[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-OPENSUSE-SU-2025:20157-1":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T20:55:33.689Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":11,"aliases":12,"duplicate_of":9,"upstream":13,"downstream":40,"duplicates":41,"related":42,"reserved_at":9,"published_at":56,"modified_at":57,"state":9,"summary":58,"references_raw":60,"kevs":192,"epss":9,"epss_history":193,"metrics":194,"affected":195},"OPENSUSE-SU-2025:20157-1","Security update for go1.25\n\nThis update for go1.25 fixes the following issues:\n\nUpdate to go1.25.5.\n\nSecurity issues fixed:\n\n- CVE-2025-61729: crypto/x509: excessive resource consumption in printing error string for host certificate validation\n  (bsc#1254431).\n- CVE-2025-61727: crypto/x509: excluded subdomain constraint doesn't preclude wildcard SAN (bsc#1254430).\n- CVE-2025-61725: net/mail: excessive CPU consumption in ParseAddress (bsc#1251253).\n- CVE-2025-61724: net/textproto: excessive CPU consumption in Reader.ReadResponse (bsc#1251262).\n- CVE-2025-61723: encoding/pem: quadratic complexity when parsing some invalid inputs (bsc#1251256).\n- CVE-2025-58189: crypto/tls: ALPN negotiation error contains attacker controlled information (bsc#1251255).\n- CVE-2025-58188: crypto/x509: panic when validating certificates with DSA public keys (bsc#1251260).\n- CVE-2025-58187: crypto/x509: quadratic complexity when checking name constraints (bsc#1251254).\n- CVE-2025-58186: net/http: lack of limit when parsing cookies can cause memory exhaustion (bsc#1251259).\n- CVE-2025-58185: encoding/asn1: pre-allocating memory when parsing DER payload can cause memory exhaustion\n  (bsc#1251258).\n- CVE-2025-58183: archive/tar: unbounded allocation when parsing GNU sparse map (bsc#1251261).\n- CVE-2025-47912: net/url: insufficient validation of bracketed IPv6 hostnames (bsc#1251257).\n- CVE-2025-47910: net/http: CrossOriginProtection insecure bypass patterns not limited to exact matches (bsc#1249141).\n\nOther issues fixed and changes:\n\n- Version 1.25.5:\n  * go#76245 mime: FormatMediaType and ParseMediaType not compatible across 1.24 to 1.25\n  * go#76360 os: on windows RemoveAll removing directories containing read-only files errors with unlinkat ... Access\n    is denied, ReOpenFile error handling followup\n\n- Version 1.25.4:\n  * go#75480 cmd/link: linker panic and relocation errors with complex generics inlining\n  * go#75775 runtime: build fails when run via QEMU for linux/amd64 running on linux/arm64\n  * go#75790 crypto/internal/fips140/subtle: Go 1.25 subtle.xorBytes panic on MIPS\n  * go#75832 net/url: ipv4 mapped ipv6 addresses should be valid in square brackets\n  * go#75952 encoding/pem: regression when decoding blocks with leading garbage\n  * go#75989 os: on windows RemoveAll removing directories containing read-only files errors with unlinkat ... Access\n    is denied\n  * go#76010 cmd/compile: any(func(){})==any(func(){}) does not panic but should\n  * go#76029 pem/encoding: malformed line endings can cause panics\n\n- Version 1.25.3:\n  * go#75861 crypto/x509: TLS validation fails for FQDNs with trailing dot\n  * go#75777 spec: Go1.25 spec should be dated closer to actual release date\n\n- Version 1.25.2:\n  * go#75111 os, syscall: volume handles with FILE_FLAG_OVERLAPPED fail when calling ReadAt\n  * go#75116 os: Root.MkdirAll can return \"file exists\" when called concurrently on the same path\n  * go#75139 os: Root.OpenRoot sets incorrect name, losing prefix of original root\n  * go#75221 debug/pe: pe.Open fails on object files produced by llvm-mingw 21\n  * go#75255 cmd/compile: export to DWARF types only referenced through interfaces\n  * go#75347 testing/synctest: test timeout with no runnable goroutines\n  * go#75357 net: new test TestIPv4WriteMsgUDPAddrPortTargetAddrIPVersion fails on plan9\n  * go#75524 crypto/internal/fips140/rsa: requires a panic if self-tests fail\n  * go#75537 context: Err can return non-nil before Done channel is closed\n  * go#75539 net/http: internal error: connCount underflow\n  * go#75595 cmd/compile: internal compiler error with GOEXPERIMENT=cgocheck2 on github.com/leodido/go-urn\n  * go#75610 sync/atomic: comment for Uintptr.Or incorrectly describes return value\n  * go#75669 runtime: debug.decoratemappings don't work as expected\n\n- Version 1.25.1:\n  * go#74822 cmd/go: \"get toolchain@latest\" should ignore release candidates\n  * go#74999 net: WriteMsgUDPAddrPort should accept IPv4-mapped IPv6 destination addresses on IPv4 UDP sockets\n  * go#75008 os/exec: TestLookPath fails on plan9 after CL 685755\n  * go#75021 testing/synctest: bubble not terminating\n  * go#75083 os: File.Seek doesn't set the correct offset with Windows overlapped handles\n\n- Packaging: migrate from update-alternatives to libalternatives (bsc#1245878).\n- Fix runtime condition for gcc/gcc7 dependency.\n- Use at least gcc 7 for all architectures (bsc#1254227).\n- Package svgpan.js to fix issues with \"go tool pprof\" (boo#1249985).\n- Drop unused gccgo bootstrap code in go1.22+ (bsc#1248082).\n",null,[],[],[],[14,16,18,20,22,24,26,28,30,32,34,36,38],{"_key":15},"CVE-2025-47910",{"_key":17},"CVE-2025-47912",{"_key":19},"CVE-2025-58183",{"_key":21},"CVE-2025-58185",{"_key":23},"CVE-2025-58186",{"_key":25},"CVE-2025-58187",{"_key":27},"CVE-2025-58188",{"_key":29},"CVE-2025-58189",{"_key":31},"CVE-2025-61723",{"_key":33},"CVE-2025-61724",{"_key":35},"CVE-2025-61725",{"_key":37},"CVE-2025-61727",{"_key":39},"CVE-2025-61729",[],[],[43,44,45,46,47,48,49,50,51,52,53,54,55],{"_key":15},{"_key":17},{"_key":19},{"_key":21},{"_key":23},{"_key":25},{"_key":27},{"_key":29},{"_key":31},{"_key":33},{"_key":35},{"_key":37},{"_key":39},"2025-12-12T07:23:58Z","2026-03-23T04:54:18.924629Z",{"cisa_kev":59,"cisa_ransomware":59,"cisa_vendor":9,"epss_severity":9,"epss_score":9,"severity":9,"severity_score":9,"severity_version":9,"severity_source":9,"severity_vector":9,"severity_status":9},false,[61,67,71,75,79,83,87,91,95,99,103,107,111,115,119,123,127,131,135,139,144,148,152,156,160,164,168,172,176,180,184,188],{"url":62,"sources":63,"tags":65},"https://bugzilla.suse.com/1244485",[64],"osv_opensuse",[66],"REPORT",{"url":68,"sources":69,"tags":70},"https://bugzilla.suse.com/1245878",[64],[66],{"url":72,"sources":73,"tags":74},"https://bugzilla.suse.com/1247816",[64],[66],{"url":76,"sources":77,"tags":78},"https://bugzilla.suse.com/1248082",[64],[66],{"url":80,"sources":81,"tags":82},"https://bugzilla.suse.com/1249141",[64],[66],{"url":84,"sources":85,"tags":86},"https://bugzilla.suse.com/1249985",[64],[66],{"url":88,"sources":89,"tags":90},"https://bugzilla.suse.com/1251253",[64],[66],{"url":92,"sources":93,"tags":94},"https://bugzilla.suse.com/1251254",[64],[66],{"url":96,"sources":97,"tags":98},"https://bugzilla.suse.com/1251255",[64],[66],{"url":100,"sources":101,"tags":102},"https://bugzilla.suse.com/1251256",[64],[66],{"url":104,"sources":105,"tags":106},"https://bugzilla.suse.com/1251257",[64],[66],{"url":108,"sources":109,"tags":110},"https://bugzilla.suse.com/1251258",[64],[66],{"url":112,"sources":113,"tags":114},"https://bugzilla.suse.com/1251259",[64],[66],{"url":116,"sources":117,"tags":118},"https://bugzilla.suse.com/1251260",[64],[66],{"url":120,"sources":121,"tags":122},"https://bugzilla.suse.com/1251261",[64],[66],{"url":124,"sources":125,"tags":126},"https://bugzilla.suse.com/1251262",[64],[66],{"url":128,"sources":129,"tags":130},"https://bugzilla.suse.com/1254227",[64],[66],{"url":132,"sources":133,"tags":134},"https://bugzilla.suse.com/1254430",[64],[66],{"url":136,"sources":137,"tags":138},"https://bugzilla.suse.com/1254431",[64],[66],{"url":140,"sources":141,"tags":142},"https://www.suse.com/security/cve/CVE-2025-47910",[64],[143],"WEB",{"url":145,"sources":146,"tags":147},"https://www.suse.com/security/cve/CVE-2025-47912",[64],[143],{"url":149,"sources":150,"tags":151},"https://www.suse.com/security/cve/CVE-2025-58183",[64],[143],{"url":153,"sources":154,"tags":155},"https://www.suse.com/security/cve/CVE-2025-58185",[64],[143],{"url":157,"sources":158,"tags":159},"https://www.suse.com/security/cve/CVE-2025-58186",[64],[143],{"url":161,"sources":162,"tags":163},"https://www.suse.com/security/cve/CVE-2025-58187",[64],[143],{"url":165,"sources":166,"tags":167},"https://www.suse.com/security/cve/CVE-2025-58188",[64],[143],{"url":169,"sources":170,"tags":171},"https://www.suse.com/security/cve/CVE-2025-58189",[64],[143],{"url":173,"sources":174,"tags":175},"https://www.suse.com/security/cve/CVE-2025-61723",[64],[143],{"url":177,"sources":178,"tags":179},"https://www.suse.com/security/cve/CVE-2025-61724",[64],[143],{"url":181,"sources":182,"tags":183},"https://www.suse.com/security/cve/CVE-2025-61725",[64],[143],{"url":185,"sources":186,"tags":187},"https://www.suse.com/security/cve/CVE-2025-61727",[64],[143],{"url":189,"sources":190,"tags":191},"https://www.suse.com/security/cve/CVE-2025-61729",[64],[143],[],[],[],[196],{"ecosystem":197,"name":198,"vendor":199,"product":200,"cpe_part":9,"purl_type":201,"purl_namespace":199,"purl_name":200,"source":9,"versions":202},"openSUSE","go1.25","opensuse","go1.25&distro=openSUSE Leap 16.0","rpm",[203],{"version":204,"is_range":205,"range_type":206,"version_start":9,"version_start_type":9,"version_end":207,"version_end_type":208,"fixed_in":9},"lt1_25_5_160000_1_1",true,"ecosystem","1.25.5-160000.1.1","excluding"]