SUSE-SU-2025:3682-1

go1.24.8 (released 2025-10-07) includes security fixes to the archive/tar, crypto/tls, crypto/x509, encoding/asn1, encoding/pem, net/http, net/mail, net/textproto, and net/url packages, as well as bug fixes to the compiler, the linker, and the debug/pe, net/http, os, and sync/atomic packages. (bsc#1236217)

CVE-2025-58189 CVE-2025-61725 CVE-2025-58188 CVE-2025-58185 CVE-2025-58186 CVE-2025-61723 CVE-2025-58183 CVE-2025-47912 CVE-2025-58187 CVE-2025-61724:

bsc#1251255 CVE-2025-58189: crypto/tls: ALPN negotiation error contains attacker controlled information
bsc#1251253 CVE-2025-61725: net/mail: excessive CPU consumption in ParseAddress
bsc#1251260 CVE-2025-58188: crypto/x509: panic when validating certificates with DSA public keys
bsc#1251258 CVE-2025-58185: encoding/asn1: pre-allocating memory when parsing DER payload can cause memory exhaustion
bsc#1251259 CVE-2025-58186: net/http: lack of limit when parsing cookies can cause memory exhaustion
bsc#1251256 CVE-2025-61723: encoding/pem: quadratic complexity when parsing some invalid inputs
bsc#1251261 CVE-2025-58183: archive/tar: unbounded allocation when parsing GNU sparse map
bsc#1251257 CVE-2025-47912: net/url: insufficient validation of bracketed IPv6 hostnames
bsc#1251254 CVE-2025-58187: crypto/x509: quadratic complexity when checking name constraints
bsc#1251262 CVE-2025-61724: net/textproto: excessive CPU consumption in Reader.ReadResponse
os: Root.OpenRoot sets incorrect name, losing prefix of original root
debug/pe: pe.Open fails on object files produced by llvm-mingw 21
cmd/link: panic on riscv64 with CGO enabled due to empty container symbol
net: new test TestIPv4WriteMsgUDPAddrPortTargetAddrIPVersion fails on plan9
os: new test TestOpenFileCreateExclDanglingSymlink fails on Plan 9
crypto/internal/fips140/rsa: requires a panic if self-tests fail
net/http: internal error: connCount underflow
cmd/compile: internal compiler error with GOEXPERIMENT=cgocheck2 on github.com/leodido/go-urn
sync/atomic: comment for Uintptr.Or incorrectly describes return value

References

Affected packages

openSUSE:Leap 15.6

go1.24

Package

Name: go1.24
Purl: pkg:rpm/opensuse/go1.24&distro=openSUSE%20Leap%2015.6

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.24.9-150000.1.42.1

Ecosystem specific

{
    "binaries": [
        {
            "go1.24-race": "1.24.9-150000.1.42.1",
            "go1.24-doc": "1.24.9-150000.1.42.1",
            "go1.24": "1.24.9-150000.1.42.1"
        }
    ]
}

Database specific

source

"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2025:3682-1.json"

SUSE:Enterprise Storage 7.1

go1.24

Package

Name: go1.24
Purl: pkg:rpm/suse/go1.24&distro=SUSE%20Enterprise%20Storage%207.1

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.24.9-150000.1.42.1

Ecosystem specific

{
    "binaries": [
        {
            "go1.24-race": "1.24.9-150000.1.42.1",
            "go1.24-doc": "1.24.9-150000.1.42.1",
            "go1.24": "1.24.9-150000.1.42.1"
        }
    ]
}

Database specific

source

"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2025:3682-1.json"

SUSE:Linux Enterprise High Performance Computing 15 SP3-LTSS

go1.24

Package

Name: go1.24
Purl: pkg:rpm/suse/go1.24&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-LTSS

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.24.9-150000.1.42.1

Ecosystem specific

{
    "binaries": [
        {
            "go1.24-race": "1.24.9-150000.1.42.1",
            "go1.24-doc": "1.24.9-150000.1.42.1",
            "go1.24": "1.24.9-150000.1.42.1"
        }
    ]
}

Database specific

source

"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2025:3682-1.json"

SUSE:Linux Enterprise High Performance Computing 15 SP4-ESPOS

go1.24

Package

Name: go1.24
Purl: pkg:rpm/suse/go1.24&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-ESPOS

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.24.9-150000.1.42.1

Ecosystem specific

{
    "binaries": [
        {
            "go1.24-race": "1.24.9-150000.1.42.1",
            "go1.24-doc": "1.24.9-150000.1.42.1",
            "go1.24": "1.24.9-150000.1.42.1"
        }
    ]
}

Database specific

source

"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2025:3682-1.json"

SUSE:Linux Enterprise High Performance Computing 15 SP4-LTSS

go1.24

Package

Name: go1.24
Purl: pkg:rpm/suse/go1.24&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-LTSS

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.24.9-150000.1.42.1

Ecosystem specific

{
    "binaries": [
        {
            "go1.24-race": "1.24.9-150000.1.42.1",
            "go1.24-doc": "1.24.9-150000.1.42.1",
            "go1.24": "1.24.9-150000.1.42.1"
        }
    ]
}

Database specific

source

"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2025:3682-1.json"

SUSE:Linux Enterprise High Performance Computing 15 SP5-ESPOS

go1.24

Package

Name: go1.24
Purl: pkg:rpm/suse/go1.24&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-ESPOS

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.24.9-150000.1.42.1

Ecosystem specific

{
    "binaries": [
        {
            "go1.24-race": "1.24.9-150000.1.42.1",
            "go1.24-doc": "1.24.9-150000.1.42.1",
            "go1.24": "1.24.9-150000.1.42.1"
        }
    ]
}

Database specific

source

"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2025:3682-1.json"

SUSE:Linux Enterprise High Performance Computing 15 SP5-LTSS

go1.24

Package

Name: go1.24
Purl: pkg:rpm/suse/go1.24&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-LTSS

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.24.9-150000.1.42.1

Ecosystem specific

{
    "binaries": [
        {
            "go1.24-race": "1.24.9-150000.1.42.1",
            "go1.24-doc": "1.24.9-150000.1.42.1",
            "go1.24": "1.24.9-150000.1.42.1"
        }
    ]
}

Database specific

source

"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2025:3682-1.json"

SUSE:Linux Enterprise Module for Development Tools 15 SP6

go1.24

Package

Name: go1.24
Purl: pkg:rpm/suse/go1.24&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP6

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.24.9-150000.1.42.1

Ecosystem specific

{
    "binaries": [
        {
            "go1.24-race": "1.24.9-150000.1.42.1",
            "go1.24-doc": "1.24.9-150000.1.42.1",
            "go1.24": "1.24.9-150000.1.42.1"
        }
    ]
}

Database specific

source

"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2025:3682-1.json"

SUSE:Linux Enterprise Module for Development Tools 15 SP7

go1.24

Package

Name: go1.24
Purl: pkg:rpm/suse/go1.24&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP7

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.24.9-150000.1.42.1

Ecosystem specific

{
    "binaries": [
        {
            "go1.24-race": "1.24.9-150000.1.42.1",
            "go1.24-doc": "1.24.9-150000.1.42.1",
            "go1.24": "1.24.9-150000.1.42.1"
        }
    ]
}

Database specific

source

"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2025:3682-1.json"

SUSE:Linux Enterprise Server 15 SP3-LTSS

go1.24

Package

Name: go1.24
Purl: pkg:rpm/suse/go1.24&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP3-LTSS

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.24.9-150000.1.42.1

Ecosystem specific

{
    "binaries": [
        {
            "go1.24-race": "1.24.9-150000.1.42.1",
            "go1.24-doc": "1.24.9-150000.1.42.1",
            "go1.24": "1.24.9-150000.1.42.1"
        }
    ]
}

Database specific

source

"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2025:3682-1.json"

SUSE:Linux Enterprise Server 15 SP4-LTSS

go1.24

Package

Name: go1.24
Purl: pkg:rpm/suse/go1.24&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP4-LTSS

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.24.9-150000.1.42.1

Ecosystem specific

{
    "binaries": [
        {
            "go1.24-race": "1.24.9-150000.1.42.1",
            "go1.24-doc": "1.24.9-150000.1.42.1",
            "go1.24": "1.24.9-150000.1.42.1"
        }
    ]
}

Database specific

source

"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2025:3682-1.json"

SUSE:Linux Enterprise Server 15 SP5-LTSS

go1.24

Package

Name: go1.24
Purl: pkg:rpm/suse/go1.24&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP5-LTSS

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.24.9-150000.1.42.1

Ecosystem specific

{
    "binaries": [
        {
            "go1.24-race": "1.24.9-150000.1.42.1",
            "go1.24-doc": "1.24.9-150000.1.42.1",
            "go1.24": "1.24.9-150000.1.42.1"
        }
    ]
}

Database specific

source

"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2025:3682-1.json"

SUSE:Linux Enterprise Server for SAP Applications 15 SP3

go1.24

Package

Name: go1.24
Purl: pkg:rpm/suse/go1.24&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP3

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.24.9-150000.1.42.1

Ecosystem specific

{
    "binaries": [
        {
            "go1.24-race": "1.24.9-150000.1.42.1",
            "go1.24-doc": "1.24.9-150000.1.42.1",
            "go1.24": "1.24.9-150000.1.42.1"
        }
    ]
}

Database specific

source

"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2025:3682-1.json"

SUSE:Linux Enterprise Server for SAP Applications 15 SP4

go1.24

Package

Name: go1.24
Purl: pkg:rpm/suse/go1.24&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP4

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.24.9-150000.1.42.1

Ecosystem specific

{
    "binaries": [
        {
            "go1.24-race": "1.24.9-150000.1.42.1",
            "go1.24-doc": "1.24.9-150000.1.42.1",
            "go1.24": "1.24.9-150000.1.42.1"
        }
    ]
}

Database specific

source

"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2025:3682-1.json"

SUSE:Linux Enterprise Server for SAP Applications 15 SP5

go1.24

Package

Name: go1.24
Purl: pkg:rpm/suse/go1.24&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP5

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.24.9-150000.1.42.1

Ecosystem specific

{
    "binaries": [
        {
            "go1.24-race": "1.24.9-150000.1.42.1",
            "go1.24-doc": "1.24.9-150000.1.42.1",
            "go1.24": "1.24.9-150000.1.42.1"
        }
    ]
}

Database specific

source

"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2025:3682-1.json"