.aarch64"
},
"product_reference": "go1.25-libstd-1.25.6-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.25-libstd-1.25.6-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.25-libstd-1.25.6-1.1.ppc64le"
},
"product_reference": "go1.25-libstd-1.25.6-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.25-libstd-1.25.6-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.25-libstd-1.25.6-1.1.s390x"
},
"product_reference": "go1.25-libstd-1.25.6-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.25-libstd-1.25.6-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.25-libstd-1.25.6-1.1.x86_64"
},
"product_reference": "go1.25-libstd-1.25.6-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.25-race-1.25.6-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.25-race-1.25.6-1.1.aarch64"
},
"product_reference": "go1.25-race-1.25.6-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.25-race-1.25.6-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.25-race-1.25.6-1.1.ppc64le"
},
"product_reference": "go1.25-race-1.25.6-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.25-race-1.25.6-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.25-race-1.25.6-1.1.s390x"
},
"product_reference": "go1.25-race-1.25.6-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.25-race-1.25.6-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.25-race-1.25.6-1.1.x86_64"
},
"product_reference": "go1.25-race-1.25.6-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-61726",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-61726"
}
],
"notes": [
{
"category": "general",
"text": "unknown",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:go1.25-1.25.6-1.1.aarch64",
"openSUSE Tumbleweed:go1.25-1.25.6-1.1.ppc64le",
"openSUSE Tumbleweed:go1.25-1.25.6-1.1.s390x",
"openSUSE Tumbleweed:go1.25-1.25.6-1.1.x86_64",
"openSUSE Tumbleweed:go1.25-doc-1.25.6-1.1.aarch64",
"openSUSE Tumbleweed:go1.25-doc-1.25.6-1.1.ppc64le",
"openSUSE Tumbleweed:go1.25-doc-1.25.6-1.1.s390x",
"openSUSE Tumbleweed:go1.25-doc-1.25.6-1.1.x86_64",
"openSUSE Tumbleweed:go1.25-libstd-1.25.6-1.1.aarch64",
"openSUSE Tumbleweed:go1.25-libstd-1.25.6-1.1.ppc64le",
"openSUSE Tumbleweed:go1.25-libstd-1.25.6-1.1.s390x",
"openSUSE Tumbleweed:go1.25-libstd-1.25.6-1.1.x86_64",
"openSUSE Tumbleweed:go1.25-race-1.25.6-1.1.aarch64",
"openSUSE Tumbleweed:go1.25-race-1.25.6-1.1.ppc64le",
"openSUSE Tumbleweed:go1.25-race-1.25.6-1.1.s390x",
"openSUSE Tumbleweed:go1.25-race-1.25.6-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-61726",
"url": "https://www.suse.com/security/cve/CVE-2025-61726"
},
{
"category": "external",
"summary": "SUSE Bug 1256817 for CVE-2025-61726",
"url": "https://bugzilla.suse.com/1256817"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:go1.25-1.25.6-1.1.aarch64",
"openSUSE Tumbleweed:go1.25-1.25.6-1.1.ppc64le",
"openSUSE Tumbleweed:go1.25-1.25.6-1.1.s390x",
"openSUSE Tumbleweed:go1.25-1.25.6-1.1.x86_64",
"openSUSE Tumbleweed:go1.25-doc-1.25.6-1.1.aarch64",
"openSUSE Tumbleweed:go1.25-doc-1.25.6-1.1.ppc64le",
"openSUSE Tumbleweed:go1.25-doc-1.25.6-1.1.s390x",
"openSUSE Tumbleweed:go1.25-doc-1.25.6-1.1.x86_64",
"openSUSE Tumbleweed:go1.25-libstd-1.25.6-1.1.aarch64",
"openSUSE Tumbleweed:go1.25-libstd-1.25.6-1.1.ppc64le",
"openSUSE Tumbleweed:go1.25-libstd-1.25.6-1.1.s390x",
"openSUSE Tumbleweed:go1.25-libstd-1.25.6-1.1.x86_64",
"openSUSE Tumbleweed:go1.25-race-1.25.6-1.1.aarch64",
"openSUSE Tumbleweed:go1.25-race-1.25.6-1.1.ppc64le",
"openSUSE Tumbleweed:go1.25-race-1.25.6-1.1.s390x",
"openSUSE Tumbleweed:go1.25-race-1.25.6-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:go1.25-1.25.6-1.1.aarch64",
"openSUSE Tumbleweed:go1.25-1.25.6-1.1.ppc64le",
"openSUSE Tumbleweed:go1.25-1.25.6-1.1.s390x",
"openSUSE Tumbleweed:go1.25-1.25.6-1.1.x86_64",
"openSUSE Tumbleweed:go1.25-doc-1.25.6-1.1.aarch64",
"openSUSE Tumbleweed:go1.25-doc-1.25.6-1.1.ppc64le",
"openSUSE Tumbleweed:go1.25-doc-1.25.6-1.1.s390x",
"openSUSE Tumbleweed:go1.25-doc-1.25.6-1.1.x86_64",
"openSUSE Tumbleweed:go1.25-libstd-1.25.6-1.1.aarch64",
"openSUSE Tumbleweed:go1.25-libstd-1.25.6-1.1.ppc64le",
"openSUSE Tumbleweed:go1.25-libstd-1.25.6-1.1.s390x",
"openSUSE Tumbleweed:go1.25-libstd-1.25.6-1.1.x86_64",
"openSUSE Tumbleweed:go1.25-race-1.25.6-1.1.aarch64",
"openSUSE Tumbleweed:go1.25-race-1.25.6-1.1.ppc64le",
"openSUSE Tumbleweed:go1.25-race-1.25.6-1.1.s390x",
"openSUSE Tumbleweed:go1.25-race-1.25.6-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-18T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-61726"
},
{
"cve": "CVE-2025-61728",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-61728"
}
],
"notes": [
{
"category": "general",
"text": "unknown",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:go1.25-1.25.6-1.1.aarch64",
"openSUSE Tumbleweed:go1.25-1.25.6-1.1.ppc64le",
"openSUSE Tumbleweed:go1.25-1.25.6-1.1.s390x",
"openSUSE Tumbleweed:go1.25-1.25.6-1.1.x86_64",
"openSUSE Tumbleweed:go1.25-doc-1.25.6-1.1.aarch64",
"openSUSE Tumbleweed:go1.25-doc-1.25.6-1.1.ppc64le",
"openSUSE Tumbleweed:go1.25-doc-1.25.6-1.1.s390x",
"openSUSE Tumbleweed:go1.25-doc-1.25.6-1.1.x86_64",
"openSUSE Tumbleweed:go1.25-libstd-1.25.6-1.1.aarch64",
"openSUSE Tumbleweed:go1.25-libstd-1.25.6-1.1.ppc64le",
"openSUSE Tumbleweed:go1.25-libstd-1.25.6-1.1.s390x",
"openSUSE Tumbleweed:go1.25-libstd-1.25.6-1.1.x86_64",
"openSUSE Tumbleweed:go1.25-race-1.25.6-1.1.aarch64",
"openSUSE Tumbleweed:go1.25-race-1.25.6-1.1.ppc64le",
"openSUSE Tumbleweed:go1.25-race-1.25.6-1.1.s390x",
"openSUSE Tumbleweed:go1.25-race-1.25.6-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-61728",
"url": "https://www.suse.com/security/cve/CVE-2025-61728"
},
{
"category": "external",
"summary": "SUSE Bug 1256816 for CVE-2025-61728",
"url": "https://bugzilla.suse.com/1256816"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:go1.25-1.25.6-1.1.aarch64",
"openSUSE Tumbleweed:go1.25-1.25.6-1.1.ppc64le",
"openSUSE Tumbleweed:go1.25-1.25.6-1.1.s390x",
"openSUSE Tumbleweed:go1.25-1.25.6-1.1.x86_64",
"openSUSE Tumbleweed:go1.25-doc-1.25.6-1.1.aarch64",
"openSUSE Tumbleweed:go1.25-doc-1.25.6-1.1.ppc64le",
"openSUSE Tumbleweed:go1.25-doc-1.25.6-1.1.s390x",
"openSUSE Tumbleweed:go1.25-doc-1.25.6-1.1.x86_64",
"openSUSE Tumbleweed:go1.25-libstd-1.25.6-1.1.aarch64",
"openSUSE Tumbleweed:go1.25-libstd-1.25.6-1.1.ppc64le",
"openSUSE Tumbleweed:go1.25-libstd-1.25.6-1.1.s390x",
"openSUSE Tumbleweed:go1.25-libstd-1.25.6-1.1.x86_64",
"openSUSE Tumbleweed:go1.25-race-1.25.6-1.1.aarch64",
"openSUSE Tumbleweed:go1.25-race-1.25.6-1.1.ppc64le",
"openSUSE Tumbleweed:go1.25-race-1.25.6-1.1.s390x",
"openSUSE Tumbleweed:go1.25-race-1.25.6-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:go1.25-1.25.6-1.1.aarch64",
"openSUSE Tumbleweed:go1.25-1.25.6-1.1.ppc64le",
"openSUSE Tumbleweed:go1.25-1.25.6-1.1.s390x",
"openSUSE Tumbleweed:go1.25-1.25.6-1.1.x86_64",
"openSUSE Tumbleweed:go1.25-doc-1.25.6-1.1.aarch64",
"openSUSE Tumbleweed:go1.25-doc-1.25.6-1.1.ppc64le",
"openSUSE Tumbleweed:go1.25-doc-1.25.6-1.1.s390x",
"openSUSE Tumbleweed:go1.25-doc-1.25.6-1.1.x86_64",
"openSUSE Tumbleweed:go1.25-libstd-1.25.6-1.1.aarch64",
"openSUSE Tumbleweed:go1.25-libstd-1.25.6-1.1.ppc64le",
"openSUSE Tumbleweed:go1.25-libstd-1.25.6-1.1.s390x",
"openSUSE Tumbleweed:go1.25-libstd-1.25.6-1.1.x86_64",
"openSUSE Tumbleweed:go1.25-race-1.25.6-1.1.aarch64",
"openSUSE Tumbleweed:go1.25-race-1.25.6-1.1.ppc64le",
"openSUSE Tumbleweed:go1.25-race-1.25.6-1.1.s390x",
"openSUSE Tumbleweed:go1.25-race-1.25.6-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-18T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-61728"
},
{
"cve": "CVE-2025-61730",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-61730"
}
],
"notes": [
{
"category": "general",
"text": "unknown",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:go1.25-1.25.6-1.1.aarch64",
"openSUSE Tumbleweed:go1.25-1.25.6-1.1.ppc64le",
"openSUSE Tumbleweed:go1.25-1.25.6-1.1.s390x",
"openSUSE Tumbleweed:go1.25-1.25.6-1.1.x86_64",
"openSUSE Tumbleweed:go1.25-doc-1.25.6-1.1.aarch64",
"openSUSE Tumbleweed:go1.25-doc-1.25.6-1.1.ppc64le",
"openSUSE Tumbleweed:go1.25-doc-1.25.6-1.1.s390x",
"openSUSE Tumbleweed:go1.25-doc-1.25.6-1.1.x86_64",
"openSUSE Tumbleweed:go1.25-libstd-1.25.6-1.1.aarch64",
"openSUSE Tumbleweed:go1.25-libstd-1.25.6-1.1.ppc64le",
"openSUSE Tumbleweed:go1.25-libstd-1.25.6-1.1.s390x",
"openSUSE Tumbleweed:go1.25-libstd-1.25.6-1.1.x86_64",
"openSUSE Tumbleweed:go1.25-race-1.25.6-1.1.aarch64",
"openSUSE Tumbleweed:go1.25-race-1.25.6-1.1.ppc64le",
"openSUSE Tumbleweed:go1.25-race-1.25.6-1.1.s390x",
"openSUSE Tumbleweed:go1.25-race-1.25.6-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-61730",
"url": "https://www.suse.com/security/cve/CVE-2025-61730"
},
{
"category": "external",
"summary": "SUSE Bug 1256821 for CVE-2025-61730",
"url": "https://bugzilla.suse.com/1256821"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:go1.25-1.25.6-1.1.aarch64",
"openSUSE Tumbleweed:go1.25-1.25.6-1.1.ppc64le",
"openSUSE Tumbleweed:go1.25-1.25.6-1.1.s390x",
"openSUSE Tumbleweed:go1.25-1.25.6-1.1.x86_64",
"openSUSE Tumbleweed:go1.25-doc-1.25.6-1.1.aarch64",
"openSUSE Tumbleweed:go1.25-doc-1.25.6-1.1.ppc64le",
"openSUSE Tumbleweed:go1.25-doc-1.25.6-1.1.s390x",
"openSUSE Tumbleweed:go1.25-doc-1.25.6-1.1.x86_64",
"openSUSE Tumbleweed:go1.25-libstd-1.25.6-1.1.aarch64",
"openSUSE Tumbleweed:go1.25-libstd-1.25.6-1.1.ppc64le",
"openSUSE Tumbleweed:go1.25-libstd-1.25.6-1.1.s390x",
"openSUSE Tumbleweed:go1.25-libstd-1.25.6-1.1.x86_64",
"openSUSE Tumbleweed:go1.25-race-1.25.6-1.1.aarch64",
"openSUSE Tumbleweed:go1.25-race-1.25.6-1.1.ppc64le",
"openSUSE Tumbleweed:go1.25-race-1.25.6-1.1.s390x",
"openSUSE Tumbleweed:go1.25-race-1.25.6-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.1,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:go1.25-1.25.6-1.1.aarch64",
"openSUSE Tumbleweed:go1.25-1.25.6-1.1.ppc64le",
"openSUSE Tumbleweed:go1.25-1.25.6-1.1.s390x",
"openSUSE Tumbleweed:go1.25-1.25.6-1.1.x86_64",
"openSUSE Tumbleweed:go1.25-doc-1.25.6-1.1.aarch64",
"openSUSE Tumbleweed:go1.25-doc-1.25.6-1.1.ppc64le",
"openSUSE Tumbleweed:go1.25-doc-1.25.6-1.1.s390x",
"openSUSE Tumbleweed:go1.25-doc-1.25.6-1.1.x86_64",
"openSUSE Tumbleweed:go1.25-libstd-1.25.6-1.1.aarch64",
"openSUSE Tumbleweed:go1.25-libstd-1.25.6-1.1.ppc64le",
"openSUSE Tumbleweed:go1.25-libstd-1.25.6-1.1.s390x",
"openSUSE Tumbleweed:go1.25-libstd-1.25.6-1.1.x86_64",
"openSUSE Tumbleweed:go1.25-race-1.25.6-1.1.aarch64",
"openSUSE Tumbleweed:go1.25-race-1.25.6-1.1.ppc64le",
"openSUSE Tumbleweed:go1.25-race-1.25.6-1.1.s390x",
"openSUSE Tumbleweed:go1.25-race-1.25.6-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-18T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-61730"
},
{
"cve": "CVE-2025-61731",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-61731"
}
],
"notes": [
{
"category": "general",
"text": "unknown",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:go1.25-1.25.6-1.1.aarch64",
"openSUSE Tumbleweed:go1.25-1.25.6-1.1.ppc64le",
"openSUSE Tumbleweed:go1.25-1.25.6-1.1.s390x",
"openSUSE Tumbleweed:go1.25-1.25.6-1.1.x86_64",
"openSUSE Tumbleweed:go1.25-doc-1.25.6-1.1.aarch64",
"openSUSE Tumbleweed:go1.25-doc-1.25.6-1.1.ppc64le",
"openSUSE Tumbleweed:go1.25-doc-1.25.6-1.1.s390x",
"openSUSE Tumbleweed:go1.25-doc-1.25.6-1.1.x86_64",
"openSUSE Tumbleweed:go1.25-libstd-1.25.6-1.1.aarch64",
"openSUSE Tumbleweed:go1.25-libstd-1.25.6-1.1.ppc64le",
"openSUSE Tumbleweed:go1.25-libstd-1.25.6-1.1.s390x",
"openSUSE Tumbleweed:go1.25-libstd-1.25.6-1.1.x86_64",
"openSUSE Tumbleweed:go1.25-race-1.25.6-1.1.aarch64",
"openSUSE Tumbleweed:go1.25-race-1.25.6-1.1.ppc64le",
"openSUSE Tumbleweed:go1.25-race-1.25.6-1.1.s390x",
"openSUSE Tumbleweed:go1.25-race-1.25.6-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-61731",
"url": "https://www.suse.com/security/cve/CVE-2025-61731"
},
{
"category": "external",
"summary": "SUSE Bug 1256819 for CVE-2025-61731",
"url": "https://bugzilla.suse.com/1256819"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:go1.25-1.25.6-1.1.aarch64",
"openSUSE Tumbleweed:go1.25-1.25.6-1.1.ppc64le",
"openSUSE Tumbleweed:go1.25-1.25.6-1.1.s390x",
"openSUSE Tumbleweed:go1.25-1.25.6-1.1.x86_64",
"openSUSE Tumbleweed:go1.25-doc-1.25.6-1.1.aarch64",
"openSUSE Tumbleweed:go1.25-doc-1.25.6-1.1.ppc64le",
"openSUSE Tumbleweed:go1.25-doc-1.25.6-1.1.s390x",
"openSUSE Tumbleweed:go1.25-doc-1.25.6-1.1.x86_64",
"openSUSE Tumbleweed:go1.25-libstd-1.25.6-1.1.aarch64",
"openSUSE Tumbleweed:go1.25-libstd-1.25.6-1.1.ppc64le",
"openSUSE Tumbleweed:go1.25-libstd-1.25.6-1.1.s390x",
"openSUSE Tumbleweed:go1.25-libstd-1.25.6-1.1.x86_64",
"openSUSE Tumbleweed:go1.25-race-1.25.6-1.1.aarch64",
"openSUSE Tumbleweed:go1.25-race-1.25.6-1.1.ppc64le",
"openSUSE Tumbleweed:go1.25-race-1.25.6-1.1.s390x",
"openSUSE Tumbleweed:go1.25-race-1.25.6-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:go1.25-1.25.6-1.1.aarch64",
"openSUSE Tumbleweed:go1.25-1.25.6-1.1.ppc64le",
"openSUSE Tumbleweed:go1.25-1.25.6-1.1.s390x",
"openSUSE Tumbleweed:go1.25-1.25.6-1.1.x86_64",
"openSUSE Tumbleweed:go1.25-doc-1.25.6-1.1.aarch64",
"openSUSE Tumbleweed:go1.25-doc-1.25.6-1.1.ppc64le",
"openSUSE Tumbleweed:go1.25-doc-1.25.6-1.1.s390x",
"openSUSE Tumbleweed:go1.25-doc-1.25.6-1.1.x86_64",
"openSUSE Tumbleweed:go1.25-libstd-1.25.6-1.1.aarch64",
"openSUSE Tumbleweed:go1.25-libstd-1.25.6-1.1.ppc64le",
"openSUSE Tumbleweed:go1.25-libstd-1.25.6-1.1.s390x",
"openSUSE Tumbleweed:go1.25-libstd-1.25.6-1.1.x86_64",
"openSUSE Tumbleweed:go1.25-race-1.25.6-1.1.aarch64",
"openSUSE Tumbleweed:go1.25-race-1.25.6-1.1.ppc64le",
"openSUSE Tumbleweed:go1.25-race-1.25.6-1.1.s390x",
"openSUSE Tumbleweed:go1.25-race-1.25.6-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-18T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2025-61731"
},
{
"cve": "CVE-2025-68119",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68119"
}
],
"notes": [
{
"category": "general",
"text": "unknown",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:go1.25-1.25.6-1.1.aarch64",
"openSUSE Tumbleweed:go1.25-1.25.6-1.1.ppc64le",
"openSUSE Tumbleweed:go1.25-1.25.6-1.1.s390x",
"openSUSE Tumbleweed:go1.25-1.25.6-1.1.x86_64",
"openSUSE Tumbleweed:go1.25-doc-1.25.6-1.1.aarch64",
"openSUSE Tumbleweed:go1.25-doc-1.25.6-1.1.ppc64le",
"openSUSE Tumbleweed:go1.25-doc-1.25.6-1.1.s390x",
"openSUSE Tumbleweed:go1.25-doc-1.25.6-1.1.x86_64",
"openSUSE Tumbleweed:go1.25-libstd-1.25.6-1.1.aarch64",
"openSUSE Tumbleweed:go1.25-libstd-1.25.6-1.1.ppc64le",
"openSUSE Tumbleweed:go1.25-libstd-1.25.6-1.1.s390x",
"openSUSE Tumbleweed:go1.25-libstd-1.25.6-1.1.x86_64",
"openSUSE Tumbleweed:go1.25-race-1.25.6-1.1.aarch64",
"openSUSE Tumbleweed:go1.25-race-1.25.6-1.1.ppc64le",
"openSUSE Tumbleweed:go1.25-race-1.25.6-1.1.s390x",
"openSUSE Tumbleweed:go1.25-race-1.25.6-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68119",
"url": "https://www.suse.com/security/cve/CVE-2025-68119"
},
{
"category": "external",
"summary": "SUSE Bug 1256820 for CVE-2025-68119",
"url": "https://bugzilla.suse.com/1256820"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:go1.25-1.25.6-1.1.aarch64",
"openSUSE Tumbleweed:go1.25-1.25.6-1.1.ppc64le",
"openSUSE Tumbleweed:go1.25-1.25.6-1.1.s390x",
"openSUSE Tumbleweed:go1.25-1.25.6-1.1.x86_64",
"openSUSE Tumbleweed:go1.25-doc-1.25.6-1.1.aarch64",
"openSUSE Tumbleweed:go1.25-doc-1.25.6-1.1.ppc64le",
"openSUSE Tumbleweed:go1.25-doc-1.25.6-1.1.s390x",
"openSUSE Tumbleweed:go1.25-doc-1.25.6-1.1.x86_64",
"openSUSE Tumbleweed:go1.25-libstd-1.25.6-1.1.aarch64",
"openSUSE Tumbleweed:go1.25-libstd-1.25.6-1.1.ppc64le",
"openSUSE Tumbleweed:go1.25-libstd-1.25.6-1.1.s390x",
"openSUSE Tumbleweed:go1.25-libstd-1.25.6-1.1.x86_64",
"openSUSE Tumbleweed:go1.25-race-1.25.6-1.1.aarch64",
"openSUSE Tumbleweed:go1.25-race-1.25.6-1.1.ppc64le",
"openSUSE Tumbleweed:go1.25-race-1.25.6-1.1.s390x",
"openSUSE Tumbleweed:go1.25-race-1.25.6-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:go1.25-1.25.6-1.1.aarch64",
"openSUSE Tumbleweed:go1.25-1.25.6-1.1.ppc64le",
"openSUSE Tumbleweed:go1.25-1.25.6-1.1.s390x",
"openSUSE Tumbleweed:go1.25-1.25.6-1.1.x86_64",
"openSUSE Tumbleweed:go1.25-doc-1.25.6-1.1.aarch64",
"openSUSE Tumbleweed:go1.25-doc-1.25.6-1.1.ppc64le",
"openSUSE Tumbleweed:go1.25-doc-1.25.6-1.1.s390x",
"openSUSE Tumbleweed:go1.25-doc-1.25.6-1.1.x86_64",
"openSUSE Tumbleweed:go1.25-libstd-1.25.6-1.1.aarch64",
"openSUSE Tumbleweed:go1.25-libstd-1.25.6-1.1.ppc64le",
"openSUSE Tumbleweed:go1.25-libstd-1.25.6-1.1.s390x",
"openSUSE Tumbleweed:go1.25-libstd-1.25.6-1.1.x86_64",
"openSUSE Tumbleweed:go1.25-race-1.25.6-1.1.aarch64",
"openSUSE Tumbleweed:go1.25-race-1.25.6-1.1.ppc64le",
"openSUSE Tumbleweed:go1.25-race-1.25.6-1.1.s390x",
"openSUSE Tumbleweed:go1.25-race-1.25.6-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-18T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2025-68119"
},
{
"cve": "CVE-2025-68121",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68121"
}
],
"notes": [
{
"category": "general",
"text": "unknown",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:go1.25-1.25.6-1.1.aarch64",
"openSUSE Tumbleweed:go1.25-1.25.6-1.1.ppc64le",
"openSUSE Tumbleweed:go1.25-1.25.6-1.1.s390x",
"openSUSE Tumbleweed:go1.25-1.25.6-1.1.x86_64",
"openSUSE Tumbleweed:go1.25-doc-1.25.6-1.1.aarch64",
"openSUSE Tumbleweed:go1.25-doc-1.25.6-1.1.ppc64le",
"openSUSE Tumbleweed:go1.25-doc-1.25.6-1.1.s390x",
"openSUSE Tumbleweed:go1.25-doc-1.25.6-1.1.x86_64",
"openSUSE Tumbleweed:go1.25-libstd-1.25.6-1.1.aarch64",
"openSUSE Tumbleweed:go1.25-libstd-1.25.6-1.1.ppc64le",
"openSUSE Tumbleweed:go1.25-libstd-1.25.6-1.1.s390x",
"openSUSE Tumbleweed:go1.25-libstd-1.25.6-1.1.x86_64",
"openSUSE Tumbleweed:go1.25-race-1.25.6-1.1.aarch64",
"openSUSE Tumbleweed:go1.25-race-1.25.6-1.1.ppc64le",
"openSUSE Tumbleweed:go1.25-race-1.25.6-1.1.s390x",
"openSUSE Tumbleweed:go1.25-race-1.25.6-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68121",
"url": "https://www.suse.com/security/cve/CVE-2025-68121"
},
{
"category": "external",
"summary": "SUSE Bug 1256818 for CVE-2025-68121",
"url": "https://bugzilla.suse.com/1256818"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:go1.25-1.25.6-1.1.aarch64",
"openSUSE Tumbleweed:go1.25-1.25.6-1.1.ppc64le",
"openSUSE Tumbleweed:go1.25-1.25.6-1.1.s390x",
"openSUSE Tumbleweed:go1.25-1.25.6-1.1.x86_64",
"openSUSE Tumbleweed:go1.25-doc-1.25.6-1.1.aarch64",
"openSUSE Tumbleweed:go1.25-doc-1.25.6-1.1.ppc64le",
"openSUSE Tumbleweed:go1.25-doc-1.25.6-1.1.s390x",
"openSUSE Tumbleweed:go1.25-doc-1.25.6-1.1.x86_64",
"openSUSE Tumbleweed:go1.25-libstd-1.25.6-1.1.aarch64",
"openSUSE Tumbleweed:go1.25-libstd-1.25.6-1.1.ppc64le",
"openSUSE Tumbleweed:go1.25-libstd-1.25.6-1.1.s390x",
"openSUSE Tumbleweed:go1.25-libstd-1.25.6-1.1.x86_64",
"openSUSE Tumbleweed:go1.25-race-1.25.6-1.1.aarch64",
"openSUSE Tumbleweed:go1.25-race-1.25.6-1.1.ppc64le",
"openSUSE Tumbleweed:go1.25-race-1.25.6-1.1.s390x",
"openSUSE Tumbleweed:go1.25-race-1.25.6-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:go1.25-1.25.6-1.1.aarch64",
"openSUSE Tumbleweed:go1.25-1.25.6-1.1.ppc64le",
"openSUSE Tumbleweed:go1.25-1.25.6-1.1.s390x",
"openSUSE Tumbleweed:go1.25-1.25.6-1.1.x86_64",
"openSUSE Tumbleweed:go1.25-doc-1.25.6-1.1.aarch64",
"openSUSE Tumbleweed:go1.25-doc-1.25.6-1.1.ppc64le",
"openSUSE Tumbleweed:go1.25-doc-1.25.6-1.1.s390x",
"openSUSE Tumbleweed:go1.25-doc-1.25.6-1.1.x86_64",
"openSUSE Tumbleweed:go1.25-libstd-1.25.6-1.1.aarch64",
"openSUSE Tumbleweed:go1.25-libstd-1.25.6-1.1.ppc64le",
"openSUSE Tumbleweed:go1.25-libstd-1.25.6-1.1.s390x",
"openSUSE Tumbleweed:go1.25-libstd-1.25.6-1.1.x86_64",
"openSUSE Tumbleweed:go1.25-race-1.25.6-1.1.aarch64",
"openSUSE Tumbleweed:go1.25-race-1.25.6-1.1.ppc64le",
"openSUSE Tumbleweed:go1.25-race-1.25.6-1.1.s390x",
"openSUSE Tumbleweed:go1.25-race-1.25.6-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-18T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-68121"
}
]
}
OPENSUSE-SU-2026:20077-1
Vulnerability from csaf_opensuse - Published: 2026-01-22 12:53 - Updated: 2026-01-22 12:53Summary
Security update for go1.24
Severity
Important
Notes
Title of the patch: Security update for go1.24
Description of the patch: This update for go1.24 fixes the following issues:
Update to go1.24.12 (released 2026-01-15) (bsc#1236217)
Security fixes:
- CVE-2025-61730: crypto/tls: handshake messages may be processed at the incorrect encryption level (bsc#1256821).
- CVE-2025-68119: cmd/go: unexpected code execution when invoking toolchain (bsc#1256820).
- CVE-2025-61731: cmd/go: bypass of flag sanitization can lead to arbitrary code execution (bsc#1256819).
- CVE-2025-61726: net/http: memory exhaustion in Request.ParseForm (bsc#1256817).
- CVE-2025-61728: archive/zip: denial of service when parsing arbitrary ZIP archives (bsc#1256816).
- CVE-2025-68121: crypto/tls: Config.Clone copies automatically generated session ticket keys, session resumption does not account for the expiration of full certificate chain (bsc#1256818).
Other fixes:
* go#76408 crypto/tls: earlyTrafficSecret should use ClientHelloInner if ECH enabled
* go#76624 os: on Unix, Readdirnames skips directory entries with zero inodes
* go#76760 runtime: stack split at bad time in os/signal with Go 1.25.4 windows 386
* go#76796 runtime: race detector crash on ppc64le
* go#76966 cmd/compile/internal/ssa: Compile.func1(): panic during sccp while compiling <function>: runtime error: index out of range
Patchnames: openSUSE-Leap-16.0-166
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
6.5 (Medium)
Affected products
Recommended
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:go1.24-1.24.12-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-1.24.12-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-1.24.12-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-1.24.12-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-doc-1.24.12-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-doc-1.24.12-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-doc-1.24.12-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-doc-1.24.12-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-libstd-1.24.12-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-libstd-1.24.12-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-race-1.24.12-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-race-1.24.12-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-race-1.24.12-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-race-1.24.12-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.5 (Medium)
Affected products
Recommended
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:go1.24-1.24.12-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-1.24.12-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-1.24.12-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-1.24.12-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-doc-1.24.12-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-doc-1.24.12-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-doc-1.24.12-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-doc-1.24.12-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-libstd-1.24.12-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-libstd-1.24.12-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-race-1.24.12-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-race-1.24.12-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-race-1.24.12-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-race-1.24.12-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
Affected products
Recommended
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:go1.24-1.24.12-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-1.24.12-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-1.24.12-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-1.24.12-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-doc-1.24.12-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-doc-1.24.12-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-doc-1.24.12-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-doc-1.24.12-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-libstd-1.24.12-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-libstd-1.24.12-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-race-1.24.12-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-race-1.24.12-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-race-1.24.12-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-race-1.24.12-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
Affected products
Recommended
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:go1.24-1.24.12-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-1.24.12-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-1.24.12-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-1.24.12-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-doc-1.24.12-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-doc-1.24.12-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-doc-1.24.12-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-doc-1.24.12-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-libstd-1.24.12-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-libstd-1.24.12-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-race-1.24.12-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-race-1.24.12-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-race-1.24.12-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-race-1.24.12-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:go1.24-1.24.12-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-1.24.12-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-1.24.12-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-1.24.12-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-doc-1.24.12-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-doc-1.24.12-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-doc-1.24.12-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-doc-1.24.12-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-libstd-1.24.12-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-libstd-1.24.12-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-race-1.24.12-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-race-1.24.12-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-race-1.24.12-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-race-1.24.12-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.4 (High)
Affected products
Recommended
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:go1.24-1.24.12-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-1.24.12-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-1.24.12-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-1.24.12-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-doc-1.24.12-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-doc-1.24.12-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-doc-1.24.12-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-doc-1.24.12-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-libstd-1.24.12-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-libstd-1.24.12-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-race-1.24.12-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-race-1.24.12-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-race-1.24.12-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-race-1.24.12-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
27 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for go1.24",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for go1.24 fixes the following issues:\n\nUpdate to go1.24.12 (released 2026-01-15) (bsc#1236217)\n\nSecurity fixes:\n\n - CVE-2025-61730: crypto/tls: handshake messages may be processed at the incorrect encryption level (bsc#1256821).\n - CVE-2025-68119: cmd/go: unexpected code execution when invoking toolchain (bsc#1256820).\n - CVE-2025-61731: cmd/go: bypass of flag sanitization can lead to arbitrary code execution (bsc#1256819).\n - CVE-2025-61726: net/http: memory exhaustion in Request.ParseForm (bsc#1256817).\n - CVE-2025-61728: archive/zip: denial of service when parsing arbitrary ZIP archives (bsc#1256816).\n - CVE-2025-68121: crypto/tls: Config.Clone copies automatically generated session ticket keys, session resumption does not account for the expiration of full certificate chain (bsc#1256818).\n\nOther fixes:\n\n * go#76408 crypto/tls: earlyTrafficSecret should use ClientHelloInner if ECH enabled\n * go#76624 os: on Unix, Readdirnames skips directory entries with zero inodes\n * go#76760 runtime: stack split at bad time in os/signal with Go 1.25.4 windows 386\n * go#76796 runtime: race detector crash on ppc64le\n * go#76966 cmd/compile/internal/ssa: Compile.func1(): panic during sccp while compiling \u0026lt;function\u0026gt;: runtime error: index out of range\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Leap-16.0-166",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2026_20077-1.json"
},
{
"category": "self",
"summary": "SUSE Bug 1236217",
"url": "https://bugzilla.suse.com/1236217"
},
{
"category": "self",
"summary": "SUSE Bug 1256816",
"url": "https://bugzilla.suse.com/1256816"
},
{
"category": "self",
"summary": "SUSE Bug 1256817",
"url": "https://bugzilla.suse.com/1256817"
},
{
"category": "self",
"summary": "SUSE Bug 1256818",
"url": "https://bugzilla.suse.com/1256818"
},
{
"category": "self",
"summary": "SUSE Bug 1256819",
"url": "https://bugzilla.suse.com/1256819"
},
{
"category": "self",
"summary": "SUSE Bug 1256820",
"url": "https://bugzilla.suse.com/1256820"
},
{
"category": "self",
"summary": "SUSE Bug 1256821",
"url": "https://bugzilla.suse.com/1256821"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-61726 page",
"url": "https://www.suse.com/security/cve/CVE-2025-61726/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-61728 page",
"url": "https://www.suse.com/security/cve/CVE-2025-61728/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-61730 page",
"url": "https://www.suse.com/security/cve/CVE-2025-61730/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-61731 page",
"url": "https://www.suse.com/security/cve/CVE-2025-61731/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68119 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68119/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68121 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68121/"
}
],
"title": "Security update for go1.24",
"tracking": {
"current_release_date": "2026-01-22T12:53:33Z",
"generator": {
"date": "2026-01-22T12:53:33Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2026:20077-1",
"initial_release_date": "2026-01-22T12:53:33Z",
"revision_history": [
{
"date": "2026-01-22T12:53:33Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "go1.24-1.24.12-160000.1.1.aarch64",
"product": {
"name": "go1.24-1.24.12-160000.1.1.aarch64",
"product_id": "go1.24-1.24.12-160000.1.1.aarch64"
}
},
{
"category": "product_version",
"name": "go1.24-doc-1.24.12-160000.1.1.aarch64",
"product": {
"name": "go1.24-doc-1.24.12-160000.1.1.aarch64",
"product_id": "go1.24-doc-1.24.12-160000.1.1.aarch64"
}
},
{
"category": "product_version",
"name": "go1.24-libstd-1.24.12-160000.1.1.aarch64",
"product": {
"name": "go1.24-libstd-1.24.12-160000.1.1.aarch64",
"product_id": "go1.24-libstd-1.24.12-160000.1.1.aarch64"
}
},
{
"category": "product_version",
"name": "go1.24-race-1.24.12-160000.1.1.aarch64",
"product": {
"name": "go1.24-race-1.24.12-160000.1.1.aarch64",
"product_id": "go1.24-race-1.24.12-160000.1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "go1.24-1.24.12-160000.1.1.ppc64le",
"product": {
"name": "go1.24-1.24.12-160000.1.1.ppc64le",
"product_id": "go1.24-1.24.12-160000.1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "go1.24-doc-1.24.12-160000.1.1.ppc64le",
"product": {
"name": "go1.24-doc-1.24.12-160000.1.1.ppc64le",
"product_id": "go1.24-doc-1.24.12-160000.1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "go1.24-race-1.24.12-160000.1.1.ppc64le",
"product": {
"name": "go1.24-race-1.24.12-160000.1.1.ppc64le",
"product_id": "go1.24-race-1.24.12-160000.1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "go1.24-1.24.12-160000.1.1.s390x",
"product": {
"name": "go1.24-1.24.12-160000.1.1.s390x",
"product_id": "go1.24-1.24.12-160000.1.1.s390x"
}
},
{
"category": "product_version",
"name": "go1.24-doc-1.24.12-160000.1.1.s390x",
"product": {
"name": "go1.24-doc-1.24.12-160000.1.1.s390x",
"product_id": "go1.24-doc-1.24.12-160000.1.1.s390x"
}
},
{
"category": "product_version",
"name": "go1.24-race-1.24.12-160000.1.1.s390x",
"product": {
"name": "go1.24-race-1.24.12-160000.1.1.s390x",
"product_id": "go1.24-race-1.24.12-160000.1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "go1.24-1.24.12-160000.1.1.x86_64",
"product": {
"name": "go1.24-1.24.12-160000.1.1.x86_64",
"product_id": "go1.24-1.24.12-160000.1.1.x86_64"
}
},
{
"category": "product_version",
"name": "go1.24-doc-1.24.12-160000.1.1.x86_64",
"product": {
"name": "go1.24-doc-1.24.12-160000.1.1.x86_64",
"product_id": "go1.24-doc-1.24.12-160000.1.1.x86_64"
}
},
{
"category": "product_version",
"name": "go1.24-libstd-1.24.12-160000.1.1.x86_64",
"product": {
"name": "go1.24-libstd-1.24.12-160000.1.1.x86_64",
"product_id": "go1.24-libstd-1.24.12-160000.1.1.x86_64"
}
},
{
"category": "product_version",
"name": "go1.24-race-1.24.12-160000.1.1.x86_64",
"product": {
"name": "go1.24-race-1.24.12-160000.1.1.x86_64",
"product_id": "go1.24-race-1.24.12-160000.1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 16.0",
"product": {
"name": "openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0"
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.24-1.24.12-160000.1.1.aarch64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:go1.24-1.24.12-160000.1.1.aarch64"
},
"product_reference": "go1.24-1.24.12-160000.1.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.24-1.24.12-160000.1.1.ppc64le as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:go1.24-1.24.12-160000.1.1.ppc64le"
},
"product_reference": "go1.24-1.24.12-160000.1.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.24-1.24.12-160000.1.1.s390x as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:go1.24-1.24.12-160000.1.1.s390x"
},
"product_reference": "go1.24-1.24.12-160000.1.1.s390x",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.24-1.24.12-160000.1.1.x86_64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:go1.24-1.24.12-160000.1.1.x86_64"
},
"product_reference": "go1.24-1.24.12-160000.1.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.24-doc-1.24.12-160000.1.1.aarch64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:go1.24-doc-1.24.12-160000.1.1.aarch64"
},
"product_reference": "go1.24-doc-1.24.12-160000.1.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.24-doc-1.24.12-160000.1.1.ppc64le as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:go1.24-doc-1.24.12-160000.1.1.ppc64le"
},
"product_reference": "go1.24-doc-1.24.12-160000.1.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.24-doc-1.24.12-160000.1.1.s390x as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:go1.24-doc-1.24.12-160000.1.1.s390x"
},
"product_reference": "go1.24-doc-1.24.12-160000.1.1.s390x",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.24-doc-1.24.12-160000.1.1.x86_64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:go1.24-doc-1.24.12-160000.1.1.x86_64"
},
"product_reference": "go1.24-doc-1.24.12-160000.1.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.24-libstd-1.24.12-160000.1.1.aarch64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:go1.24-libstd-1.24.12-160000.1.1.aarch64"
},
"product_reference": "go1.24-libstd-1.24.12-160000.1.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.24-libstd-1.24.12-160000.1.1.x86_64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:go1.24-libstd-1.24.12-160000.1.1.x86_64"
},
"product_reference": "go1.24-libstd-1.24.12-160000.1.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.24-race-1.24.12-160000.1.1.aarch64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:go1.24-race-1.24.12-160000.1.1.aarch64"
},
"product_reference": "go1.24-race-1.24.12-160000.1.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.24-race-1.24.12-160000.1.1.ppc64le as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:go1.24-race-1.24.12-160000.1.1.ppc64le"
},
"product_reference": "go1.24-race-1.24.12-160000.1.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.24-race-1.24.12-160000.1.1.s390x as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:go1.24-race-1.24.12-160000.1.1.s390x"
},
"product_reference": "go1.24-race-1.24.12-160000.1.1.s390x",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.24-race-1.24.12-160000.1.1.x86_64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:go1.24-race-1.24.12-160000.1.1.x86_64"
},
"product_reference": "go1.24-race-1.24.12-160000.1.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 16.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-61726",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-61726"
}
],
"notes": [
{
"category": "general",
"text": "The net/url package does not set a limit on the number of query parameters in a query. While the maximum size of query parameters in URLs is generally limited by the maximum request header size, the net/http.Request.ParseForm method can parse large URL-encoded forms. Parsing a large form containing many unique query parameters can cause excessive memory consumption.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:go1.24-1.24.12-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-1.24.12-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-1.24.12-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-1.24.12-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-doc-1.24.12-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-doc-1.24.12-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-doc-1.24.12-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-doc-1.24.12-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-libstd-1.24.12-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-libstd-1.24.12-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-race-1.24.12-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-race-1.24.12-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-race-1.24.12-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-race-1.24.12-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-61726",
"url": "https://www.suse.com/security/cve/CVE-2025-61726"
},
{
"category": "external",
"summary": "SUSE Bug 1256817 for CVE-2025-61726",
"url": "https://bugzilla.suse.com/1256817"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:go1.24-1.24.12-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-1.24.12-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-1.24.12-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-1.24.12-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-doc-1.24.12-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-doc-1.24.12-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-doc-1.24.12-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-doc-1.24.12-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-libstd-1.24.12-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-libstd-1.24.12-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-race-1.24.12-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-race-1.24.12-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-race-1.24.12-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-race-1.24.12-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:go1.24-1.24.12-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-1.24.12-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-1.24.12-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-1.24.12-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-doc-1.24.12-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-doc-1.24.12-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-doc-1.24.12-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-doc-1.24.12-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-libstd-1.24.12-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-libstd-1.24.12-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-race-1.24.12-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-race-1.24.12-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-race-1.24.12-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-race-1.24.12-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-22T12:53:33Z",
"details": "moderate"
}
],
"title": "CVE-2025-61726"
},
{
"cve": "CVE-2025-61728",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-61728"
}
],
"notes": [
{
"category": "general",
"text": "archive/zip uses a super-linear file name indexing algorithm that is invoked the first time a file in an archive is opened. This can lead to a denial of service when consuming a maliciously constructed ZIP archive.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:go1.24-1.24.12-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-1.24.12-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-1.24.12-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-1.24.12-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-doc-1.24.12-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-doc-1.24.12-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-doc-1.24.12-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-doc-1.24.12-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-libstd-1.24.12-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-libstd-1.24.12-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-race-1.24.12-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-race-1.24.12-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-race-1.24.12-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-race-1.24.12-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-61728",
"url": "https://www.suse.com/security/cve/CVE-2025-61728"
},
{
"category": "external",
"summary": "SUSE Bug 1256816 for CVE-2025-61728",
"url": "https://bugzilla.suse.com/1256816"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:go1.24-1.24.12-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-1.24.12-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-1.24.12-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-1.24.12-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-doc-1.24.12-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-doc-1.24.12-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-doc-1.24.12-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-doc-1.24.12-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-libstd-1.24.12-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-libstd-1.24.12-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-race-1.24.12-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-race-1.24.12-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-race-1.24.12-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-race-1.24.12-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:go1.24-1.24.12-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-1.24.12-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-1.24.12-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-1.24.12-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-doc-1.24.12-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-doc-1.24.12-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-doc-1.24.12-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-doc-1.24.12-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-libstd-1.24.12-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-libstd-1.24.12-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-race-1.24.12-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-race-1.24.12-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-race-1.24.12-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-race-1.24.12-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-22T12:53:33Z",
"details": "moderate"
}
],
"title": "CVE-2025-61728"
},
{
"cve": "CVE-2025-61730",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-61730"
}
],
"notes": [
{
"category": "general",
"text": "During the TLS 1.3 handshake if multiple messages are sent in records that span encryption level boundaries (for instance the Client Hello and Encrypted Extensions messages), the subsequent messages may be processed before the encryption level changes. This can cause some minor information disclosure if a network-local attacker can inject messages during the handshake.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:go1.24-1.24.12-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-1.24.12-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-1.24.12-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-1.24.12-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-doc-1.24.12-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-doc-1.24.12-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-doc-1.24.12-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-doc-1.24.12-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-libstd-1.24.12-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-libstd-1.24.12-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-race-1.24.12-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-race-1.24.12-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-race-1.24.12-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-race-1.24.12-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-61730",
"url": "https://www.suse.com/security/cve/CVE-2025-61730"
},
{
"category": "external",
"summary": "SUSE Bug 1256821 for CVE-2025-61730",
"url": "https://bugzilla.suse.com/1256821"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:go1.24-1.24.12-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-1.24.12-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-1.24.12-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-1.24.12-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-doc-1.24.12-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-doc-1.24.12-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-doc-1.24.12-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-doc-1.24.12-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-libstd-1.24.12-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-libstd-1.24.12-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-race-1.24.12-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-race-1.24.12-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-race-1.24.12-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-race-1.24.12-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:go1.24-1.24.12-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-1.24.12-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-1.24.12-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-1.24.12-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-doc-1.24.12-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-doc-1.24.12-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-doc-1.24.12-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-doc-1.24.12-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-libstd-1.24.12-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-libstd-1.24.12-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-race-1.24.12-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-race-1.24.12-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-race-1.24.12-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-race-1.24.12-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-22T12:53:33Z",
"details": "moderate"
}
],
"title": "CVE-2025-61730"
},
{
"cve": "CVE-2025-61731",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-61731"
}
],
"notes": [
{
"category": "general",
"text": "Building a malicious file with cmd/go can cause can cause a write to an attacker-controlled file with partial control of the file content. The \"#cgo pkg-config:\" directive in a Go source file provides command-line arguments to provide to the Go pkg-config command. An attacker can provide a \"--log-file\" argument to this directive, causing pkg-config to write to an attacker-controlled location.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:go1.24-1.24.12-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-1.24.12-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-1.24.12-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-1.24.12-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-doc-1.24.12-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-doc-1.24.12-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-doc-1.24.12-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-doc-1.24.12-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-libstd-1.24.12-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-libstd-1.24.12-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-race-1.24.12-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-race-1.24.12-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-race-1.24.12-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-race-1.24.12-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-61731",
"url": "https://www.suse.com/security/cve/CVE-2025-61731"
},
{
"category": "external",
"summary": "SUSE Bug 1256819 for CVE-2025-61731",
"url": "https://bugzilla.suse.com/1256819"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:go1.24-1.24.12-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-1.24.12-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-1.24.12-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-1.24.12-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-doc-1.24.12-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-doc-1.24.12-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-doc-1.24.12-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-doc-1.24.12-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-libstd-1.24.12-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-libstd-1.24.12-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-race-1.24.12-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-race-1.24.12-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-race-1.24.12-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-race-1.24.12-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:go1.24-1.24.12-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-1.24.12-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-1.24.12-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-1.24.12-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-doc-1.24.12-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-doc-1.24.12-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-doc-1.24.12-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-doc-1.24.12-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-libstd-1.24.12-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-libstd-1.24.12-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-race-1.24.12-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-race-1.24.12-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-race-1.24.12-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-race-1.24.12-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-22T12:53:33Z",
"details": "important"
}
],
"title": "CVE-2025-61731"
},
{
"cve": "CVE-2025-68119",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68119"
}
],
"notes": [
{
"category": "general",
"text": "Downloading and building modules with malicious version strings can cause local code execution. On systems with Mercurial (hg) installed, downloading modules from non-standard sources (e.g., custom domains) can cause unexpected code execution due to how external VCS commands are constructed. This issue can also be triggered by providing a malicious version string to the toolchain. On systems with Git installed, downloading and building modules with malicious version strings can allow an attacker to write to arbitrary files on the filesystem. This can only be triggered by explicitly providing the malicious version strings to the toolchain and does not affect usage of @latest or bare module paths.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:go1.24-1.24.12-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-1.24.12-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-1.24.12-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-1.24.12-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-doc-1.24.12-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-doc-1.24.12-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-doc-1.24.12-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-doc-1.24.12-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-libstd-1.24.12-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-libstd-1.24.12-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-race-1.24.12-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-race-1.24.12-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-race-1.24.12-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-race-1.24.12-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68119",
"url": "https://www.suse.com/security/cve/CVE-2025-68119"
},
{
"category": "external",
"summary": "SUSE Bug 1256820 for CVE-2025-68119",
"url": "https://bugzilla.suse.com/1256820"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:go1.24-1.24.12-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-1.24.12-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-1.24.12-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-1.24.12-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-doc-1.24.12-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-doc-1.24.12-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-doc-1.24.12-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-doc-1.24.12-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-libstd-1.24.12-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-libstd-1.24.12-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-race-1.24.12-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-race-1.24.12-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-race-1.24.12-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-race-1.24.12-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:go1.24-1.24.12-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-1.24.12-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-1.24.12-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-1.24.12-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-doc-1.24.12-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-doc-1.24.12-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-doc-1.24.12-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-doc-1.24.12-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-libstd-1.24.12-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-libstd-1.24.12-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-race-1.24.12-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-race-1.24.12-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-race-1.24.12-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-race-1.24.12-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-22T12:53:33Z",
"details": "important"
}
],
"title": "CVE-2025-68119"
},
{
"cve": "CVE-2025-68121",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68121"
}
],
"notes": [
{
"category": "general",
"text": "unknown",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:go1.24-1.24.12-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-1.24.12-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-1.24.12-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-1.24.12-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-doc-1.24.12-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-doc-1.24.12-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-doc-1.24.12-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-doc-1.24.12-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-libstd-1.24.12-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-libstd-1.24.12-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-race-1.24.12-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-race-1.24.12-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-race-1.24.12-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-race-1.24.12-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68121",
"url": "https://www.suse.com/security/cve/CVE-2025-68121"
},
{
"category": "external",
"summary": "SUSE Bug 1256818 for CVE-2025-68121",
"url": "https://bugzilla.suse.com/1256818"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:go1.24-1.24.12-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-1.24.12-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-1.24.12-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-1.24.12-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-doc-1.24.12-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-doc-1.24.12-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-doc-1.24.12-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-doc-1.24.12-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-libstd-1.24.12-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-libstd-1.24.12-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-race-1.24.12-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-race-1.24.12-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-race-1.24.12-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-race-1.24.12-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:go1.24-1.24.12-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-1.24.12-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-1.24.12-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-1.24.12-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-doc-1.24.12-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-doc-1.24.12-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-doc-1.24.12-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-doc-1.24.12-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-libstd-1.24.12-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-libstd-1.24.12-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-race-1.24.12-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-race-1.24.12-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-race-1.24.12-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-race-1.24.12-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-22T12:53:33Z",
"details": "important"
}
],
"title": "CVE-2025-68121"
}
]
}
OPENSUSE-SU-2026:20085-1
Vulnerability from csaf_opensuse - Published: 2026-01-22 15:49 - Updated: 2026-01-22 15:49Summary
Security update for go1.25
Severity
Important
Notes
Title of the patch: Security update for go1.25
Description of the patch: This update for go1.25 fixes the following issues:
Update to go1.25.6 (released 2026-01-15) (bsc#1244485)
Security fixes:
- CVE-2025-61730: crypto/tls: handshake messages may be processed at the incorrect encryption level (bsc#1256821).
- CVE-2025-68119: cmd/go: unexpected code execution when invoking toolchain (bsc#1256820).
- CVE-2025-61731: cmd/go: bypass of flag sanitization can lead to arbitrary code execution (bsc#1256819).
- CVE-2025-61726: net/http: memory exhaustion in Request.ParseForm (bsc#1256817).
- CVE-2025-61728: archive/zip: denial of service when parsing arbitrary ZIP archives (bsc#1256816).
- CVE-2025-68121: crypto/tls: Config.Clone copies automatically generated session ticket keys, session resumption does not account for the expiration of full certificate chain (bsc#1256818).
Other fixes:
* go#76392 os: package initialization hangs is Stdin is blocked
* go#76409 crypto/tls: earlyTrafficSecret should use ClientHelloInner if ECH enabled
* go#76620 os: on Unix, Readdirnames skips directory entries with zero inodes
* go#76761 runtime: stack split at bad time in os/signal with Go 1.25.4 windows 386
* go#76776 runtime: race detector crash on ppc64le
* go#76967 cmd/compile/internal/ssa: Compile.func1(): panic during sccp while compiling <function>: runtime error: index out of range
* go#76973 errors: errors.Join behavior changed in 1.25
Patchnames: openSUSE-Leap-16.0-174
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
6.5 (Medium)
Affected products
Recommended
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:go1.25-1.25.6-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-1.25.6-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-1.25.6-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-1.25.6-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-doc-1.25.6-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-doc-1.25.6-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-doc-1.25.6-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-doc-1.25.6-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-libstd-1.25.6-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-libstd-1.25.6-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-race-1.25.6-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-race-1.25.6-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-race-1.25.6-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-race-1.25.6-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.5 (Medium)
Affected products
Recommended
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:go1.25-1.25.6-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-1.25.6-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-1.25.6-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-1.25.6-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-doc-1.25.6-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-doc-1.25.6-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-doc-1.25.6-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-doc-1.25.6-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-libstd-1.25.6-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-libstd-1.25.6-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-race-1.25.6-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-race-1.25.6-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-race-1.25.6-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-race-1.25.6-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
Affected products
Recommended
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:go1.25-1.25.6-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-1.25.6-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-1.25.6-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-1.25.6-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-doc-1.25.6-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-doc-1.25.6-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-doc-1.25.6-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-doc-1.25.6-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-libstd-1.25.6-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-libstd-1.25.6-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-race-1.25.6-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-race-1.25.6-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-race-1.25.6-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-race-1.25.6-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
Affected products
Recommended
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:go1.25-1.25.6-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-1.25.6-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-1.25.6-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-1.25.6-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-doc-1.25.6-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-doc-1.25.6-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-doc-1.25.6-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-doc-1.25.6-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-libstd-1.25.6-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-libstd-1.25.6-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-race-1.25.6-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-race-1.25.6-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-race-1.25.6-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-race-1.25.6-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:go1.25-1.25.6-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-1.25.6-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-1.25.6-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-1.25.6-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-doc-1.25.6-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-doc-1.25.6-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-doc-1.25.6-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-doc-1.25.6-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-libstd-1.25.6-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-libstd-1.25.6-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-race-1.25.6-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-race-1.25.6-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-race-1.25.6-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-race-1.25.6-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.4 (High)
Affected products
Recommended
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:go1.25-1.25.6-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-1.25.6-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-1.25.6-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-1.25.6-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-doc-1.25.6-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-doc-1.25.6-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-doc-1.25.6-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-doc-1.25.6-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-libstd-1.25.6-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-libstd-1.25.6-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-race-1.25.6-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-race-1.25.6-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-race-1.25.6-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-race-1.25.6-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
27 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for go1.25",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for go1.25 fixes the following issues:\n\nUpdate to go1.25.6 (released 2026-01-15) (bsc#1244485)\n\nSecurity fixes:\n\n - CVE-2025-61730: crypto/tls: handshake messages may be processed at the incorrect encryption level (bsc#1256821).\n - CVE-2025-68119: cmd/go: unexpected code execution when invoking toolchain (bsc#1256820).\n - CVE-2025-61731: cmd/go: bypass of flag sanitization can lead to arbitrary code execution (bsc#1256819).\n - CVE-2025-61726: net/http: memory exhaustion in Request.ParseForm (bsc#1256817).\n - CVE-2025-61728: archive/zip: denial of service when parsing arbitrary ZIP archives (bsc#1256816).\n - CVE-2025-68121: crypto/tls: Config.Clone copies automatically generated session ticket keys, session resumption does not account for the expiration of full certificate chain (bsc#1256818).\n\nOther fixes:\n\n * go#76392 os: package initialization hangs is Stdin is blocked\n * go#76409 crypto/tls: earlyTrafficSecret should use ClientHelloInner if ECH enabled\n * go#76620 os: on Unix, Readdirnames skips directory entries with zero inodes\n * go#76761 runtime: stack split at bad time in os/signal with Go 1.25.4 windows 386\n * go#76776 runtime: race detector crash on ppc64le\n * go#76967 cmd/compile/internal/ssa: Compile.func1(): panic during sccp while compiling \u0026lt;function\u0026gt;: runtime error: index out of range\n * go#76973 errors: errors.Join behavior changed in 1.25\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Leap-16.0-174",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2026_20085-1.json"
},
{
"category": "self",
"summary": "SUSE Bug 1244485",
"url": "https://bugzilla.suse.com/1244485"
},
{
"category": "self",
"summary": "SUSE Bug 1256816",
"url": "https://bugzilla.suse.com/1256816"
},
{
"category": "self",
"summary": "SUSE Bug 1256817",
"url": "https://bugzilla.suse.com/1256817"
},
{
"category": "self",
"summary": "SUSE Bug 1256818",
"url": "https://bugzilla.suse.com/1256818"
},
{
"category": "self",
"summary": "SUSE Bug 1256819",
"url": "https://bugzilla.suse.com/1256819"
},
{
"category": "self",
"summary": "SUSE Bug 1256820",
"url": "https://bugzilla.suse.com/1256820"
},
{
"category": "self",
"summary": "SUSE Bug 1256821",
"url": "https://bugzilla.suse.com/1256821"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-61726 page",
"url": "https://www.suse.com/security/cve/CVE-2025-61726/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-61728 page",
"url": "https://www.suse.com/security/cve/CVE-2025-61728/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-61730 page",
"url": "https://www.suse.com/security/cve/CVE-2025-61730/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-61731 page",
"url": "https://www.suse.com/security/cve/CVE-2025-61731/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68119 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68119/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68121 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68121/"
}
],
"title": "Security update for go1.25",
"tracking": {
"current_release_date": "2026-01-22T15:49:20Z",
"generator": {
"date": "2026-01-22T15:49:20Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2026:20085-1",
"initial_release_date": "2026-01-22T15:49:20Z",
"revision_history": [
{
"date": "2026-01-22T15:49:20Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "go1.25-1.25.6-160000.1.1.aarch64",
"product": {
"name": "go1.25-1.25.6-160000.1.1.aarch64",
"product_id": "go1.25-1.25.6-160000.1.1.aarch64"
}
},
{
"category": "product_version",
"name": "go1.25-doc-1.25.6-160000.1.1.aarch64",
"product": {
"name": "go1.25-doc-1.25.6-160000.1.1.aarch64",
"product_id": "go1.25-doc-1.25.6-160000.1.1.aarch64"
}
},
{
"category": "product_version",
"name": "go1.25-libstd-1.25.6-160000.1.1.aarch64",
"product": {
"name": "go1.25-libstd-1.25.6-160000.1.1.aarch64",
"product_id": "go1.25-libstd-1.25.6-160000.1.1.aarch64"
}
},
{
"category": "product_version",
"name": "go1.25-race-1.25.6-160000.1.1.aarch64",
"product": {
"name": "go1.25-race-1.25.6-160000.1.1.aarch64",
"product_id": "go1.25-race-1.25.6-160000.1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "go1.25-1.25.6-160000.1.1.ppc64le",
"product": {
"name": "go1.25-1.25.6-160000.1.1.ppc64le",
"product_id": "go1.25-1.25.6-160000.1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "go1.25-doc-1.25.6-160000.1.1.ppc64le",
"product": {
"name": "go1.25-doc-1.25.6-160000.1.1.ppc64le",
"product_id": "go1.25-doc-1.25.6-160000.1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "go1.25-race-1.25.6-160000.1.1.ppc64le",
"product": {
"name": "go1.25-race-1.25.6-160000.1.1.ppc64le",
"product_id": "go1.25-race-1.25.6-160000.1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "go1.25-1.25.6-160000.1.1.s390x",
"product": {
"name": "go1.25-1.25.6-160000.1.1.s390x",
"product_id": "go1.25-1.25.6-160000.1.1.s390x"
}
},
{
"category": "product_version",
"name": "go1.25-doc-1.25.6-160000.1.1.s390x",
"product": {
"name": "go1.25-doc-1.25.6-160000.1.1.s390x",
"product_id": "go1.25-doc-1.25.6-160000.1.1.s390x"
}
},
{
"category": "product_version",
"name": "go1.25-race-1.25.6-160000.1.1.s390x",
"product": {
"name": "go1.25-race-1.25.6-160000.1.1.s390x",
"product_id": "go1.25-race-1.25.6-160000.1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "go1.25-1.25.6-160000.1.1.x86_64",
"product": {
"name": "go1.25-1.25.6-160000.1.1.x86_64",
"product_id": "go1.25-1.25.6-160000.1.1.x86_64"
}
},
{
"category": "product_version",
"name": "go1.25-doc-1.25.6-160000.1.1.x86_64",
"product": {
"name": "go1.25-doc-1.25.6-160000.1.1.x86_64",
"product_id": "go1.25-doc-1.25.6-160000.1.1.x86_64"
}
},
{
"category": "product_version",
"name": "go1.25-libstd-1.25.6-160000.1.1.x86_64",
"product": {
"name": "go1.25-libstd-1.25.6-160000.1.1.x86_64",
"product_id": "go1.25-libstd-1.25.6-160000.1.1.x86_64"
}
},
{
"category": "product_version",
"name": "go1.25-race-1.25.6-160000.1.1.x86_64",
"product": {
"name": "go1.25-race-1.25.6-160000.1.1.x86_64",
"product_id": "go1.25-race-1.25.6-160000.1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 16.0",
"product": {
"name": "openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0"
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.25-1.25.6-160000.1.1.aarch64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:go1.25-1.25.6-160000.1.1.aarch64"
},
"product_reference": "go1.25-1.25.6-160000.1.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.25-1.25.6-160000.1.1.ppc64le as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:go1.25-1.25.6-160000.1.1.ppc64le"
},
"product_reference": "go1.25-1.25.6-160000.1.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.25-1.25.6-160000.1.1.s390x as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:go1.25-1.25.6-160000.1.1.s390x"
},
"product_reference": "go1.25-1.25.6-160000.1.1.s390x",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.25-1.25.6-160000.1.1.x86_64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:go1.25-1.25.6-160000.1.1.x86_64"
},
"product_reference": "go1.25-1.25.6-160000.1.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.25-doc-1.25.6-160000.1.1.aarch64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:go1.25-doc-1.25.6-160000.1.1.aarch64"
},
"product_reference": "go1.25-doc-1.25.6-160000.1.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.25-doc-1.25.6-160000.1.1.ppc64le as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:go1.25-doc-1.25.6-160000.1.1.ppc64le"
},
"product_reference": "go1.25-doc-1.25.6-160000.1.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.25-doc-1.25.6-160000.1.1.s390x as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:go1.25-doc-1.25.6-160000.1.1.s390x"
},
"product_reference": "go1.25-doc-1.25.6-160000.1.1.s390x",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.25-doc-1.25.6-160000.1.1.x86_64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:go1.25-doc-1.25.6-160000.1.1.x86_64"
},
"product_reference": "go1.25-doc-1.25.6-160000.1.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.25-libstd-1.25.6-160000.1.1.aarch64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:go1.25-libstd-1.25.6-160000.1.1.aarch64"
},
"product_reference": "go1.25-libstd-1.25.6-160000.1.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.25-libstd-1.25.6-160000.1.1.x86_64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:go1.25-libstd-1.25.6-160000.1.1.x86_64"
},
"product_reference": "go1.25-libstd-1.25.6-160000.1.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.25-race-1.25.6-160000.1.1.aarch64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:go1.25-race-1.25.6-160000.1.1.aarch64"
},
"product_reference": "go1.25-race-1.25.6-160000.1.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.25-race-1.25.6-160000.1.1.ppc64le as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:go1.25-race-1.25.6-160000.1.1.ppc64le"
},
"product_reference": "go1.25-race-1.25.6-160000.1.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.25-race-1.25.6-160000.1.1.s390x as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:go1.25-race-1.25.6-160000.1.1.s390x"
},
"product_reference": "go1.25-race-1.25.6-160000.1.1.s390x",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.25-race-1.25.6-160000.1.1.x86_64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:go1.25-race-1.25.6-160000.1.1.x86_64"
},
"product_reference": "go1.25-race-1.25.6-160000.1.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 16.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-61726",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-61726"
}
],
"notes": [
{
"category": "general",
"text": "The net/url package does not set a limit on the number of query parameters in a query. While the maximum size of query parameters in URLs is generally limited by the maximum request header size, the net/http.Request.ParseForm method can parse large URL-encoded forms. Parsing a large form containing many unique query parameters can cause excessive memory consumption.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:go1.25-1.25.6-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-1.25.6-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-1.25.6-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-1.25.6-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-doc-1.25.6-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-doc-1.25.6-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-doc-1.25.6-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-doc-1.25.6-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-libstd-1.25.6-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-libstd-1.25.6-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-race-1.25.6-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-race-1.25.6-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-race-1.25.6-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-race-1.25.6-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-61726",
"url": "https://www.suse.com/security/cve/CVE-2025-61726"
},
{
"category": "external",
"summary": "SUSE Bug 1256817 for CVE-2025-61726",
"url": "https://bugzilla.suse.com/1256817"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:go1.25-1.25.6-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-1.25.6-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-1.25.6-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-1.25.6-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-doc-1.25.6-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-doc-1.25.6-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-doc-1.25.6-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-doc-1.25.6-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-libstd-1.25.6-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-libstd-1.25.6-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-race-1.25.6-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-race-1.25.6-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-race-1.25.6-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-race-1.25.6-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:go1.25-1.25.6-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-1.25.6-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-1.25.6-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-1.25.6-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-doc-1.25.6-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-doc-1.25.6-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-doc-1.25.6-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-doc-1.25.6-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-libstd-1.25.6-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-libstd-1.25.6-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-race-1.25.6-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-race-1.25.6-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-race-1.25.6-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-race-1.25.6-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-22T15:49:20Z",
"details": "moderate"
}
],
"title": "CVE-2025-61726"
},
{
"cve": "CVE-2025-61728",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-61728"
}
],
"notes": [
{
"category": "general",
"text": "archive/zip uses a super-linear file name indexing algorithm that is invoked the first time a file in an archive is opened. This can lead to a denial of service when consuming a maliciously constructed ZIP archive.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:go1.25-1.25.6-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-1.25.6-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-1.25.6-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-1.25.6-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-doc-1.25.6-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-doc-1.25.6-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-doc-1.25.6-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-doc-1.25.6-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-libstd-1.25.6-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-libstd-1.25.6-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-race-1.25.6-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-race-1.25.6-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-race-1.25.6-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-race-1.25.6-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-61728",
"url": "https://www.suse.com/security/cve/CVE-2025-61728"
},
{
"category": "external",
"summary": "SUSE Bug 1256816 for CVE-2025-61728",
"url": "https://bugzilla.suse.com/1256816"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:go1.25-1.25.6-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-1.25.6-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-1.25.6-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-1.25.6-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-doc-1.25.6-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-doc-1.25.6-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-doc-1.25.6-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-doc-1.25.6-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-libstd-1.25.6-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-libstd-1.25.6-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-race-1.25.6-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-race-1.25.6-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-race-1.25.6-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-race-1.25.6-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:go1.25-1.25.6-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-1.25.6-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-1.25.6-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-1.25.6-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-doc-1.25.6-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-doc-1.25.6-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-doc-1.25.6-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-doc-1.25.6-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-libstd-1.25.6-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-libstd-1.25.6-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-race-1.25.6-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-race-1.25.6-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-race-1.25.6-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-race-1.25.6-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-22T15:49:20Z",
"details": "moderate"
}
],
"title": "CVE-2025-61728"
},
{
"cve": "CVE-2025-61730",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-61730"
}
],
"notes": [
{
"category": "general",
"text": "During the TLS 1.3 handshake if multiple messages are sent in records that span encryption level boundaries (for instance the Client Hello and Encrypted Extensions messages), the subsequent messages may be processed before the encryption level changes. This can cause some minor information disclosure if a network-local attacker can inject messages during the handshake.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:go1.25-1.25.6-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-1.25.6-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-1.25.6-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-1.25.6-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-doc-1.25.6-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-doc-1.25.6-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-doc-1.25.6-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-doc-1.25.6-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-libstd-1.25.6-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-libstd-1.25.6-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-race-1.25.6-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-race-1.25.6-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-race-1.25.6-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-race-1.25.6-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-61730",
"url": "https://www.suse.com/security/cve/CVE-2025-61730"
},
{
"category": "external",
"summary": "SUSE Bug 1256821 for CVE-2025-61730",
"url": "https://bugzilla.suse.com/1256821"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:go1.25-1.25.6-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-1.25.6-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-1.25.6-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-1.25.6-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-doc-1.25.6-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-doc-1.25.6-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-doc-1.25.6-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-doc-1.25.6-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-libstd-1.25.6-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-libstd-1.25.6-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-race-1.25.6-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-race-1.25.6-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-race-1.25.6-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-race-1.25.6-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:go1.25-1.25.6-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-1.25.6-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-1.25.6-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-1.25.6-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-doc-1.25.6-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-doc-1.25.6-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-doc-1.25.6-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-doc-1.25.6-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-libstd-1.25.6-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-libstd-1.25.6-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-race-1.25.6-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-race-1.25.6-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-race-1.25.6-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-race-1.25.6-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-22T15:49:20Z",
"details": "moderate"
}
],
"title": "CVE-2025-61730"
},
{
"cve": "CVE-2025-61731",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-61731"
}
],
"notes": [
{
"category": "general",
"text": "Building a malicious file with cmd/go can cause can cause a write to an attacker-controlled file with partial control of the file content. The \"#cgo pkg-config:\" directive in a Go source file provides command-line arguments to provide to the Go pkg-config command. An attacker can provide a \"--log-file\" argument to this directive, causing pkg-config to write to an attacker-controlled location.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:go1.25-1.25.6-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-1.25.6-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-1.25.6-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-1.25.6-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-doc-1.25.6-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-doc-1.25.6-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-doc-1.25.6-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-doc-1.25.6-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-libstd-1.25.6-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-libstd-1.25.6-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-race-1.25.6-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-race-1.25.6-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-race-1.25.6-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-race-1.25.6-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-61731",
"url": "https://www.suse.com/security/cve/CVE-2025-61731"
},
{
"category": "external",
"summary": "SUSE Bug 1256819 for CVE-2025-61731",
"url": "https://bugzilla.suse.com/1256819"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:go1.25-1.25.6-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-1.25.6-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-1.25.6-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-1.25.6-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-doc-1.25.6-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-doc-1.25.6-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-doc-1.25.6-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-doc-1.25.6-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-libstd-1.25.6-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-libstd-1.25.6-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-race-1.25.6-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-race-1.25.6-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-race-1.25.6-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-race-1.25.6-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:go1.25-1.25.6-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-1.25.6-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-1.25.6-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-1.25.6-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-doc-1.25.6-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-doc-1.25.6-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-doc-1.25.6-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-doc-1.25.6-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-libstd-1.25.6-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-libstd-1.25.6-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-race-1.25.6-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-race-1.25.6-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-race-1.25.6-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-race-1.25.6-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-22T15:49:20Z",
"details": "important"
}
],
"title": "CVE-2025-61731"
},
{
"cve": "CVE-2025-68119",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68119"
}
],
"notes": [
{
"category": "general",
"text": "Downloading and building modules with malicious version strings can cause local code execution. On systems with Mercurial (hg) installed, downloading modules from non-standard sources (e.g., custom domains) can cause unexpected code execution due to how external VCS commands are constructed. This issue can also be triggered by providing a malicious version string to the toolchain. On systems with Git installed, downloading and building modules with malicious version strings can allow an attacker to write to arbitrary files on the filesystem. This can only be triggered by explicitly providing the malicious version strings to the toolchain and does not affect usage of @latest or bare module paths.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:go1.25-1.25.6-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-1.25.6-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-1.25.6-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-1.25.6-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-doc-1.25.6-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-doc-1.25.6-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-doc-1.25.6-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-doc-1.25.6-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-libstd-1.25.6-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-libstd-1.25.6-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-race-1.25.6-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-race-1.25.6-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-race-1.25.6-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-race-1.25.6-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68119",
"url": "https://www.suse.com/security/cve/CVE-2025-68119"
},
{
"category": "external",
"summary": "SUSE Bug 1256820 for CVE-2025-68119",
"url": "https://bugzilla.suse.com/1256820"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:go1.25-1.25.6-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-1.25.6-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-1.25.6-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-1.25.6-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-doc-1.25.6-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-doc-1.25.6-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-doc-1.25.6-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-doc-1.25.6-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-libstd-1.25.6-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-libstd-1.25.6-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-race-1.25.6-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-race-1.25.6-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-race-1.25.6-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-race-1.25.6-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:go1.25-1.25.6-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-1.25.6-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-1.25.6-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-1.25.6-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-doc-1.25.6-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-doc-1.25.6-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-doc-1.25.6-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-doc-1.25.6-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-libstd-1.25.6-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-libstd-1.25.6-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-race-1.25.6-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-race-1.25.6-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-race-1.25.6-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-race-1.25.6-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-22T15:49:20Z",
"details": "important"
}
],
"title": "CVE-2025-68119"
},
{
"cve": "CVE-2025-68121",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68121"
}
],
"notes": [
{
"category": "general",
"text": "unknown",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:go1.25-1.25.6-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-1.25.6-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-1.25.6-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-1.25.6-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-doc-1.25.6-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-doc-1.25.6-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-doc-1.25.6-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-doc-1.25.6-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-libstd-1.25.6-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-libstd-1.25.6-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-race-1.25.6-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-race-1.25.6-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-race-1.25.6-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-race-1.25.6-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68121",
"url": "https://www.suse.com/security/cve/CVE-2025-68121"
},
{
"category": "external",
"summary": "SUSE Bug 1256818 for CVE-2025-68121",
"url": "https://bugzilla.suse.com/1256818"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:go1.25-1.25.6-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-1.25.6-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-1.25.6-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-1.25.6-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-doc-1.25.6-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-doc-1.25.6-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-doc-1.25.6-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-doc-1.25.6-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-libstd-1.25.6-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-libstd-1.25.6-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-race-1.25.6-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-race-1.25.6-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-race-1.25.6-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-race-1.25.6-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:go1.25-1.25.6-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-1.25.6-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-1.25.6-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-1.25.6-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-doc-1.25.6-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-doc-1.25.6-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-doc-1.25.6-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-doc-1.25.6-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-libstd-1.25.6-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-libstd-1.25.6-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-race-1.25.6-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-race-1.25.6-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-race-1.25.6-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-race-1.25.6-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-22T15:49:20Z",
"details": "important"
}
],
"title": "CVE-2025-68121"
}
]
}
OPENSUSE-SU-2026:20301-1
Vulnerability from csaf_opensuse - Published: 2026-03-03 09:04 - Updated: 2026-03-03 09:04Summary
Security update for go1.25-openssl
Severity
Important
Notes
Title of the patch: Security update for go1.25-openssl
Description of the patch: This update for go1.25-openssl fixes the following issues:
- Update to version 1.25.7 (jsc#SLE-18320)
- CVE-2025-61730: crypto/tls: handshake messages may be processed at the incorrect encryption level (bsc#1256821)
- CVE-2025-68119: cmd/go: unexpected code execution when invoking toolchain (bsc#1256820)
- CVE-2025-61731: cmd/go: bypass of flag sanitization can lead to arbitrary code execution (bsc#1256819)
- CVE-2025-61726: net/http: memory exhaustion in Request.ParseForm (bsc#1256817)
- CVE-2025-61728: archive/zip: denial of service when parsing arbitrary ZIP archives (bsc#1256816)
- CVE-2025-68121: crypto/tls: Config.Clone copies automatically generated session ticket keys, session resumption does not account for the expiration of full certificate chain (bsc#1256818)
- CVE-2025-61729: crypto/x509: excessive resource consumption in printing error string for host certificate validation (bsc#1254431)
- CVE-2025-61727: crypto/x509: excluded subdomain constraint doesn't preclude wildcard SA (bsc#1254430)
- CVE-2025-58189: crypto/tls: ALPN negotiation error contains attacker controlled information (bsc#1251255)
- CVE-2025-61725: net/mail: excessive CPU consumption in ParseAddress (bsc#1251253)
- CVE-2025-58188: crypto/x509: panic when validating certificates with DSA public keys (bsc#1251260)
- CVE-2025-58185: encoding/asn1: pre-allocating memory when parsing DER payload can cause memory exhaustion (bsc#1251258)
- CVE-2025-58186: net/http: lack of limit when parsing cookies can cause memory exhaustion (bsc#1251259)
- CVE-2025-61723: encoding/pem: quadratic complexity when parsing some invalid inputs (bsc#1251256)
- CVE-2025-58183: archive/tar: unbounded allocation when parsing GNU sparse map (bsc#1251261)
- CVE-2025-47912: net/url: insufficient validation of bracketed IPv6 hostnames (bsc#1251257)
- CVE-2025-58187: crypto/x509: quadratic complexity when checking name constraints (bsc#1251254)
- CVE-2025-61724: net/textproto: excessive CPU consumption in Reader.ReadResponse (bsc#1251262)
Patchnames: openSUSE-Leap-16.0-339
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
8.2 (High)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.3 (Medium)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.3 (Medium)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.3 (Medium)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
4 (Medium)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.3 (Medium)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.3 (Medium)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.5 (Medium)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.5 (Medium)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
5.5 (Medium)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.4 (High)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
79 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for go1.25-openssl",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for go1.25-openssl fixes the following issues:\n\n- Update to version 1.25.7 (jsc#SLE-18320)\n- CVE-2025-61730: crypto/tls: handshake messages may be processed at the incorrect encryption level (bsc#1256821)\n- CVE-2025-68119: cmd/go: unexpected code execution when invoking toolchain (bsc#1256820)\n- CVE-2025-61731: cmd/go: bypass of flag sanitization can lead to arbitrary code execution (bsc#1256819)\n- CVE-2025-61726: net/http: memory exhaustion in Request.ParseForm (bsc#1256817)\n- CVE-2025-61728: archive/zip: denial of service when parsing arbitrary ZIP archives (bsc#1256816)\n- CVE-2025-68121: crypto/tls: Config.Clone copies automatically generated session ticket keys, session resumption does not account for the expiration of full certificate chain (bsc#1256818)\n- CVE-2025-61729: crypto/x509: excessive resource consumption in printing error string for host certificate validation (bsc#1254431)\n- CVE-2025-61727: crypto/x509: excluded subdomain constraint doesn\u0027t preclude wildcard SA (bsc#1254430)\n- CVE-2025-58189: crypto/tls: ALPN negotiation error contains attacker controlled information (bsc#1251255)\n- CVE-2025-61725: net/mail: excessive CPU consumption in ParseAddress (bsc#1251253)\n- CVE-2025-58188: crypto/x509: panic when validating certificates with DSA public keys (bsc#1251260)\n- CVE-2025-58185: encoding/asn1: pre-allocating memory when parsing DER payload can cause memory exhaustion (bsc#1251258)\n- CVE-2025-58186: net/http: lack of limit when parsing cookies can cause memory exhaustion (bsc#1251259)\n- CVE-2025-61723: encoding/pem: quadratic complexity when parsing some invalid inputs (bsc#1251256)\n- CVE-2025-58183: archive/tar: unbounded allocation when parsing GNU sparse map (bsc#1251261)\n- CVE-2025-47912: net/url: insufficient validation of bracketed IPv6 hostnames (bsc#1251257)\n- CVE-2025-58187: crypto/x509: quadratic complexity when checking name constraints (bsc#1251254)\n- CVE-2025-61724: net/textproto: excessive CPU consumption in Reader.ReadResponse (bsc#1251262)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Leap-16.0-339",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2026_20301-1.json"
},
{
"category": "self",
"summary": "SUSE Bug 1244485",
"url": "https://bugzilla.suse.com/1244485"
},
{
"category": "self",
"summary": "SUSE Bug 1245878",
"url": "https://bugzilla.suse.com/1245878"
},
{
"category": "self",
"summary": "SUSE Bug 1249985",
"url": "https://bugzilla.suse.com/1249985"
},
{
"category": "self",
"summary": "SUSE Bug 1251253",
"url": "https://bugzilla.suse.com/1251253"
},
{
"category": "self",
"summary": "SUSE Bug 1251254",
"url": "https://bugzilla.suse.com/1251254"
},
{
"category": "self",
"summary": "SUSE Bug 1251255",
"url": "https://bugzilla.suse.com/1251255"
},
{
"category": "self",
"summary": "SUSE Bug 1251256",
"url": "https://bugzilla.suse.com/1251256"
},
{
"category": "self",
"summary": "SUSE Bug 1251257",
"url": "https://bugzilla.suse.com/1251257"
},
{
"category": "self",
"summary": "SUSE Bug 1251258",
"url": "https://bugzilla.suse.com/1251258"
},
{
"category": "self",
"summary": "SUSE Bug 1251259",
"url": "https://bugzilla.suse.com/1251259"
},
{
"category": "self",
"summary": "SUSE Bug 1251260",
"url": "https://bugzilla.suse.com/1251260"
},
{
"category": "self",
"summary": "SUSE Bug 1251261",
"url": "https://bugzilla.suse.com/1251261"
},
{
"category": "self",
"summary": "SUSE Bug 1251262",
"url": "https://bugzilla.suse.com/1251262"
},
{
"category": "self",
"summary": "SUSE Bug 1254227",
"url": "https://bugzilla.suse.com/1254227"
},
{
"category": "self",
"summary": "SUSE Bug 1254430",
"url": "https://bugzilla.suse.com/1254430"
},
{
"category": "self",
"summary": "SUSE Bug 1254431",
"url": "https://bugzilla.suse.com/1254431"
},
{
"category": "self",
"summary": "SUSE Bug 1256816",
"url": "https://bugzilla.suse.com/1256816"
},
{
"category": "self",
"summary": "SUSE Bug 1256817",
"url": "https://bugzilla.suse.com/1256817"
},
{
"category": "self",
"summary": "SUSE Bug 1256818",
"url": "https://bugzilla.suse.com/1256818"
},
{
"category": "self",
"summary": "SUSE Bug 1256819",
"url": "https://bugzilla.suse.com/1256819"
},
{
"category": "self",
"summary": "SUSE Bug 1256820",
"url": "https://bugzilla.suse.com/1256820"
},
{
"category": "self",
"summary": "SUSE Bug 1256821",
"url": "https://bugzilla.suse.com/1256821"
},
{
"category": "self",
"summary": "SUSE Bug 1257486",
"url": "https://bugzilla.suse.com/1257486"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-47912 page",
"url": "https://www.suse.com/security/cve/CVE-2025-47912/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-58183 page",
"url": "https://www.suse.com/security/cve/CVE-2025-58183/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-58185 page",
"url": "https://www.suse.com/security/cve/CVE-2025-58185/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-58186 page",
"url": "https://www.suse.com/security/cve/CVE-2025-58186/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-58187 page",
"url": "https://www.suse.com/security/cve/CVE-2025-58187/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-58188 page",
"url": "https://www.suse.com/security/cve/CVE-2025-58188/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-58189 page",
"url": "https://www.suse.com/security/cve/CVE-2025-58189/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-61723 page",
"url": "https://www.suse.com/security/cve/CVE-2025-61723/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-61724 page",
"url": "https://www.suse.com/security/cve/CVE-2025-61724/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-61725 page",
"url": "https://www.suse.com/security/cve/CVE-2025-61725/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-61726 page",
"url": "https://www.suse.com/security/cve/CVE-2025-61726/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-61727 page",
"url": "https://www.suse.com/security/cve/CVE-2025-61727/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-61728 page",
"url": "https://www.suse.com/security/cve/CVE-2025-61728/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-61729 page",
"url": "https://www.suse.com/security/cve/CVE-2025-61729/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-61730 page",
"url": "https://www.suse.com/security/cve/CVE-2025-61730/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-61731 page",
"url": "https://www.suse.com/security/cve/CVE-2025-61731/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68119 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68119/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68121 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68121/"
}
],
"title": "Security update for go1.25-openssl",
"tracking": {
"current_release_date": "2026-03-03T09:04:46Z",
"generator": {
"date": "2026-03-03T09:04:46Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2026:20301-1",
"initial_release_date": "2026-03-03T09:04:46Z",
"revision_history": [
{
"date": "2026-03-03T09:04:46Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "go1.25-openssl-1.25.7-160000.1.1.aarch64",
"product": {
"name": "go1.25-openssl-1.25.7-160000.1.1.aarch64",
"product_id": "go1.25-openssl-1.25.7-160000.1.1.aarch64"
}
},
{
"category": "product_version",
"name": "go1.25-openssl-doc-1.25.7-160000.1.1.aarch64",
"product": {
"name": "go1.25-openssl-doc-1.25.7-160000.1.1.aarch64",
"product_id": "go1.25-openssl-doc-1.25.7-160000.1.1.aarch64"
}
},
{
"category": "product_version",
"name": "go1.25-openssl-race-1.25.7-160000.1.1.aarch64",
"product": {
"name": "go1.25-openssl-race-1.25.7-160000.1.1.aarch64",
"product_id": "go1.25-openssl-race-1.25.7-160000.1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "go1.25-openssl-1.25.7-160000.1.1.ppc64le",
"product": {
"name": "go1.25-openssl-1.25.7-160000.1.1.ppc64le",
"product_id": "go1.25-openssl-1.25.7-160000.1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "go1.25-openssl-doc-1.25.7-160000.1.1.ppc64le",
"product": {
"name": "go1.25-openssl-doc-1.25.7-160000.1.1.ppc64le",
"product_id": "go1.25-openssl-doc-1.25.7-160000.1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "go1.25-openssl-race-1.25.7-160000.1.1.ppc64le",
"product": {
"name": "go1.25-openssl-race-1.25.7-160000.1.1.ppc64le",
"product_id": "go1.25-openssl-race-1.25.7-160000.1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "go1.25-openssl-1.25.7-160000.1.1.s390x",
"product": {
"name": "go1.25-openssl-1.25.7-160000.1.1.s390x",
"product_id": "go1.25-openssl-1.25.7-160000.1.1.s390x"
}
},
{
"category": "product_version",
"name": "go1.25-openssl-doc-1.25.7-160000.1.1.s390x",
"product": {
"name": "go1.25-openssl-doc-1.25.7-160000.1.1.s390x",
"product_id": "go1.25-openssl-doc-1.25.7-160000.1.1.s390x"
}
},
{
"category": "product_version",
"name": "go1.25-openssl-race-1.25.7-160000.1.1.s390x",
"product": {
"name": "go1.25-openssl-race-1.25.7-160000.1.1.s390x",
"product_id": "go1.25-openssl-race-1.25.7-160000.1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "go1.25-openssl-1.25.7-160000.1.1.x86_64",
"product": {
"name": "go1.25-openssl-1.25.7-160000.1.1.x86_64",
"product_id": "go1.25-openssl-1.25.7-160000.1.1.x86_64"
}
},
{
"category": "product_version",
"name": "go1.25-openssl-doc-1.25.7-160000.1.1.x86_64",
"product": {
"name": "go1.25-openssl-doc-1.25.7-160000.1.1.x86_64",
"product_id": "go1.25-openssl-doc-1.25.7-160000.1.1.x86_64"
}
},
{
"category": "product_version",
"name": "go1.25-openssl-race-1.25.7-160000.1.1.x86_64",
"product": {
"name": "go1.25-openssl-race-1.25.7-160000.1.1.x86_64",
"product_id": "go1.25-openssl-race-1.25.7-160000.1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 16.0",
"product": {
"name": "openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0"
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.25-openssl-1.25.7-160000.1.1.aarch64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.aarch64"
},
"product_reference": "go1.25-openssl-1.25.7-160000.1.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.25-openssl-1.25.7-160000.1.1.ppc64le as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.ppc64le"
},
"product_reference": "go1.25-openssl-1.25.7-160000.1.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.25-openssl-1.25.7-160000.1.1.s390x as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.s390x"
},
"product_reference": "go1.25-openssl-1.25.7-160000.1.1.s390x",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.25-openssl-1.25.7-160000.1.1.x86_64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.x86_64"
},
"product_reference": "go1.25-openssl-1.25.7-160000.1.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.25-openssl-doc-1.25.7-160000.1.1.aarch64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.aarch64"
},
"product_reference": "go1.25-openssl-doc-1.25.7-160000.1.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.25-openssl-doc-1.25.7-160000.1.1.ppc64le as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.ppc64le"
},
"product_reference": "go1.25-openssl-doc-1.25.7-160000.1.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.25-openssl-doc-1.25.7-160000.1.1.s390x as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.s390x"
},
"product_reference": "go1.25-openssl-doc-1.25.7-160000.1.1.s390x",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.25-openssl-doc-1.25.7-160000.1.1.x86_64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.x86_64"
},
"product_reference": "go1.25-openssl-doc-1.25.7-160000.1.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.25-openssl-race-1.25.7-160000.1.1.aarch64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.aarch64"
},
"product_reference": "go1.25-openssl-race-1.25.7-160000.1.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.25-openssl-race-1.25.7-160000.1.1.ppc64le as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.ppc64le"
},
"product_reference": "go1.25-openssl-race-1.25.7-160000.1.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.25-openssl-race-1.25.7-160000.1.1.s390x as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.s390x"
},
"product_reference": "go1.25-openssl-race-1.25.7-160000.1.1.s390x",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.25-openssl-race-1.25.7-160000.1.1.x86_64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.x86_64"
},
"product_reference": "go1.25-openssl-race-1.25.7-160000.1.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 16.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-47912",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-47912"
}
],
"notes": [
{
"category": "general",
"text": "The Parse function permits values other than IPv6 addresses to be included in square brackets within the host component of a URL. RFC 3986 permits IPv6 addresses to be included within the host component, enclosed within square brackets. For example: \"http://[::1]/\". IPv4 addresses and hostnames must not appear within square brackets. Parse did not enforce this requirement.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-47912",
"url": "https://www.suse.com/security/cve/CVE-2025-47912"
},
{
"category": "external",
"summary": "SUSE Bug 1251257 for CVE-2025-47912",
"url": "https://bugzilla.suse.com/1251257"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-03T09:04:46Z",
"details": "important"
}
],
"title": "CVE-2025-47912"
},
{
"cve": "CVE-2025-58183",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-58183"
}
],
"notes": [
{
"category": "general",
"text": "tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A maliciously-crafted archive containing a large number of sparse regions can cause a Reader to read an unbounded amount of data from the archive into memory. When reading from a compressed source, a small compressed input can result in large allocations.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-58183",
"url": "https://www.suse.com/security/cve/CVE-2025-58183"
},
{
"category": "external",
"summary": "SUSE Bug 1251261 for CVE-2025-58183",
"url": "https://bugzilla.suse.com/1251261"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-03T09:04:46Z",
"details": "moderate"
}
],
"title": "CVE-2025-58183"
},
{
"cve": "CVE-2025-58185",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-58185"
}
],
"notes": [
{
"category": "general",
"text": "Parsing a maliciously crafted DER payload could allocate large amounts of memory, causing memory exhaustion.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-58185",
"url": "https://www.suse.com/security/cve/CVE-2025-58185"
},
{
"category": "external",
"summary": "SUSE Bug 1251258 for CVE-2025-58185",
"url": "https://bugzilla.suse.com/1251258"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-03T09:04:46Z",
"details": "moderate"
}
],
"title": "CVE-2025-58185"
},
{
"cve": "CVE-2025-58186",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-58186"
}
],
"notes": [
{
"category": "general",
"text": "Despite HTTP headers having a default limit of 1MB, the number of cookies that can be parsed does not have a limit. By sending a lot of very small cookies such as \"a=;\", an attacker can make an HTTP server allocate a large amount of structs, causing large memory consumption.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-58186",
"url": "https://www.suse.com/security/cve/CVE-2025-58186"
},
{
"category": "external",
"summary": "SUSE Bug 1251259 for CVE-2025-58186",
"url": "https://bugzilla.suse.com/1251259"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-03T09:04:46Z",
"details": "moderate"
}
],
"title": "CVE-2025-58186"
},
{
"cve": "CVE-2025-58187",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-58187"
}
],
"notes": [
{
"category": "general",
"text": "Due to the design of the name constraint checking algorithm, the processing time of some inputs scale non-linearly with respect to the size of the certificate. This affects programs which validate arbitrary certificate chains.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-58187",
"url": "https://www.suse.com/security/cve/CVE-2025-58187"
},
{
"category": "external",
"summary": "SUSE Bug 1251254 for CVE-2025-58187",
"url": "https://bugzilla.suse.com/1251254"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-03T09:04:46Z",
"details": "moderate"
}
],
"title": "CVE-2025-58187"
},
{
"cve": "CVE-2025-58188",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-58188"
}
],
"notes": [
{
"category": "general",
"text": "Validating certificate chains which contain DSA public keys can cause programs to panic, due to a interface cast that assumes they implement the Equal method. This affects programs which validate arbitrary certificate chains.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-58188",
"url": "https://www.suse.com/security/cve/CVE-2025-58188"
},
{
"category": "external",
"summary": "SUSE Bug 1251260 for CVE-2025-58188",
"url": "https://bugzilla.suse.com/1251260"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-03T09:04:46Z",
"details": "important"
}
],
"title": "CVE-2025-58188"
},
{
"cve": "CVE-2025-58189",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-58189"
}
],
"notes": [
{
"category": "general",
"text": "When Conn.Handshake fails during ALPN negotiation the error contains attacker controlled information (the ALPN protocols sent by the client) which is not escaped.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-58189",
"url": "https://www.suse.com/security/cve/CVE-2025-58189"
},
{
"category": "external",
"summary": "SUSE Bug 1251255 for CVE-2025-58189",
"url": "https://bugzilla.suse.com/1251255"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-03T09:04:46Z",
"details": "moderate"
}
],
"title": "CVE-2025-58189"
},
{
"cve": "CVE-2025-61723",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-61723"
}
],
"notes": [
{
"category": "general",
"text": "The processing time for parsing some invalid inputs scales non-linearly with respect to the size of the input. This affects programs which parse untrusted PEM inputs.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-61723",
"url": "https://www.suse.com/security/cve/CVE-2025-61723"
},
{
"category": "external",
"summary": "SUSE Bug 1251256 for CVE-2025-61723",
"url": "https://bugzilla.suse.com/1251256"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-03T09:04:46Z",
"details": "moderate"
}
],
"title": "CVE-2025-61723"
},
{
"cve": "CVE-2025-61724",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-61724"
}
],
"notes": [
{
"category": "general",
"text": "The Reader.ReadResponse function constructs a response string through repeated string concatenation of lines. When the number of lines in a response is large, this can cause excessive CPU consumption.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-61724",
"url": "https://www.suse.com/security/cve/CVE-2025-61724"
},
{
"category": "external",
"summary": "SUSE Bug 1251262 for CVE-2025-61724",
"url": "https://bugzilla.suse.com/1251262"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-03T09:04:46Z",
"details": "moderate"
}
],
"title": "CVE-2025-61724"
},
{
"cve": "CVE-2025-61725",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-61725"
}
],
"notes": [
{
"category": "general",
"text": "The ParseAddress function constructs domain-literal address components through repeated string concatenation. When parsing large domain-literal components, this can cause excessive CPU consumption.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-61725",
"url": "https://www.suse.com/security/cve/CVE-2025-61725"
},
{
"category": "external",
"summary": "SUSE Bug 1251253 for CVE-2025-61725",
"url": "https://bugzilla.suse.com/1251253"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-03T09:04:46Z",
"details": "moderate"
}
],
"title": "CVE-2025-61725"
},
{
"cve": "CVE-2025-61726",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-61726"
}
],
"notes": [
{
"category": "general",
"text": "The net/url package does not set a limit on the number of query parameters in a query. While the maximum size of query parameters in URLs is generally limited by the maximum request header size, the net/http.Request.ParseForm method can parse large URL-encoded forms. Parsing a large form containing many unique query parameters can cause excessive memory consumption.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-61726",
"url": "https://www.suse.com/security/cve/CVE-2025-61726"
},
{
"category": "external",
"summary": "SUSE Bug 1256817 for CVE-2025-61726",
"url": "https://bugzilla.suse.com/1256817"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-03T09:04:46Z",
"details": "moderate"
}
],
"title": "CVE-2025-61726"
},
{
"cve": "CVE-2025-61727",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-61727"
}
],
"notes": [
{
"category": "general",
"text": "An excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate. For example a constraint that excludes the subdomain test.example.com does not prevent a leaf certificate from claiming the SAN *.example.com.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-61727",
"url": "https://www.suse.com/security/cve/CVE-2025-61727"
},
{
"category": "external",
"summary": "SUSE Bug 1254430 for CVE-2025-61727",
"url": "https://bugzilla.suse.com/1254430"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-03T09:04:46Z",
"details": "important"
}
],
"title": "CVE-2025-61727"
},
{
"cve": "CVE-2025-61728",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-61728"
}
],
"notes": [
{
"category": "general",
"text": "archive/zip uses a super-linear file name indexing algorithm that is invoked the first time a file in an archive is opened. This can lead to a denial of service when consuming a maliciously constructed ZIP archive.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-61728",
"url": "https://www.suse.com/security/cve/CVE-2025-61728"
},
{
"category": "external",
"summary": "SUSE Bug 1256816 for CVE-2025-61728",
"url": "https://bugzilla.suse.com/1256816"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-03T09:04:46Z",
"details": "moderate"
}
],
"title": "CVE-2025-61728"
},
{
"cve": "CVE-2025-61729",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-61729"
}
],
"notes": [
{
"category": "general",
"text": "Within HostnameError.Error(), when constructing an error string, there is no limit to the number of hosts that will be printed out. Furthermore, the error string is constructed by repeated string concatenation, leading to quadratic runtime. Therefore, a certificate provided by a malicious actor can result in excessive resource consumption.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-61729",
"url": "https://www.suse.com/security/cve/CVE-2025-61729"
},
{
"category": "external",
"summary": "SUSE Bug 1254431 for CVE-2025-61729",
"url": "https://bugzilla.suse.com/1254431"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-03T09:04:46Z",
"details": "important"
}
],
"title": "CVE-2025-61729"
},
{
"cve": "CVE-2025-61730",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-61730"
}
],
"notes": [
{
"category": "general",
"text": "During the TLS 1.3 handshake if multiple messages are sent in records that span encryption level boundaries (for instance the Client Hello and Encrypted Extensions messages), the subsequent messages may be processed before the encryption level changes. This can cause some minor information disclosure if a network-local attacker can inject messages during the handshake.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-61730",
"url": "https://www.suse.com/security/cve/CVE-2025-61730"
},
{
"category": "external",
"summary": "SUSE Bug 1256821 for CVE-2025-61730",
"url": "https://bugzilla.suse.com/1256821"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-03T09:04:46Z",
"details": "moderate"
}
],
"title": "CVE-2025-61730"
},
{
"cve": "CVE-2025-61731",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-61731"
}
],
"notes": [
{
"category": "general",
"text": "Building a malicious file with cmd/go can cause can cause a write to an attacker-controlled file with partial control of the file content. The \"#cgo pkg-config:\" directive in a Go source file provides command-line arguments to provide to the Go pkg-config command. An attacker can provide a \"--log-file\" argument to this directive, causing pkg-config to write to an attacker-controlled location.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-61731",
"url": "https://www.suse.com/security/cve/CVE-2025-61731"
},
{
"category": "external",
"summary": "SUSE Bug 1256819 for CVE-2025-61731",
"url": "https://bugzilla.suse.com/1256819"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-03T09:04:46Z",
"details": "important"
}
],
"title": "CVE-2025-61731"
},
{
"cve": "CVE-2025-68119",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68119"
}
],
"notes": [
{
"category": "general",
"text": "Downloading and building modules with malicious version strings can cause local code execution. On systems with Mercurial (hg) installed, downloading modules from non-standard sources (e.g., custom domains) can cause unexpected code execution due to how external VCS commands are constructed. This issue can also be triggered by providing a malicious version string to the toolchain. On systems with Git installed, downloading and building modules with malicious version strings can allow an attacker to write to arbitrary files on the filesystem. This can only be triggered by explicitly providing the malicious version strings to the toolchain and does not affect usage of @latest or bare module paths.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68119",
"url": "https://www.suse.com/security/cve/CVE-2025-68119"
},
{
"category": "external",
"summary": "SUSE Bug 1256820 for CVE-2025-68119",
"url": "https://bugzilla.suse.com/1256820"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-03T09:04:46Z",
"details": "important"
}
],
"title": "CVE-2025-68119"
},
{
"cve": "CVE-2025-68121",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68121"
}
],
"notes": [
{
"category": "general",
"text": "During session resumption in crypto/tls, if the underlying Config has its ClientCAs or RootCAs fields mutated between the initial handshake and the resumed handshake, the resumed handshake may succeed when it should have failed. This may happen when a user calls Config.Clone and mutates the returned Config, or uses Config.GetConfigForClient. This can cause a client to resume a session with a server that it would not have resumed with during the initial handshake, or cause a server to resume a session with a client that it would not have resumed with during the initial handshake.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68121",
"url": "https://www.suse.com/security/cve/CVE-2025-68121"
},
{
"category": "external",
"summary": "SUSE Bug 1256818 for CVE-2025-68121",
"url": "https://bugzilla.suse.com/1256818"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-03T09:04:46Z",
"details": "important"
}
],
"title": "CVE-2025-68121"
}
]
}
OPENSUSE-SU-2026:20308-1
Vulnerability from csaf_opensuse - Published: 2026-03-03 17:46 - Updated: 2026-03-03 17:46Summary
Security update for go1.24-openssl
Severity
Critical
Notes
Title of the patch: Security update for go1.24-openssl
Description of the patch: This update for go1.24-openssl fixes the following issues:
- Update to version 1.24.13 (jsc#SLE-18320)
- CVE-2025-58189: crypto/tls: ALPN negotiation error contains attacker controlled information. (bsc#1251255)
- CVE-2025-61725: net/mail: excessive CPU consumption in ParseAddress. (bsc#1251253)
- CVE-2025-58188: crypto/x509: panic when validating certificates with DSA public keys. (bsc#1251260)
- CVE-2025-58185: encoding/asn1: pre-allocating memory when parsing DER payload can cause memory exhaustion. (bsc#1251258)
- CVE-2025-58186: net/http: lack of limit when parsing cookies can cause memory exhaustion. (bsc#1251259)
- CVE-2025-61723: encoding/pem: quadratic complexity when parsing some invalid inputs. (bsc#1251256)
- CVE-2025-58183: archive/tar: unbounded allocation when parsing GNU sparse map. (bsc#1251261)
- CVE-2025-47912: net/url: insufficient validation of bracketed IPv6 hostnames. (bsc#1251257)
- CVE-2025-58187: crypto/x509: quadratic complexity when checking name constraints. (bsc#1251254)
- CVE-2025-61724: net/textproto: excessive CPU consumption in Reader.ReadResponse. (bsc#1251262)
- CVE-2025-61729: crypto/x509: excessive resource consumption in printing error string for host certificate validation. (bsc#1254431)
- CVE-2025-61727: crypto/x509: excluded subdomain constraint doesn't preclude wildcard SAN. (bsc#1254430)
- CVE-2025-61730: crypto/tls: handshake messages may be processed at the incorrect encryption level. (bsc#1256821)
- CVE-2025-61731: cmd/go: bypass of flag sanitization can lead to arbitrary code execution. (bsc#1256819)
- CVE-2025-61726: net/http: memory exhaustion in Request.ParseForm. (bsc#1256817)
- CVE-2025-61728: archive/zip: denial of service when parsing arbitrary ZIP archives. (bsc#1256816)
- CVE-2025-68121: crypto/tls: Config.Clone copies automatically generated session ticket keys, session resumption does not account for the expiration of full certificate chain. (bsc#1256818)
- CVE-2025-61732: cmd/go: potential code smuggling using doc comments. (bsc#1257692)
- CVE-2025-68119: cmd/go: unexpected code execution when invoking toolchain. (bsc#1256820)
Patchnames: openSUSE-Leap-16.0-346
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
8.2 (High)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.3 (Medium)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.3 (Medium)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.3 (Medium)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
4 (Medium)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.3 (Medium)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.3 (Medium)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.5 (Medium)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.5 (Medium)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
5.5 (Medium)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
9.6 (Critical)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.4 (High)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
83 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "critical"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for go1.24-openssl",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for go1.24-openssl fixes the following issues:\n\n- Update to version 1.24.13 (jsc#SLE-18320)\n- CVE-2025-58189: crypto/tls: ALPN negotiation error contains attacker controlled information. (bsc#1251255)\n- CVE-2025-61725: net/mail: excessive CPU consumption in ParseAddress. (bsc#1251253)\n- CVE-2025-58188: crypto/x509: panic when validating certificates with DSA public keys. (bsc#1251260)\n- CVE-2025-58185: encoding/asn1: pre-allocating memory when parsing DER payload can cause memory exhaustion. (bsc#1251258)\n- CVE-2025-58186: net/http: lack of limit when parsing cookies can cause memory exhaustion. (bsc#1251259)\n- CVE-2025-61723: encoding/pem: quadratic complexity when parsing some invalid inputs. (bsc#1251256)\n- CVE-2025-58183: archive/tar: unbounded allocation when parsing GNU sparse map. (bsc#1251261)\n- CVE-2025-47912: net/url: insufficient validation of bracketed IPv6 hostnames. (bsc#1251257)\n- CVE-2025-58187: crypto/x509: quadratic complexity when checking name constraints. (bsc#1251254)\n- CVE-2025-61724: net/textproto: excessive CPU consumption in Reader.ReadResponse. (bsc#1251262)\n- CVE-2025-61729: crypto/x509: excessive resource consumption in printing error string for host certificate validation. (bsc#1254431)\n- CVE-2025-61727: crypto/x509: excluded subdomain constraint doesn\u0027t preclude wildcard SAN. (bsc#1254430)\n- CVE-2025-61730: crypto/tls: handshake messages may be processed at the incorrect encryption level. (bsc#1256821)\n- CVE-2025-61731: cmd/go: bypass of flag sanitization can lead to arbitrary code execution. (bsc#1256819)\n- CVE-2025-61726: net/http: memory exhaustion in Request.ParseForm. (bsc#1256817)\n- CVE-2025-61728: archive/zip: denial of service when parsing arbitrary ZIP archives. (bsc#1256816)\n- CVE-2025-68121: crypto/tls: Config.Clone copies automatically generated session ticket keys, session resumption does not account for the expiration of full certificate chain. (bsc#1256818)\n- CVE-2025-61732: cmd/go: potential code smuggling using doc comments. (bsc#1257692)\n- CVE-2025-68119: cmd/go: unexpected code execution when invoking toolchain. (bsc#1256820)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Leap-16.0-346",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2026_20308-1.json"
},
{
"category": "self",
"summary": "SUSE Bug 1236217",
"url": "https://bugzilla.suse.com/1236217"
},
{
"category": "self",
"summary": "SUSE Bug 1245878",
"url": "https://bugzilla.suse.com/1245878"
},
{
"category": "self",
"summary": "SUSE Bug 1247816",
"url": "https://bugzilla.suse.com/1247816"
},
{
"category": "self",
"summary": "SUSE Bug 1248082",
"url": "https://bugzilla.suse.com/1248082"
},
{
"category": "self",
"summary": "SUSE Bug 1249985",
"url": "https://bugzilla.suse.com/1249985"
},
{
"category": "self",
"summary": "SUSE Bug 1251253",
"url": "https://bugzilla.suse.com/1251253"
},
{
"category": "self",
"summary": "SUSE Bug 1251254",
"url": "https://bugzilla.suse.com/1251254"
},
{
"category": "self",
"summary": "SUSE Bug 1251255",
"url": "https://bugzilla.suse.com/1251255"
},
{
"category": "self",
"summary": "SUSE Bug 1251256",
"url": "https://bugzilla.suse.com/1251256"
},
{
"category": "self",
"summary": "SUSE Bug 1251257",
"url": "https://bugzilla.suse.com/1251257"
},
{
"category": "self",
"summary": "SUSE Bug 1251258",
"url": "https://bugzilla.suse.com/1251258"
},
{
"category": "self",
"summary": "SUSE Bug 1251259",
"url": "https://bugzilla.suse.com/1251259"
},
{
"category": "self",
"summary": "SUSE Bug 1251260",
"url": "https://bugzilla.suse.com/1251260"
},
{
"category": "self",
"summary": "SUSE Bug 1251261",
"url": "https://bugzilla.suse.com/1251261"
},
{
"category": "self",
"summary": "SUSE Bug 1251262",
"url": "https://bugzilla.suse.com/1251262"
},
{
"category": "self",
"summary": "SUSE Bug 1254430",
"url": "https://bugzilla.suse.com/1254430"
},
{
"category": "self",
"summary": "SUSE Bug 1254431",
"url": "https://bugzilla.suse.com/1254431"
},
{
"category": "self",
"summary": "SUSE Bug 1256816",
"url": "https://bugzilla.suse.com/1256816"
},
{
"category": "self",
"summary": "SUSE Bug 1256817",
"url": "https://bugzilla.suse.com/1256817"
},
{
"category": "self",
"summary": "SUSE Bug 1256818",
"url": "https://bugzilla.suse.com/1256818"
},
{
"category": "self",
"summary": "SUSE Bug 1256819",
"url": "https://bugzilla.suse.com/1256819"
},
{
"category": "self",
"summary": "SUSE Bug 1256820",
"url": "https://bugzilla.suse.com/1256820"
},
{
"category": "self",
"summary": "SUSE Bug 1256821",
"url": "https://bugzilla.suse.com/1256821"
},
{
"category": "self",
"summary": "SUSE Bug 1257692",
"url": "https://bugzilla.suse.com/1257692"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-47912 page",
"url": "https://www.suse.com/security/cve/CVE-2025-47912/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-58183 page",
"url": "https://www.suse.com/security/cve/CVE-2025-58183/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-58185 page",
"url": "https://www.suse.com/security/cve/CVE-2025-58185/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-58186 page",
"url": "https://www.suse.com/security/cve/CVE-2025-58186/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-58187 page",
"url": "https://www.suse.com/security/cve/CVE-2025-58187/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-58188 page",
"url": "https://www.suse.com/security/cve/CVE-2025-58188/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-58189 page",
"url": "https://www.suse.com/security/cve/CVE-2025-58189/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-61723 page",
"url": "https://www.suse.com/security/cve/CVE-2025-61723/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-61724 page",
"url": "https://www.suse.com/security/cve/CVE-2025-61724/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-61725 page",
"url": "https://www.suse.com/security/cve/CVE-2025-61725/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-61726 page",
"url": "https://www.suse.com/security/cve/CVE-2025-61726/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-61727 page",
"url": "https://www.suse.com/security/cve/CVE-2025-61727/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-61728 page",
"url": "https://www.suse.com/security/cve/CVE-2025-61728/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-61729 page",
"url": "https://www.suse.com/security/cve/CVE-2025-61729/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-61730 page",
"url": "https://www.suse.com/security/cve/CVE-2025-61730/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-61731 page",
"url": "https://www.suse.com/security/cve/CVE-2025-61731/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-61732 page",
"url": "https://www.suse.com/security/cve/CVE-2025-61732/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68119 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68119/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68121 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68121/"
}
],
"title": "Security update for go1.24-openssl",
"tracking": {
"current_release_date": "2026-03-03T17:46:58Z",
"generator": {
"date": "2026-03-03T17:46:58Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2026:20308-1",
"initial_release_date": "2026-03-03T17:46:58Z",
"revision_history": [
{
"date": "2026-03-03T17:46:58Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "go1.24-openssl-1.24.13-160000.1.1.aarch64",
"product": {
"name": "go1.24-openssl-1.24.13-160000.1.1.aarch64",
"product_id": "go1.24-openssl-1.24.13-160000.1.1.aarch64"
}
},
{
"category": "product_version",
"name": "go1.24-openssl-doc-1.24.13-160000.1.1.aarch64",
"product": {
"name": "go1.24-openssl-doc-1.24.13-160000.1.1.aarch64",
"product_id": "go1.24-openssl-doc-1.24.13-160000.1.1.aarch64"
}
},
{
"category": "product_version",
"name": "go1.24-openssl-race-1.24.13-160000.1.1.aarch64",
"product": {
"name": "go1.24-openssl-race-1.24.13-160000.1.1.aarch64",
"product_id": "go1.24-openssl-race-1.24.13-160000.1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "go1.24-openssl-1.24.13-160000.1.1.ppc64le",
"product": {
"name": "go1.24-openssl-1.24.13-160000.1.1.ppc64le",
"product_id": "go1.24-openssl-1.24.13-160000.1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "go1.24-openssl-doc-1.24.13-160000.1.1.ppc64le",
"product": {
"name": "go1.24-openssl-doc-1.24.13-160000.1.1.ppc64le",
"product_id": "go1.24-openssl-doc-1.24.13-160000.1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "go1.24-openssl-race-1.24.13-160000.1.1.ppc64le",
"product": {
"name": "go1.24-openssl-race-1.24.13-160000.1.1.ppc64le",
"product_id": "go1.24-openssl-race-1.24.13-160000.1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "go1.24-openssl-1.24.13-160000.1.1.s390x",
"product": {
"name": "go1.24-openssl-1.24.13-160000.1.1.s390x",
"product_id": "go1.24-openssl-1.24.13-160000.1.1.s390x"
}
},
{
"category": "product_version",
"name": "go1.24-openssl-doc-1.24.13-160000.1.1.s390x",
"product": {
"name": "go1.24-openssl-doc-1.24.13-160000.1.1.s390x",
"product_id": "go1.24-openssl-doc-1.24.13-160000.1.1.s390x"
}
},
{
"category": "product_version",
"name": "go1.24-openssl-race-1.24.13-160000.1.1.s390x",
"product": {
"name": "go1.24-openssl-race-1.24.13-160000.1.1.s390x",
"product_id": "go1.24-openssl-race-1.24.13-160000.1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "go1.24-openssl-1.24.13-160000.1.1.x86_64",
"product": {
"name": "go1.24-openssl-1.24.13-160000.1.1.x86_64",
"product_id": "go1.24-openssl-1.24.13-160000.1.1.x86_64"
}
},
{
"category": "product_version",
"name": "go1.24-openssl-doc-1.24.13-160000.1.1.x86_64",
"product": {
"name": "go1.24-openssl-doc-1.24.13-160000.1.1.x86_64",
"product_id": "go1.24-openssl-doc-1.24.13-160000.1.1.x86_64"
}
},
{
"category": "product_version",
"name": "go1.24-openssl-race-1.24.13-160000.1.1.x86_64",
"product": {
"name": "go1.24-openssl-race-1.24.13-160000.1.1.x86_64",
"product_id": "go1.24-openssl-race-1.24.13-160000.1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 16.0",
"product": {
"name": "openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0"
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.24-openssl-1.24.13-160000.1.1.aarch64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.aarch64"
},
"product_reference": "go1.24-openssl-1.24.13-160000.1.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.24-openssl-1.24.13-160000.1.1.ppc64le as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.ppc64le"
},
"product_reference": "go1.24-openssl-1.24.13-160000.1.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.24-openssl-1.24.13-160000.1.1.s390x as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.s390x"
},
"product_reference": "go1.24-openssl-1.24.13-160000.1.1.s390x",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.24-openssl-1.24.13-160000.1.1.x86_64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.x86_64"
},
"product_reference": "go1.24-openssl-1.24.13-160000.1.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.24-openssl-doc-1.24.13-160000.1.1.aarch64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.aarch64"
},
"product_reference": "go1.24-openssl-doc-1.24.13-160000.1.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.24-openssl-doc-1.24.13-160000.1.1.ppc64le as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.ppc64le"
},
"product_reference": "go1.24-openssl-doc-1.24.13-160000.1.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.24-openssl-doc-1.24.13-160000.1.1.s390x as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.s390x"
},
"product_reference": "go1.24-openssl-doc-1.24.13-160000.1.1.s390x",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.24-openssl-doc-1.24.13-160000.1.1.x86_64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.x86_64"
},
"product_reference": "go1.24-openssl-doc-1.24.13-160000.1.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.24-openssl-race-1.24.13-160000.1.1.aarch64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.aarch64"
},
"product_reference": "go1.24-openssl-race-1.24.13-160000.1.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.24-openssl-race-1.24.13-160000.1.1.ppc64le as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.ppc64le"
},
"product_reference": "go1.24-openssl-race-1.24.13-160000.1.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.24-openssl-race-1.24.13-160000.1.1.s390x as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.s390x"
},
"product_reference": "go1.24-openssl-race-1.24.13-160000.1.1.s390x",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.24-openssl-race-1.24.13-160000.1.1.x86_64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.x86_64"
},
"product_reference": "go1.24-openssl-race-1.24.13-160000.1.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 16.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-47912",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-47912"
}
],
"notes": [
{
"category": "general",
"text": "The Parse function permits values other than IPv6 addresses to be included in square brackets within the host component of a URL. RFC 3986 permits IPv6 addresses to be included within the host component, enclosed within square brackets. For example: \"http://[::1]/\". IPv4 addresses and hostnames must not appear within square brackets. Parse did not enforce this requirement.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-47912",
"url": "https://www.suse.com/security/cve/CVE-2025-47912"
},
{
"category": "external",
"summary": "SUSE Bug 1251257 for CVE-2025-47912",
"url": "https://bugzilla.suse.com/1251257"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-03T17:46:58Z",
"details": "important"
}
],
"title": "CVE-2025-47912"
},
{
"cve": "CVE-2025-58183",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-58183"
}
],
"notes": [
{
"category": "general",
"text": "tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A maliciously-crafted archive containing a large number of sparse regions can cause a Reader to read an unbounded amount of data from the archive into memory. When reading from a compressed source, a small compressed input can result in large allocations.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-58183",
"url": "https://www.suse.com/security/cve/CVE-2025-58183"
},
{
"category": "external",
"summary": "SUSE Bug 1251261 for CVE-2025-58183",
"url": "https://bugzilla.suse.com/1251261"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-03T17:46:58Z",
"details": "moderate"
}
],
"title": "CVE-2025-58183"
},
{
"cve": "CVE-2025-58185",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-58185"
}
],
"notes": [
{
"category": "general",
"text": "Parsing a maliciously crafted DER payload could allocate large amounts of memory, causing memory exhaustion.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-58185",
"url": "https://www.suse.com/security/cve/CVE-2025-58185"
},
{
"category": "external",
"summary": "SUSE Bug 1251258 for CVE-2025-58185",
"url": "https://bugzilla.suse.com/1251258"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-03T17:46:58Z",
"details": "moderate"
}
],
"title": "CVE-2025-58185"
},
{
"cve": "CVE-2025-58186",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-58186"
}
],
"notes": [
{
"category": "general",
"text": "Despite HTTP headers having a default limit of 1MB, the number of cookies that can be parsed does not have a limit. By sending a lot of very small cookies such as \"a=;\", an attacker can make an HTTP server allocate a large amount of structs, causing large memory consumption.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-58186",
"url": "https://www.suse.com/security/cve/CVE-2025-58186"
},
{
"category": "external",
"summary": "SUSE Bug 1251259 for CVE-2025-58186",
"url": "https://bugzilla.suse.com/1251259"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-03T17:46:58Z",
"details": "moderate"
}
],
"title": "CVE-2025-58186"
},
{
"cve": "CVE-2025-58187",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-58187"
}
],
"notes": [
{
"category": "general",
"text": "Due to the design of the name constraint checking algorithm, the processing time of some inputs scale non-linearly with respect to the size of the certificate. This affects programs which validate arbitrary certificate chains.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-58187",
"url": "https://www.suse.com/security/cve/CVE-2025-58187"
},
{
"category": "external",
"summary": "SUSE Bug 1251254 for CVE-2025-58187",
"url": "https://bugzilla.suse.com/1251254"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-03T17:46:58Z",
"details": "moderate"
}
],
"title": "CVE-2025-58187"
},
{
"cve": "CVE-2025-58188",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-58188"
}
],
"notes": [
{
"category": "general",
"text": "Validating certificate chains which contain DSA public keys can cause programs to panic, due to a interface cast that assumes they implement the Equal method. This affects programs which validate arbitrary certificate chains.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-58188",
"url": "https://www.suse.com/security/cve/CVE-2025-58188"
},
{
"category": "external",
"summary": "SUSE Bug 1251260 for CVE-2025-58188",
"url": "https://bugzilla.suse.com/1251260"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-03T17:46:58Z",
"details": "important"
}
],
"title": "CVE-2025-58188"
},
{
"cve": "CVE-2025-58189",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-58189"
}
],
"notes": [
{
"category": "general",
"text": "When Conn.Handshake fails during ALPN negotiation the error contains attacker controlled information (the ALPN protocols sent by the client) which is not escaped.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-58189",
"url": "https://www.suse.com/security/cve/CVE-2025-58189"
},
{
"category": "external",
"summary": "SUSE Bug 1251255 for CVE-2025-58189",
"url": "https://bugzilla.suse.com/1251255"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-03T17:46:58Z",
"details": "moderate"
}
],
"title": "CVE-2025-58189"
},
{
"cve": "CVE-2025-61723",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-61723"
}
],
"notes": [
{
"category": "general",
"text": "The processing time for parsing some invalid inputs scales non-linearly with respect to the size of the input. This affects programs which parse untrusted PEM inputs.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-61723",
"url": "https://www.suse.com/security/cve/CVE-2025-61723"
},
{
"category": "external",
"summary": "SUSE Bug 1251256 for CVE-2025-61723",
"url": "https://bugzilla.suse.com/1251256"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-03T17:46:58Z",
"details": "moderate"
}
],
"title": "CVE-2025-61723"
},
{
"cve": "CVE-2025-61724",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-61724"
}
],
"notes": [
{
"category": "general",
"text": "The Reader.ReadResponse function constructs a response string through repeated string concatenation of lines. When the number of lines in a response is large, this can cause excessive CPU consumption.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-61724",
"url": "https://www.suse.com/security/cve/CVE-2025-61724"
},
{
"category": "external",
"summary": "SUSE Bug 1251262 for CVE-2025-61724",
"url": "https://bugzilla.suse.com/1251262"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-03T17:46:58Z",
"details": "moderate"
}
],
"title": "CVE-2025-61724"
},
{
"cve": "CVE-2025-61725",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-61725"
}
],
"notes": [
{
"category": "general",
"text": "The ParseAddress function constructs domain-literal address components through repeated string concatenation. When parsing large domain-literal components, this can cause excessive CPU consumption.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-61725",
"url": "https://www.suse.com/security/cve/CVE-2025-61725"
},
{
"category": "external",
"summary": "SUSE Bug 1251253 for CVE-2025-61725",
"url": "https://bugzilla.suse.com/1251253"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-03T17:46:58Z",
"details": "moderate"
}
],
"title": "CVE-2025-61725"
},
{
"cve": "CVE-2025-61726",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-61726"
}
],
"notes": [
{
"category": "general",
"text": "The net/url package does not set a limit on the number of query parameters in a query. While the maximum size of query parameters in URLs is generally limited by the maximum request header size, the net/http.Request.ParseForm method can parse large URL-encoded forms. Parsing a large form containing many unique query parameters can cause excessive memory consumption.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-61726",
"url": "https://www.suse.com/security/cve/CVE-2025-61726"
},
{
"category": "external",
"summary": "SUSE Bug 1256817 for CVE-2025-61726",
"url": "https://bugzilla.suse.com/1256817"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-03T17:46:58Z",
"details": "moderate"
}
],
"title": "CVE-2025-61726"
},
{
"cve": "CVE-2025-61727",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-61727"
}
],
"notes": [
{
"category": "general",
"text": "An excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate. For example a constraint that excludes the subdomain test.example.com does not prevent a leaf certificate from claiming the SAN *.example.com.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-61727",
"url": "https://www.suse.com/security/cve/CVE-2025-61727"
},
{
"category": "external",
"summary": "SUSE Bug 1254430 for CVE-2025-61727",
"url": "https://bugzilla.suse.com/1254430"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-03T17:46:58Z",
"details": "important"
}
],
"title": "CVE-2025-61727"
},
{
"cve": "CVE-2025-61728",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-61728"
}
],
"notes": [
{
"category": "general",
"text": "archive/zip uses a super-linear file name indexing algorithm that is invoked the first time a file in an archive is opened. This can lead to a denial of service when consuming a maliciously constructed ZIP archive.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-61728",
"url": "https://www.suse.com/security/cve/CVE-2025-61728"
},
{
"category": "external",
"summary": "SUSE Bug 1256816 for CVE-2025-61728",
"url": "https://bugzilla.suse.com/1256816"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-03T17:46:58Z",
"details": "moderate"
}
],
"title": "CVE-2025-61728"
},
{
"cve": "CVE-2025-61729",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-61729"
}
],
"notes": [
{
"category": "general",
"text": "Within HostnameError.Error(), when constructing an error string, there is no limit to the number of hosts that will be printed out. Furthermore, the error string is constructed by repeated string concatenation, leading to quadratic runtime. Therefore, a certificate provided by a malicious actor can result in excessive resource consumption.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-61729",
"url": "https://www.suse.com/security/cve/CVE-2025-61729"
},
{
"category": "external",
"summary": "SUSE Bug 1254431 for CVE-2025-61729",
"url": "https://bugzilla.suse.com/1254431"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-03T17:46:58Z",
"details": "important"
}
],
"title": "CVE-2025-61729"
},
{
"cve": "CVE-2025-61730",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-61730"
}
],
"notes": [
{
"category": "general",
"text": "During the TLS 1.3 handshake if multiple messages are sent in records that span encryption level boundaries (for instance the Client Hello and Encrypted Extensions messages), the subsequent messages may be processed before the encryption level changes. This can cause some minor information disclosure if a network-local attacker can inject messages during the handshake.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-61730",
"url": "https://www.suse.com/security/cve/CVE-2025-61730"
},
{
"category": "external",
"summary": "SUSE Bug 1256821 for CVE-2025-61730",
"url": "https://bugzilla.suse.com/1256821"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-03T17:46:58Z",
"details": "moderate"
}
],
"title": "CVE-2025-61730"
},
{
"cve": "CVE-2025-61731",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-61731"
}
],
"notes": [
{
"category": "general",
"text": "Building a malicious file with cmd/go can cause can cause a write to an attacker-controlled file with partial control of the file content. The \"#cgo pkg-config:\" directive in a Go source file provides command-line arguments to provide to the Go pkg-config command. An attacker can provide a \"--log-file\" argument to this directive, causing pkg-config to write to an attacker-controlled location.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-61731",
"url": "https://www.suse.com/security/cve/CVE-2025-61731"
},
{
"category": "external",
"summary": "SUSE Bug 1256819 for CVE-2025-61731",
"url": "https://bugzilla.suse.com/1256819"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-03T17:46:58Z",
"details": "important"
}
],
"title": "CVE-2025-61731"
},
{
"cve": "CVE-2025-61732",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-61732"
}
],
"notes": [
{
"category": "general",
"text": "A discrepancy between how Go and C/C++ comments were parsed allowed for code smuggling into the resulting cgo binary.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-61732",
"url": "https://www.suse.com/security/cve/CVE-2025-61732"
},
{
"category": "external",
"summary": "SUSE Bug 1257692 for CVE-2025-61732",
"url": "https://bugzilla.suse.com/1257692"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-03T17:46:58Z",
"details": "critical"
}
],
"title": "CVE-2025-61732"
},
{
"cve": "CVE-2025-68119",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68119"
}
],
"notes": [
{
"category": "general",
"text": "Downloading and building modules with malicious version strings can cause local code execution. On systems with Mercurial (hg) installed, downloading modules from non-standard sources (e.g., custom domains) can cause unexpected code execution due to how external VCS commands are constructed. This issue can also be triggered by providing a malicious version string to the toolchain. On systems with Git installed, downloading and building modules with malicious version strings can allow an attacker to write to arbitrary files on the filesystem. This can only be triggered by explicitly providing the malicious version strings to the toolchain and does not affect usage of @latest or bare module paths.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68119",
"url": "https://www.suse.com/security/cve/CVE-2025-68119"
},
{
"category": "external",
"summary": "SUSE Bug 1256820 for CVE-2025-68119",
"url": "https://bugzilla.suse.com/1256820"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-03T17:46:58Z",
"details": "important"
}
],
"title": "CVE-2025-68119"
},
{
"cve": "CVE-2025-68121",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68121"
}
],
"notes": [
{
"category": "general",
"text": "During session resumption in crypto/tls, if the underlying Config has its ClientCAs or RootCAs fields mutated between the initial handshake and the resumed handshake, the resumed handshake may succeed when it should have failed. This may happen when a user calls Config.Clone and mutates the returned Config, or uses Config.GetConfigForClient. This can cause a client to resume a session with a server that it would not have resumed with during the initial handshake, or cause a server to resume a session with a client that it would not have resumed with during the initial handshake.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68121",
"url": "https://www.suse.com/security/cve/CVE-2025-68121"
},
{
"category": "external",
"summary": "SUSE Bug 1256818 for CVE-2025-68121",
"url": "https://bugzilla.suse.com/1256818"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-03T17:46:58Z",
"details": "important"
}
],
"title": "CVE-2025-68121"
}
]
}
OPENSUSE-SU-2026:20619-1
Vulnerability from csaf_opensuse - Published: 2026-04-23 16:09 - Updated: 2026-04-23 16:09Summary
Security update for coredns
Severity
Important
Notes
Title of the patch: Security update for coredns
Description of the patch: This update for coredns fixes the following issues:
Changes in coredns:
- Update to version 1.14.2:
* plugin/reload: Allow disabling jitter with 0s
* bump deps
* plugin/forward: fix parsing error when handling TLS+IPv6 address
* plugin/loop: use crypto/rand for query name generation
* plugin: reorder rewrite before acl to prevent bypass
* fix(rewrite): fix cname target rewrite for CNAME chains
* fix(kubernetes): panic on empty ListenHosts
* chore: bump minimum Go version to 1.25
* feat(proxyproto): add proxy protocol support
* refactor(cache): modernize with generics
* Add metadata for response Type and Class to Log
* docs: clarify kubernetes auth docs
* fix: return SOA and NS records when queried for a record CNAMEd to origin
- fixes bsc#1259320 CVE-2026-26017
- fixes bsc#1259319 CVE-2026-26018
- address more unstable unstable tests under aarch64 and s390x
- Update to version 1.14.1:
* This release primarily addresses security vulnerabilities affecting Go
versions prior to Go 1.25.6 and Go 1.24.12
(CVE-2025-61728, CVE-2025-61726, CVE-2025-68121, CVE-2025-61731,
CVE-2025-68119).
It also includes performance improvements to the proxy plugin via
multiplexed connections, along with various documentation updates.
Patchnames: openSUSE-Leap-16.0-packagehub-212
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
6.5 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:coredns-1.14.2-bp160.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:coredns-1.14.2-bp160.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:coredns-1.14.2-bp160.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:coredns-extras-1.14.2-bp160.1.1.noarch | — |
Vendor Fix
|
Threats
Impact
moderate
5.5 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:coredns-1.14.2-bp160.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:coredns-1.14.2-bp160.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:coredns-1.14.2-bp160.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:coredns-extras-1.14.2-bp160.1.1.noarch | — |
Vendor Fix
|
Threats
Impact
moderate
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:coredns-1.14.2-bp160.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:coredns-1.14.2-bp160.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:coredns-1.14.2-bp160.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:coredns-extras-1.14.2-bp160.1.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:coredns-1.14.2-bp160.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:coredns-1.14.2-bp160.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:coredns-1.14.2-bp160.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:coredns-extras-1.14.2-bp160.1.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
7.4 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:coredns-1.14.2-bp160.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:coredns-1.14.2-bp160.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:coredns-1.14.2-bp160.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:coredns-extras-1.14.2-bp160.1.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
6.3 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:coredns-1.14.2-bp160.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:coredns-1.14.2-bp160.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:coredns-1.14.2-bp160.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:coredns-extras-1.14.2-bp160.1.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:coredns-1.14.2-bp160.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:coredns-1.14.2-bp160.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:coredns-1.14.2-bp160.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:coredns-extras-1.14.2-bp160.1.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
References
25 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for coredns",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for coredns fixes the following issues:\n\nChanges in coredns:\n\n- Update to version 1.14.2:\n * plugin/reload: Allow disabling jitter with 0s\n * bump deps\n * plugin/forward: fix parsing error when handling TLS+IPv6 address\n * plugin/loop: use crypto/rand for query name generation\n * plugin: reorder rewrite before acl to prevent bypass\n * fix(rewrite): fix cname target rewrite for CNAME chains\n * fix(kubernetes): panic on empty ListenHosts\n * chore: bump minimum Go version to 1.25\n * feat(proxyproto): add proxy protocol support\n * refactor(cache): modernize with generics\n * Add metadata for response Type and Class to Log\n * docs: clarify kubernetes auth docs\n * fix: return SOA and NS records when queried for a record CNAMEd to origin\n\n- fixes bsc#1259320 CVE-2026-26017\n- fixes bsc#1259319 CVE-2026-26018\n\n- address more unstable unstable tests under aarch64 and s390x\n\n- Update to version 1.14.1:\n * This release primarily addresses security vulnerabilities affecting Go\n versions prior to Go 1.25.6 and Go 1.24.12\n (CVE-2025-61728, CVE-2025-61726, CVE-2025-68121, CVE-2025-61731,\n CVE-2025-68119).\n It also includes performance improvements to the proxy plugin via\n multiplexed connections, along with various documentation updates.\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Leap-16.0-packagehub-212",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2026_20619-1.json"
},
{
"category": "self",
"summary": "SUSE Bug 1259319",
"url": "https://bugzilla.suse.com/1259319"
},
{
"category": "self",
"summary": "SUSE Bug 1259320",
"url": "https://bugzilla.suse.com/1259320"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-61726 page",
"url": "https://www.suse.com/security/cve/CVE-2025-61726/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-61728 page",
"url": "https://www.suse.com/security/cve/CVE-2025-61728/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-61731 page",
"url": "https://www.suse.com/security/cve/CVE-2025-61731/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68119 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68119/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68121 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68121/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-26017 page",
"url": "https://www.suse.com/security/cve/CVE-2026-26017/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-26018 page",
"url": "https://www.suse.com/security/cve/CVE-2026-26018/"
}
],
"title": "Security update for coredns",
"tracking": {
"current_release_date": "2026-04-23T16:09:35Z",
"generator": {
"date": "2026-04-23T16:09:35Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2026:20619-1",
"initial_release_date": "2026-04-23T16:09:35Z",
"revision_history": [
{
"date": "2026-04-23T16:09:35Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "coredns-1.14.2-bp160.1.1.aarch64",
"product": {
"name": "coredns-1.14.2-bp160.1.1.aarch64",
"product_id": "coredns-1.14.2-bp160.1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "coredns-extras-1.14.2-bp160.1.1.noarch",
"product": {
"name": "coredns-extras-1.14.2-bp160.1.1.noarch",
"product_id": "coredns-extras-1.14.2-bp160.1.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "coredns-1.14.2-bp160.1.1.ppc64le",
"product": {
"name": "coredns-1.14.2-bp160.1.1.ppc64le",
"product_id": "coredns-1.14.2-bp160.1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "coredns-1.14.2-bp160.1.1.x86_64",
"product": {
"name": "coredns-1.14.2-bp160.1.1.x86_64",
"product_id": "coredns-1.14.2-bp160.1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 16.0",
"product": {
"name": "openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0"
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "coredns-1.14.2-bp160.1.1.aarch64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:coredns-1.14.2-bp160.1.1.aarch64"
},
"product_reference": "coredns-1.14.2-bp160.1.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "coredns-1.14.2-bp160.1.1.ppc64le as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:coredns-1.14.2-bp160.1.1.ppc64le"
},
"product_reference": "coredns-1.14.2-bp160.1.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "coredns-1.14.2-bp160.1.1.x86_64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:coredns-1.14.2-bp160.1.1.x86_64"
},
"product_reference": "coredns-1.14.2-bp160.1.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "coredns-extras-1.14.2-bp160.1.1.noarch as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:coredns-extras-1.14.2-bp160.1.1.noarch"
},
"product_reference": "coredns-extras-1.14.2-bp160.1.1.noarch",
"relates_to_product_reference": "openSUSE Leap 16.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-61726",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-61726"
}
],
"notes": [
{
"category": "general",
"text": "The net/url package does not set a limit on the number of query parameters in a query. While the maximum size of query parameters in URLs is generally limited by the maximum request header size, the net/http.Request.ParseForm method can parse large URL-encoded forms. Parsing a large form containing many unique query parameters can cause excessive memory consumption.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:coredns-1.14.2-bp160.1.1.aarch64",
"openSUSE Leap 16.0:coredns-1.14.2-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:coredns-1.14.2-bp160.1.1.x86_64",
"openSUSE Leap 16.0:coredns-extras-1.14.2-bp160.1.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-61726",
"url": "https://www.suse.com/security/cve/CVE-2025-61726"
},
{
"category": "external",
"summary": "SUSE Bug 1256817 for CVE-2025-61726",
"url": "https://bugzilla.suse.com/1256817"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:coredns-1.14.2-bp160.1.1.aarch64",
"openSUSE Leap 16.0:coredns-1.14.2-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:coredns-1.14.2-bp160.1.1.x86_64",
"openSUSE Leap 16.0:coredns-extras-1.14.2-bp160.1.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:coredns-1.14.2-bp160.1.1.aarch64",
"openSUSE Leap 16.0:coredns-1.14.2-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:coredns-1.14.2-bp160.1.1.x86_64",
"openSUSE Leap 16.0:coredns-extras-1.14.2-bp160.1.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-23T16:09:35Z",
"details": "moderate"
}
],
"title": "CVE-2025-61726"
},
{
"cve": "CVE-2025-61728",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-61728"
}
],
"notes": [
{
"category": "general",
"text": "archive/zip uses a super-linear file name indexing algorithm that is invoked the first time a file in an archive is opened. This can lead to a denial of service when consuming a maliciously constructed ZIP archive.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:coredns-1.14.2-bp160.1.1.aarch64",
"openSUSE Leap 16.0:coredns-1.14.2-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:coredns-1.14.2-bp160.1.1.x86_64",
"openSUSE Leap 16.0:coredns-extras-1.14.2-bp160.1.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-61728",
"url": "https://www.suse.com/security/cve/CVE-2025-61728"
},
{
"category": "external",
"summary": "SUSE Bug 1256816 for CVE-2025-61728",
"url": "https://bugzilla.suse.com/1256816"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:coredns-1.14.2-bp160.1.1.aarch64",
"openSUSE Leap 16.0:coredns-1.14.2-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:coredns-1.14.2-bp160.1.1.x86_64",
"openSUSE Leap 16.0:coredns-extras-1.14.2-bp160.1.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:coredns-1.14.2-bp160.1.1.aarch64",
"openSUSE Leap 16.0:coredns-1.14.2-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:coredns-1.14.2-bp160.1.1.x86_64",
"openSUSE Leap 16.0:coredns-extras-1.14.2-bp160.1.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-23T16:09:35Z",
"details": "moderate"
}
],
"title": "CVE-2025-61728"
},
{
"cve": "CVE-2025-61731",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-61731"
}
],
"notes": [
{
"category": "general",
"text": "Building a malicious file with cmd/go can cause can cause a write to an attacker-controlled file with partial control of the file content. The \"#cgo pkg-config:\" directive in a Go source file provides command-line arguments to provide to the Go pkg-config command. An attacker can provide a \"--log-file\" argument to this directive, causing pkg-config to write to an attacker-controlled location.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:coredns-1.14.2-bp160.1.1.aarch64",
"openSUSE Leap 16.0:coredns-1.14.2-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:coredns-1.14.2-bp160.1.1.x86_64",
"openSUSE Leap 16.0:coredns-extras-1.14.2-bp160.1.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-61731",
"url": "https://www.suse.com/security/cve/CVE-2025-61731"
},
{
"category": "external",
"summary": "SUSE Bug 1256819 for CVE-2025-61731",
"url": "https://bugzilla.suse.com/1256819"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:coredns-1.14.2-bp160.1.1.aarch64",
"openSUSE Leap 16.0:coredns-1.14.2-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:coredns-1.14.2-bp160.1.1.x86_64",
"openSUSE Leap 16.0:coredns-extras-1.14.2-bp160.1.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:coredns-1.14.2-bp160.1.1.aarch64",
"openSUSE Leap 16.0:coredns-1.14.2-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:coredns-1.14.2-bp160.1.1.x86_64",
"openSUSE Leap 16.0:coredns-extras-1.14.2-bp160.1.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-23T16:09:35Z",
"details": "important"
}
],
"title": "CVE-2025-61731"
},
{
"cve": "CVE-2025-68119",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68119"
}
],
"notes": [
{
"category": "general",
"text": "Downloading and building modules with malicious version strings can cause local code execution. On systems with Mercurial (hg) installed, downloading modules from non-standard sources (e.g., custom domains) can cause unexpected code execution due to how external VCS commands are constructed. This issue can also be triggered by providing a malicious version string to the toolchain. On systems with Git installed, downloading and building modules with malicious version strings can allow an attacker to write to arbitrary files on the filesystem. This can only be triggered by explicitly providing the malicious version strings to the toolchain and does not affect usage of @latest or bare module paths.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:coredns-1.14.2-bp160.1.1.aarch64",
"openSUSE Leap 16.0:coredns-1.14.2-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:coredns-1.14.2-bp160.1.1.x86_64",
"openSUSE Leap 16.0:coredns-extras-1.14.2-bp160.1.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68119",
"url": "https://www.suse.com/security/cve/CVE-2025-68119"
},
{
"category": "external",
"summary": "SUSE Bug 1256820 for CVE-2025-68119",
"url": "https://bugzilla.suse.com/1256820"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:coredns-1.14.2-bp160.1.1.aarch64",
"openSUSE Leap 16.0:coredns-1.14.2-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:coredns-1.14.2-bp160.1.1.x86_64",
"openSUSE Leap 16.0:coredns-extras-1.14.2-bp160.1.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:coredns-1.14.2-bp160.1.1.aarch64",
"openSUSE Leap 16.0:coredns-1.14.2-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:coredns-1.14.2-bp160.1.1.x86_64",
"openSUSE Leap 16.0:coredns-extras-1.14.2-bp160.1.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-23T16:09:35Z",
"details": "important"
}
],
"title": "CVE-2025-68119"
},
{
"cve": "CVE-2025-68121",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68121"
}
],
"notes": [
{
"category": "general",
"text": "During session resumption in crypto/tls, if the underlying Config has its ClientCAs or RootCAs fields mutated between the initial handshake and the resumed handshake, the resumed handshake may succeed when it should have failed. This may happen when a user calls Config.Clone and mutates the returned Config, or uses Config.GetConfigForClient. This can cause a client to resume a session with a server that it would not have resumed with during the initial handshake, or cause a server to resume a session with a client that it would not have resumed with during the initial handshake.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:coredns-1.14.2-bp160.1.1.aarch64",
"openSUSE Leap 16.0:coredns-1.14.2-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:coredns-1.14.2-bp160.1.1.x86_64",
"openSUSE Leap 16.0:coredns-extras-1.14.2-bp160.1.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68121",
"url": "https://www.suse.com/security/cve/CVE-2025-68121"
},
{
"category": "external",
"summary": "SUSE Bug 1256818 for CVE-2025-68121",
"url": "https://bugzilla.suse.com/1256818"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:coredns-1.14.2-bp160.1.1.aarch64",
"openSUSE Leap 16.0:coredns-1.14.2-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:coredns-1.14.2-bp160.1.1.x86_64",
"openSUSE Leap 16.0:coredns-extras-1.14.2-bp160.1.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:coredns-1.14.2-bp160.1.1.aarch64",
"openSUSE Leap 16.0:coredns-1.14.2-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:coredns-1.14.2-bp160.1.1.x86_64",
"openSUSE Leap 16.0:coredns-extras-1.14.2-bp160.1.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-23T16:09:35Z",
"details": "important"
}
],
"title": "CVE-2025-68121"
},
{
"cve": "CVE-2026-26017",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-26017"
}
],
"notes": [
{
"category": "general",
"text": "CoreDNS is a DNS server that chains plugins. Prior to version 1.14.2, a logical vulnerability in CoreDNS allows DNS access controls to be bypassed due to the default execution order of plugins. Security plugins such as acl are evaluated before the rewrite plugin, resulting in a Time-of-Check Time-of-Use (TOCTOU) flaw. This issue has been patched in version 1.14.2.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:coredns-1.14.2-bp160.1.1.aarch64",
"openSUSE Leap 16.0:coredns-1.14.2-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:coredns-1.14.2-bp160.1.1.x86_64",
"openSUSE Leap 16.0:coredns-extras-1.14.2-bp160.1.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-26017",
"url": "https://www.suse.com/security/cve/CVE-2026-26017"
},
{
"category": "external",
"summary": "SUSE Bug 1259320 for CVE-2026-26017",
"url": "https://bugzilla.suse.com/1259320"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:coredns-1.14.2-bp160.1.1.aarch64",
"openSUSE Leap 16.0:coredns-1.14.2-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:coredns-1.14.2-bp160.1.1.x86_64",
"openSUSE Leap 16.0:coredns-extras-1.14.2-bp160.1.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:coredns-1.14.2-bp160.1.1.aarch64",
"openSUSE Leap 16.0:coredns-1.14.2-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:coredns-1.14.2-bp160.1.1.x86_64",
"openSUSE Leap 16.0:coredns-extras-1.14.2-bp160.1.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-23T16:09:35Z",
"details": "important"
}
],
"title": "CVE-2026-26017"
},
{
"cve": "CVE-2026-26018",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-26018"
}
],
"notes": [
{
"category": "general",
"text": "CoreDNS is a DNS server that chains plugins. Prior to version 1.14.2, a denial of service vulnerability exists in CoreDNS\u0027s loop detection plugin that allows an attacker to crash the DNS server by sending specially crafted DNS queries. The vulnerability stems from the use of a predictable pseudo-random number generator (PRNG) for generating a secret query name, combined with a fatal error handler that terminates the entire process. This issue has been patched in version 1.14.2.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:coredns-1.14.2-bp160.1.1.aarch64",
"openSUSE Leap 16.0:coredns-1.14.2-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:coredns-1.14.2-bp160.1.1.x86_64",
"openSUSE Leap 16.0:coredns-extras-1.14.2-bp160.1.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-26018",
"url": "https://www.suse.com/security/cve/CVE-2026-26018"
},
{
"category": "external",
"summary": "SUSE Bug 1259319 for CVE-2026-26018",
"url": "https://bugzilla.suse.com/1259319"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:coredns-1.14.2-bp160.1.1.aarch64",
"openSUSE Leap 16.0:coredns-1.14.2-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:coredns-1.14.2-bp160.1.1.x86_64",
"openSUSE Leap 16.0:coredns-extras-1.14.2-bp160.1.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-23T16:09:35Z",
"details": "important"
}
],
"title": "CVE-2026-26018"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…