SUSE-SU-2026:20629-1

See a problem?
Please try reporting it to the source first.
Source
https://www.suse.com/support/update/announcement/2026/suse-su-202620629-1/
Import Source
https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2026:20629-1.json
JSON Data
https://api.test.osv.dev/v1/vulns/SUSE-SU-2026:20629-1
Upstream
  • CVE-2025-58183
  • CVE-2025-58186
  • CVE-2025-61725
Related
Published
2026-03-03T17:51:15Z
Modified
2026-03-11T07:31:54.382148Z
Summary
Security update for go1.24-openssl
Details

This update for go1.24-openssl fixes the following issues:

  • Update to version 1.24.13 (jsc#SLE-18320)
  • CVE-2025-58189: crypto/tls: ALPN negotiation error contains attacker controlled information. (bsc#1251255)
  • CVE-2025-61725: net/mail: excessive CPU consumption in ParseAddress. (bsc#1251253)
  • CVE-2025-58188: crypto/x509: panic when validating certificates with DSA public keys. (bsc#1251260)
  • CVE-2025-58185: encoding/asn1: pre-allocating memory when parsing DER payload can cause memory exhaustion. (bsc#1251258)
  • CVE-2025-58186: net/http: lack of limit when parsing cookies can cause memory exhaustion. (bsc#1251259)
  • CVE-2025-61723: encoding/pem: quadratic complexity when parsing some invalid inputs. (bsc#1251256)
  • CVE-2025-58183: archive/tar: unbounded allocation when parsing GNU sparse map. (bsc#1251261)
  • CVE-2025-47912: net/url: insufficient validation of bracketed IPv6 hostnames. (bsc#1251257)
  • CVE-2025-58187: crypto/x509: quadratic complexity when checking name constraints. (bsc#1251254)
  • CVE-2025-61724: net/textproto: excessive CPU consumption in Reader.ReadResponse. (bsc#1251262)
  • CVE-2025-61729: crypto/x509: excessive resource consumption in printing error string for host certificate validation. (bsc#1254431)
  • CVE-2025-61727: crypto/x509: excluded subdomain constraint doesn't preclude wildcard SAN. (bsc#1254430)
  • CVE-2025-61730: crypto/tls: handshake messages may be processed at the incorrect encryption level. (bsc#1256821)
  • CVE-2025-61731: cmd/go: bypass of flag sanitization can lead to arbitrary code execution. (bsc#1256819)
  • CVE-2025-61726: net/http: memory exhaustion in Request.ParseForm. (bsc#1256817)
  • CVE-2025-61728: archive/zip: denial of service when parsing arbitrary ZIP archives. (bsc#1256816)
  • CVE-2025-68121: crypto/tls: Config.Clone copies automatically generated session ticket keys, session resumption does not account for the expiration of full certificate chain. (bsc#1256818)
  • CVE-2025-61732: cmd/go: potential code smuggling using doc comments. (bsc#1257692)
  • CVE-2025-68119: cmd/go: unexpected code execution when invoking toolchain. (bsc#1256820)
References

Affected packages

SUSE:Linux Enterprise Server 16.0 / go1.24-openssl

Package

Name
go1.24-openssl
Purl
pkg:rpm/suse/go1.24-openssl&distro=SUSE%20Linux%20Enterprise%20Server%2016.0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.24.13-160000.1.1

Ecosystem specific 

{
    "binaries": [
        {
            "go1.24-openssl-race": "1.24.13-160000.1.1",
            "go1.24-openssl": "1.24.13-160000.1.1",
            "go1.24-openssl-doc": "1.24.13-160000.1.1"
        }
    ]
}

Database specific

source 
"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2026:20629-1.json"

SUSE:Linux Enterprise Server for SAP applications 16.0 / go1.24-openssl

Package

Name
go1.24-openssl
Purl
pkg:rpm/suse/go1.24-openssl&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20applications%2016.0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.24.13-160000.1.1

Ecosystem specific 

{
    "binaries": [
        {
            "go1.24-openssl-race": "1.24.13-160000.1.1",
            "go1.24-openssl": "1.24.13-160000.1.1",
            "go1.24-openssl-doc": "1.24.13-160000.1.1"
        }
    ]
}

Database specific

source 
"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2026:20629-1.json"