OPENSUSE-SU-2026:20214-1

Advisory lineage Upstream: 2 Downstream: 0
Published: 13 Feb 2026, 10:08
Last modified:23 Mar 2026, 04:54

Vulnerability Summary

Overall Risk (default)
minimal
0/100
CVSS Score
No data
EPSS Score
No data
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected

Timeline

13 Feb 2026, 10:08
Published
Vulnerability first disclosed
23 Mar 2026, 04:54
Last Modified
Vulnerability information updated

Description

Security update for go1.25 This update for go1.25 fixes the following issues: Update to version 1.25.7. Security issues fixed: - CVE-2025-61732: cmd/go: discrepancy between Go and C/C++ comment parsing allows for C code smuggling (bsc#1257692). - CVE-2025-68121: crypto/tls: Config.Clone copies automatically generated session ticket keys, session resumption does not account for the expiration of full certificate chain (bsc#1256818). Other updates and bugfixes: - version update to 1.25.7: * go#75844 cmd/compile: OOM killed on linux/arm64 * go#77323 crypto/x509: single-label excluded DNS name constraints incorrectly match all wildcard SANs * go#77425 crypto/tls: CL 737700 broke session resumption on macOS

Affected Systems

  • opensusego1.25&distro=openSUSE Leap 16.0

    < 1.25.7-160000.1.1

References (5)